Slashdot Mirror
Deleting E-mail Could Get You In Trouble
Sterling D. Allan writes "A story in the Deseret News cautions governments and corporations from deleting legitimate email. Expensive measures are being called into place to archive the mail for future subpoena purposes. Think Enron on one hand. Think Monicagate on the other. Next they'll ask us to keep recordings of all our phone conversations? Big brother gets bigger -- with good reasons, as always. What about all those business propositions I get from Nigeria. Do I have to keep those too? "Get rich from home" (to pay for the purchase of a new hard drive to contain all your spam). One man's junk is another man's treasure. You never know what an IRS agent might find lucky."
Seeing as their policy is "Archive, not delete", sounds like the perfect thing for Gmail.
Seems they consider e-mail to be somewhat akin to the paper way... everything must be documented in x y and z ways. My father's a lawyer, so I have some understanding of what it's like to document _every single thing_ that comes across your desk that's relevant...
I guess the idea is that if ever it came down to a court case, the e-mail records could be easily retrieved and used in the case. And destroying the records would be a crime, I suppose, which would also have it fall in line with what would happen if you were to destroy the paper records.
Join the Empire! http://www.empirereborn.net/
I don't keep anything that I don't read. If I happen to come accross a piece of spam and I'm dumb enough to open it, it gets kept. Granted this happens once or twice a week it's not so bad. If I don't read it, it gets deleted--Who's to say I ever got it? Email isn't a reliable communication source. Enough said.
With so many people using so many spam filters, I'd bet that a fair amount of "legitimate " email is automatically deleted by service providers and automated email filters. How can one prove to a judge that SpamCop had a given domain on its blacklist on a given date or that the sent email did not accidentally contain some filter-triggering word on that date? It seems that either spam filters create a legal risk or that the legal system has a naive view of the legal standing of email.
I reality, email is no better than a slip of paper tossed an the front yard of the recipient. It has a greater chance of being thrown in the trash than read.
Two wrongs don't make a right, but three lefts do.
This might actually be a pretty good business idea for google... offer corporate (secure) e-mail---for a fee of course---possibly 10gig e-mail boxes; with SSL, and corporate administration (and logging) of e-mail accounts (all accessible via the net through google).
Sorta like Internet based Outlook outservice.
I asked about how long to save emails and any other type of documents. He said to have a policy and follow it. In other words, if your company's policy is to delete your emails after two years, then there's nothing to worry about. On the other hand, if you're getting sued, having a gov't agency investigate, or think one of those things are about to happen, and you still delete the docs (even with the policy), you will have a problem.
BTW, I asked this a year ago, so I don't think that much has changed in the last year.
Well it says cautions against deleting legitimate email so I doubt that those viagra e-mails count as legitimate. Yes the government had these requirements before, several industries, for instance Financial Institutions, are required to hold on to every piece of correspondence to document what was going on, this is more of a reminder that just because its an electronic message doesn't change anything. Not everything is a conspiracy.
"I use a Mac because I'm just better than you are."
I'm a little concerned about our company policy. I work for a newspaper and our policy is that all reporters should delete their notes after a story has run. This policy was created specifically so that reporters notes cannot be subpoenaed.
At my work, we're using Microsoft Exchange standard edition (I think), which only limits your total mailbox to 16gigabytes. If you ever hit that 16gig limit you have to have everyone delete a ton of mail, then take exchange offline for a couple hours while you defrag the mail file.
We have about 150 users, so we hit that limit about twice a year which causes huge problems.
At my work, nobody can archive mail, unless they use a personal folder file (which stores the mail on their HD - meaning it doesn't get backed up).
I guess this law could become a problem for my co-workers -- oh well, screw em.
Seems apropos. My company, who I can't name for reprisal purposes, is a fortune 10 company. We have a policy that any email must be deleted after 30 days. No backup of any electronic means. However, *paper* archive is fine, and is the only approved method of maintaining email over 30 days. It's insane. What my colleages do is zip up our outlook folders, encript, rename, and save to "safe" backup folder to let our system save it on tape/dlt. If I ever need an important "pearl harbor" file, then I can request an old renamed, zipped backup, and then pull it. I've done it once.
