Document Retention And E-mail

innocent_white_lamb writes "An interesting column by Jim Carroll about email within companies, document retention, how hard it is to actually get rid of an email, and how all of this can come back to bite you later on. "

What about the benefits

So what is the lesson here? If you are planning on committing fraud, illegally maintaining a monopoly, or postponing a defective product recall to maximize profit, you should first make sure you have a document 'retention' policy? And then everything will be OK? What is wrong with this picture?

What about a story on the benefits of keeping old emails? I'm tired of hearing about the costs.

Fucking lawyers. Oh, my mistake. It isn't the lawyers, it is the legislators. Fucking legislators. Oh, my mistake. It isn't the legislators, it's the voters. Fucking voters. There, that's better.

jkljkl

It gets out of control very easily

One of my company's senior managers started keeping a copy of every e-mail he sent or received because he got burned in the usual "you said this..., no that is'nt what I said..." that goes on in any office. After 2 years he had 6Gb in his Outlook .pst file.

Re:It gets out of control very easily

[baptiste]

It's when that 6gb is sucking up server space when that starts to suck.

Oh I don't know - GB sized .pst files anywhere seem to give Outlook fits. I'm alwasy amazed at people who have all their email in ONE folder and complain about sluggishness. They're amazed when we tell them they can file stuff in folders both on and off the server.

As for storage of email - I've never really figured this out. Yes, some companies log email, etc, etc. Stuff gets caught on backup tapes, etc. But even then stuff drops out after a while. As an IT manager, I'd almost WANT to ditch email serve rbackup tapes after 6 months to a year, less legal hassles :)

Besides - if its not on the server or the defendants machine (IANAL) - its tough to use as evidence - I mean you can spoof an email easily if you're the plaintiff to make it LOOK like someone sent something. Now do courts understand that? I doubt it :)

Interesting moral position

[Ami+Ganguli]

I find it fascinating that people openly discuss ways of destroying evidence in case of possible legal action. Is this going to be a standard MBA course from now on: "How to cover your tracks" or "Case Studies: Failures in Shredding Policy from Watergate to Enron"?

It makes you wonder why nobody looks at it from the opposite side. If you don't do anything illegal then your e-mail archive could prove valuable for your own defense. Trading companies, for example, keep all records of customer interaction, including phone calls, for use in the event of a dispute. You can never claim that your broker did something without authorisation because they archive everything.

Re:Interesting moral position

[Scutter]

"Legal" is an ambiguous term at best, the definition of which is determined in the courts, not the boardroom. The U.S. legal system is so convoluted, it's virtually impossible to get through the day without breaking some law. Even if you just stayed in bed all day, you'd probably be guilty of loitering.

Keeping what you need...

[Xamdam_us]

My company has an e-mail retention policy of 45 days. Every Monday morning you get a message in your inbox telling you how many massages have been deleted and that they are not recoverable. The funny thing is at least for me, all it dose it put them in my deleted mail folder. It dose not actually delete them.

It's also annoying because I get a lot of informational mail that I "need" to keep. So it's either print them out or lose them. Well it would be if it worked right.

Re:Offshore email servers (not just with HavenCo)

[hoofie]

Check out the message from Sealand offering its services to the US in the fight against terrorism. Laugh ? I nearly fell off my chair.

Netscape history

[the+gnat]

Jamie Zawinski has a rather unpleasant story about this on his site:

http://www.jwz.org/gruntle/rbarip.html

A very good example of how essentially harmless email can be seriously misinterpreted.

Re:Offshore email servers (not just with HavenCo)

[rdl]

Yes. Most of our clients for email use secure imap with mail kept on the server, or use web-based mail systems (which offer ticketing and other features as well)

The ultimate system would involve secure laptops with no local unencrypted state -- using RAM for cache, and/or encrypted disk, but requiring connections to a non-US location to unlock the encrypted disk each time the machine is used. You could easily replicate the unlock servers for fault tolerance, and with a cell modem you can easily get a few hundred bytes exchanged from almost anywhere. Desktops and local servers could be handled the same way -- no local unencrypted state when powered off, and no way to unlock them without positive assistance from outside the jurisdiction, which would be revoked if there is evidence of an attack.

What is the legal status of email?

[mir]

Emails can be forged so easily, how is their authenticity established?
I guess any decent sysadmin in the world could show the court a whole bunch of threatening emails from the CEO of his company, what would a court do in such a case?

Not so simple

There are a lot of comments here, mostly from people with no real world experience in large organizations, I suspect, saying, "well just don't do anything bad in e-mail and you're safe." How I wish it were that simple. The fact is that things get taken out of context, sometimes willfully by other people with a hostile agenda, or the rules determining what's good and bad change over time, and something that's perfectly innocent when you write it could turn into a major problem years down the road.

Another aspect to this that seldom gets mentioned is the notion of one-sided archiving: Two people in negotiations have a dispute about how the e-mail-based conversations went, and only one can produce the prior e-mails (and often selectively at that, leaving out the ones that don't support his/her side of the argument).

About the only solution is to be as careful as you can about what you put into e-mail (in all iffy situations make explicit references to all pertinent correspondence and other docs), and make sure you can retrieve everything from your past e-mail when needed.

Two points on this

[Boss,+Pointy+Haired]

Firstly, users ability to deal with an increasing volume of business email varies enormously.

Some people are super efficient - their inbox is virtually always empty, anything they need to keep is moved more or less straight away to a permanent folder related to the subject, and anything they don't want to keep is deleted.

If I look over my shoulder at some of my more senior (chronologically speaking) colleagues, their inboxes are a mess. They can't recall email on a particular topic, they don't process incoming email into sensible subjects, they just let it pile up. Then I hear them complaining that they get too much email.

Secondly (and perhaps more ontopic) is the matter of physical document retention.

Many companies simply retain everything, and the cost of storing these documents mounts up and mounts up. People have the attitude that "we might need it some day". Yes, you might.

But you might not.

Cost of storage of every document ad infinitum = $x.

Cost of impact of not having a document at some arbitrary time in the future = $y.

If $y is less than $x then why are you keeping every document by default?

Or don't you know what x and y are?

I think.

Plead the 5th

[pryan]

A corporation is a legal construct designed to give a business the same rights as a person, right? If so, in the face of a subpoena duces tecum, why can't a corporation plead the fifth amendment? I assume there's a clear legal answer, but IANAL.

Amendment V

No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a grand jury, except in cases arising in the land or naval forces, or in the militia, when in actual service in time of war or public danger; nor shall any person be subject for the same offense to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation.

Off shore ?

[Martin+S.]

This post is completely miss-leading, even assuming 'HavenCo' have a legit claim to be off-shore.

Placing/using an email Server 'off-shore' offers not more protection than refusing to hand over the messages in the first place, you will be in contempt of court and go to jail until you agree to turn them over. FACT!

Causing the destruction of evidence is a crime, in most countries, even if it is carried out by an agent. So in most cases, all 'HavenCo' will achieve is to further incriminate.

BTW: How does a mindless commercial plug warrent +5 Interesting ?

Email is public speech

[eer]

Back in the days when I first began using email on UNIX, I realized that

1) far too many people had root access to the email servers;
2) far too many people could put sniffers/tcpdump on the ethernet; and
3) far too much mail transited through university campuses (Rutgers Univ comes to mind)

We came to realize, and to advise our management, that email was public speech.

Anything you said was subject to being overheard and repeated. That applies to recipients who forward mail, too.

The same eventually was realized about voice mail.

Encryption (usually) doesn't control recipients storing and forwarding your messages.