Slashdot Mirror
Document Retention And E-mail
innocent_white_lamb writes "An interesting column by Jim Carroll about email within companies, document retention, how hard it is to actually get rid of an email, and how all of this can come back to bite you later on. "
Of course, you could also just not do anything evil to begin with...
autopr0n is like, down and stuff.
You'd still have to prevent mail from being stored on your employees' machines.
yada, yada, yada... totally missing the point!
There's no need for any legal request for the email - employees will dig them out to protect their own backs and to break the backs of others!
Doesn't matter where the server is, or how many you have there's always going to be masses of duplication - local folders holding copies and such like. How do you handle this? Putting your server on a piss-forsaken rock isn't going to help!
Is the only enterprise (and home use) e-mail client worth using if you handle that many e-mails.
And as to it comming back to bite you... Don't do anything bad.. Be open honest and totally transparent in all your business dealings.. then nothing can come back and bite you.
:-)
"Consider how lucky you are that life has been good to you so far. Alternatively, if life hasn't been good to you so far
I'm having a hard time figuring out what his point is. He's saying "we need a policy for archiving e-mail" and then he talks about Enron, where any policy regarding e-mail would have resulted in evidence being destroyed. Is he saying we need to start pre-emptively destroying email in case there's something incriminating in it?
"Digging up the dirt" isn't a new problem. Back when everything was done on paper, you could make copies and stash them somewhere, so shredding the original was never enough to ensure the document didn't exist anymore.
And as for saying "e-mail will play a role in many other unfolding corporate stories", well, duh!
Employees will use them against their employers, but the much larger risk is outside discovery motions. The Microsoft trial was a good example -- none of the Microsoft employees whose email was subpoenaed benefitted from that. When the really-bad-attitude list was taken from Netscape, none of the list members really wanted that, either.
There are threats from inside and threats from outside, and having a document retention (==destruction) policy will protect against outside threats. It will not protect against employees blackmailing their employers.
However, if an employee keeps copies of mail in violation of a document retention policy, that employee can be sued separately. I imagine federal whistleblower laws might offer some protection, but in the case of a civil suit between companies, if an employee maintains a banned archive and then sells access to that archive to the other company's legal team, the employee is likely to suffer.
I've read a few comments already implying this is all about companies covering their tracks after commiting fraud or other criminal acts. These comments rightly ask why should we be concerned about policies and technological solutions to aid this.
However destroying evidence is only a small part of what this debate is about - it just makes for the flashiest headlines.
The issue is about the way email is used - many people write emails with an informality similar to speech, forgetting that email often has a 'lifespan' equivalent to many physical documents. When you also consider that emails are being used as documentary evidence in legal cases this begins to be a cause for concern. Why? Because people don't always express themselves precisely and may give a misleading impression - especially if the email is taken in isolation.
And it's not just the informality it's the 'working document' status of email. Let's say a particular business decision is the subject of scrutiny in a legal case, and let's say it was a decision reached after some discussion. If that discussion took place in a meeting then the documentary evidence would be the minutes - which would express the decision reached. If that discussion took place over email - would you be able to discern later that an email saying "We should do X" was expressing the final decision or merely a point of view in an on-going discussion? What if you had to prove than Y not X was the final decision?
So the policies that need to be implemented are not necessarily about covering up wrong-doing, they are about making sure that documents (emails) which may be treated as written communcation, have the clarity and riguor that they need. If they are informal working documents then they may need to be either clearly marked or destroyed at an appropriate time.
In my view the heart of any sensible policy should be education about how to write emails appropriately. The guideline I always use is "am I still happy to send this knowing that my customer/competitor/a.n.other could potentially see it one day?" If the answer is no then the email either needs re-writing or possibly a different form of communication is needed.
I still don't get it. If I'm a disgruntled employee (say the company just collapsed and I've just been laid off and feel cheated), what's to stop me making a copy of any email to which I have access?
Saying "secure server" and "secure client" doesn't cut it. As long as I have reasonable access to my computer, I can make a copy. If the computer can display it for me to read, I can copy it.
Surely SeaLand protects against something else completely!
2 dashes and a space, or just 2 dashes?
I keep everything too:
du -k ~/.netscape/nsmail /home/ethereal/.netscape/nsmail
...
296495
This is for almost four years at this particular company. I'm not up to boss-like standards (of course, the fact that I can communicate without using .doc and .ppt files probably helps) but it's still a hefty archive.
Is it useful? Often it is - I have exact records of all my correspondence for the last four years, sorted by date, topic, etc. as I want it. And when all else fails, I can grep for the text in the message that I want. Of course, it helps that I religiously file mail into folders so that my inbox only contains email about tasks I haven't completed yet.
Frankly, I don't see how I could live with the example quoted in the article of deleting everything over 30 days old. I would be unable to function without reference to technical discussions, product release information, and the latest management diktats from 30 days, 3 months, or even three years ago (OK, maybe I could live without the mgmt stuff :). Do these companies with such a destruction policy just convert all their important email into other documents so that they can maintain state past 30 days? I honestly don't understand how you could just throw all that information away and hope to keep your business rolling forward. Maybe someone can enlighten me...
Your right to not believe: Americans United for Separation of Church and