The main reason for this is that the lawyers waaaay up there in the chain got really afraid of the Enron type email digging, and released the policy of "destroy, good or bad"
It sux.
When I worked as a Unix guy at Computer Associates, who fired me for reporting them to the BSA, I fondly remember being told that CA policy was to delete all email off the servers after a period of 90 days, and that no email server was to *EVER* participate in the enterprise backups. In other words, if any email server had a failure which resulted in data loss, that data was gone, and the hundres of affected users were down shit creak with no paddle. I was informed that this policy was enacted several years previous when the SEC busted down the doors and seized the emails servers looking for some evidence against the company. So CA simply made it so no email is ever kept on any archive, less it be the users own personal archive on their computer terminals. Even then, most users would have to delete emails in their own archives to cope with space issues. So enacting laws that requires companies to retain an archive si a bit silly in my experience. Also, what would happen if a company retained an archive of email, but encrypted the mail data-base, and keyed it on the users password? Would that violate the letter of the law, or the spirt, to retain the emails in a cipher-text format. Certainly you could get a court order to force somebody to provide the password, right?
Just thinking outloud here...
Thanks.
It isn't a lie if you belive it.
This is a good point, but I go further: I am a doctor and we say 'never write something in the notes that you would not want them to see'.
Similarly we only use our 'official' work emails for the most anodyne correspondence. Anything of interest is between our home email accounts, which are much less likely to get subpoened.
(we are not involved in widespread criminal activity, well not yet anyway - we just don't want our admins to read all our mail too easily. I suppose encryption would be good as well).
Humorous signatures are over-rated.
...and follow it.
For emails, ours is "relevent life". Upon becoming irrlevent, it gets whacked.
If someone later orders you to produce email, you'll probably not have it. If you can show that you didn't delete it as a result of the order, or in an effort to destroy evidence, you cannot be prosecuted for not having it. A retention policy is key to this, because it eliminates any arbitration regarding when (or why) something was whacked.
help me i've cloned myself and can't remember which one I am
Let's say you receive an OpenPGP (PGP, GPG) encrypted email which requires your public key to decrypt. Once your key expires you're going to switch to a new key. Even if you're good at keeping old legacy expired keys around, eventually the message will become unreadable (forgot passphrase etc.) I don't know where I'm going with this mind you
When will it be illegal to not have a valid email address?
I own a small company that among other things helps implement e-mail archiving systems for compliance. Some information:
1. The archiving of e-mail applies only to company e-mail. ALL e-mail inside a company is considered to be owned by the company and is NOT private! (If you check your AOL account at work and it's not blocked this isn't company mail.) If you're using your work e-mail you have no privacy. As to spam, not spam etc. If it's caught by a spam filter at the firewall and the user doesn't see it it's spam and doesn't need to be kept. IF it makes it to the user, it isn't spam, (even if it really is;)
2. There are specific regulations applying to trading firms, (such as SEC 17a-4 and NASD blah,) but more general legislation such as Sarbanes Oxley can also be interpreted to apply to archiving and making searchable electronic records such as e-mail. This really isn't any different than keeping memos or other paper records that have been generated in companies and kept in archives for years.
3. Having a policy for what to keep for how long as far as electronic records is good, but it's not the whole battle. You need to document why you choose a given amount of time to keep a record, how you kept it, (can it be altered? Can it be eraseed without anyone knowing it?) How you're auditing those records. (E-mail was deleted after 7 years, prove it!) And how you can prove nothing was lost. It's just doing your homework.
4. This is all actually an opportunity for companies to save money, right now, most companies keep everything the employee doesn't delete until they leave and the account is deleted. Why keep potentially damaging information that's taking up space and costing money for storage if you don't have to? Also if a company is sued and an employee is for instance accused of sexual harassment through e-mail, it's an easy matter to check isn't it? It'll stand up in court, something e-mail wouldn't do if it isn't really being turned into a record.
So if we save all our e-mails for future legal purposes, the e-mail probably would not be valid evidence anyways. I mean think about it. I get dozens of e-mails per day that come from a phony or 'borrowed' e-mail source address. How would the e-mail be verified as ligitimitate, and not a fake? Come on, If you can't track down all the spammers (or virii) from the hundreds of messages per day in everyone's inbox how can you expect to tell me that CompanyX actually set me that message in my inbox offering me money for free? - James.
- James
What the hell has this country become, and when is it going to change back?
The problem is that the US has punitive damages, and generally no caps on said damages. It also has class action lawsuits with no caps on attorney fees (there should be *flat caps*). The initial point of this was to rein in out-of-control companies, but it has horrendously backfired. Now, a huge amount of our business overhead results from attempts to compensate for ridiculous legal concerns. My disposable coffee cup each day has a molded plastic top with a huge blurb of text right in front of my eyes when I'm drinking that reads "WARNING! SIP WITH CAUTION! CONTENTS MAY BE HOT!"
In general, I do not believe that this has been a net win for society. We spend a huge amount of time in businesses doing stupid things to avoid legal problems. Many useful things that a company *might* do to help someone (like offer advice from their helpdesk with solutions that aren't on the "script" when the "script" has been exhausted and can't help anyone) are now avoided for fear of litigation. We see class-action lawyers (such as for the tobacco lawsuits) sucking down *huge* fees, on the order of hundreds of millions of dollars. The result has been flat bans on litigation (which, in my opinion, should never, ever be done and should be unconstitutional -- the lawsuit is the way our legal system allows a citizen to demand reparations). Now, a citizen cannot file suit against a food company for food "making them fat", and came close to not being able to file a lawsuit against tobacco companies (thanks to John McCain and Clinton for shooting that down). I'm not saying that either of these lawsuits would have merit, but the idea of banning lawsuits is appalling, and the idea of taking control of whether a lawsuit is reasonable or not from the judicial branch is particularly egregious.
May we never see th
Lots of good points here:
I am a doctor and we say 'never write something in the notes that you would not want them to see'.
Sad that we live in a society with such huge legal awards taken from medical providers that they are forced to wear false masks to get by.
Similarly we only use our 'official' work emails for the most anodyne correspondence. Anything of interest is between our home email accounts, which are much less likely to get subpoened.
Good incentive for company firewalls *not* to block outbound IMAP/IMAPS, since it encourages people to keep potentially incriminating mail off the corporate mail system.
we just don't want our admins to read all our mail too easily.
The mail and sysadmins are marvelously underpaid beasts, as the damage they can do to a company is phenomenal. They can generally see everything that anyone has written or does -- even the CEO is limited in this respect.
May we never see th
A few years ago I took my former employer to court for late payment of wages. Against his claims that I had agreed to being paid late I produced printouts of emails I had sent over a period of two years complaining about this. So it would have been a good company policy, but not necessarily in the interests of the staff when they are in any dispute with the company, or are being set up to be the scapegoat for some transgressions of the bosses. If any of your team are caught or killed, the Secretary will disavow any knowledge of your actions. This tape will self-destruct in 10 seconds.
Actually I had backed up my entire email correspondence for almost 10 years into one zip file of about 20 MB. That's lot of correspondence. The average message comes in at about 2-4 kb. I think now with the current fashion of using HTML mail, or even worse, attached DOC files, the average is at least 10 and perhaps 100 times that now. I understand Outlook stores all your mail in one single binary file of undocumented structure, mine is in Unix MBX format. Given all that I'd guess that the vast proportion of email storage is huge slabs of [div][font Arial Helvetica size=2] [/font][/div] and so on. These days for my personal email I strip it back to plain text before archiving it.