Slashdot Mirror

← Back to Stories (view on slashdot.org)

Deleting E-mail Could Get You In Trouble

Posted by timothy on from the not-yet-mandatory-for-your-own-email dept.

Sterling D. Allan writes "A story in the Deseret News cautions governments and corporations from deleting legitimate email. Expensive measures are being called into place to archive the mail for future subpoena purposes. Think Enron on one hand. Think Monicagate on the other. Next they'll ask us to keep recordings of all our phone conversations? Big brother gets bigger -- with good reasons, as always. What about all those business propositions I get from Nigeria. Do I have to keep those too? "Get rich from home" (to pay for the purchase of a new hard drive to contain all your spam). One man's junk is another man's treasure. You never know what an IRS agent might find lucky."

16 of 205 comments (clear)

  1. Treasure, eh? by justkarl · · Score: 5, Funny

    One man's junk is another man's treasure. You never know what an IRS agent might find lucky.

    Wait, what? Are you saying that IRS agents have small penises, and want to get rich from home, and want to gain a full cup size, and save Nigerian people from occupation?

  2. Re:I'm not that bothered by Tim+C · · Score: 5, Insightful

    If I send an e-mail to my friend using my Work's e-mail address the government should not be allowed to view that e-mail without a warrant.

    But how do they know that what you sent was a personal email, without reading it? When you send an email from your work account, you are effectively speaking on behalf of your company. If you want to send a personal email, you should use a personal email account.

    How many years worth of company paper memo's were stored? I suspect the ability was much reduced so in which case so why do they need so much more data?

    I suspect that if paper records were as easy to store as electronic ones, they would have required just as much to be retained. A couple of SAN-type things the size of an office filing cabinet would no doubt be capable of storing all the records your company is likely to ever create; the actual filing cabinets may only be sufficient for a couple of years' worth of paper records.

    --
    It's official. Most of you are morons.
  3. Re:I think someone need Gmail! by jomas1 · · Score: 5, Interesting

    This is actually something the people who run googlewatch.org are worried about. They feel google's suggestion to archive and never delete will cause lots of privacy problems. Here's a quote from http://gmail-is-too-creepy.com/

    "After 180 days in the U.S., email messages lose their status as a protected communication under the Electronic Communications Privacy Act, and become just another database record. This means that a subpoena instead of a warrant is all that's needed to force Google to produce a copy. Other countries may even lack this basic protection, and Google's databases are distributed all over the world. Since the Patriot Act was passed, it's unclear whether this ECPA protection is worth much anymore in the U.S., or whether it even applies to email that originates from non-citizens in other countries."

    --
    http://nyamenation.org/
  4. It's RTFA time... by kirun · · Score: 5, Informative

    Salt Lake County is looking at a system whereby employees would decide whether the e-mail is a "non-record" (spam or personal; delete whenever you want);

    So, no, we don't have to keep spam.

    --
    I'm scared of numbers that can't be written as a fraction. It's an irrational fear.
    1. Re:It's RTFA time... by zors · · Score: 4, Funny

      Wow, a new low for slashdot. even the original submitter didnt read the article. Well, more low than new really.

  5. actually... by Ignignot · · Score: 5, Informative

    Next they'll ask us to keep recordings of all our phone conversations?

    Actually trading corporations (like Bear Sterns or Bloomburg) are required to record all conversations relating to market orders. That means that some phone lines are always being recorded at all times. This is required by the SEC. You'd be suprised what restrictions are already in place to prevent things like insider trading from happening.

    --
    I submitted this story last night, and it didn't get posted.
  6. Company policy requires email deletion by britneys+9th+husband · · Score: 5, Informative

    Some companies have "document retention" policies that require employees to delete email after a certain period of time. It's not to free up space on the servers, it's to make sure the stuff can't be subpoenaed. Many respected companies have policies like this. Many even have tools that make the email deletion automatic, and require management approval to disable the tool.

    So maybe this story is really just focused on banning policies like this.

    --
    Hear recorded Slashdot headlines on your phone! New service beta testing. Just call (248) 434-5508
  7. Does this make spam filters illegal? by G4from128k · · Score: 4, Interesting

    With so many people using so many spam filters, I'd bet that a fair amount of "legitimate " email is automatically deleted by service providers and automated email filters. How can one prove to a judge that SpamCop had a given domain on its blacklist on a given date or that the sent email did not accidentally contain some filter-triggering word on that date? It seems that either spam filters create a legal risk or that the legal system has a naive view of the legal standing of email.

    I reality, email is no better than a slip of paper tossed an the front yard of the recipient. It has a greater chance of being thrown in the trash than read.

    --
    Two wrongs don't make a right, but three lefts do.
  8. Re:I'm not that bothered by JackAsh · · Score: 4, Informative

    Actually, I think the regulations are a bit more industry specific. The company I work at is in the Financial Services area, and we are regulated by NASD and the SEC. I believe both have rules for various different forms of communication. 3 years for electronic communications. 7 years for paper xyz forms. 6 years for TPS reports. You get the picture. I've actually seen a huge, 30-page grid of the various regulations that apply to different items - and these were small, 2-line items on each cell of the grid - the number of regulations is staggering.

    Other questions come to mind, like what is an electronic communication? E-mail? Instant Messaging? Video Conference systems? VoIP? Regular phone calls? The general answer you will find these days is "yes".

    It used to be prior to Enron and Worldcom that most people believed what you don't have can't hurt you, so they'd ignore these regs or at best take a very limited view of their coverage (Joe, you work in the XYZ critical department, so you need to copy all your business email to this mailbox). These days they go for "the whole company gets journaled to an external service provider" type of approach. And apps like Instant Messaging are not allowed unless we have a server to capture all the traffic from the app.

    So yeah, if you're a company, big brother can come and get you - or at least one of his smaller, more industry-specific siblings. It really depends on where you are.

    -Jack Ash

  9. What a lawyer told me. by MisanthropicProgram · · Score: 5, Interesting

    I asked about how long to save emails and any other type of documents. He said to have a policy and follow it. In other words, if your company's policy is to delete your emails after two years, then there's nothing to worry about. On the other hand, if you're getting sued, having a gov't agency investigate, or think one of those things are about to happen, and you still delete the docs (even with the policy), you will have a problem.
    BTW, I asked this a year ago, so I don't think that much has changed in the last year.

  10. Doesn't the government do that for me? by cockroach2 · · Score: 5, Funny

    I think it's called echelon...

  11. Re:I'm not that bothered by moonbender · · Score: 4, Insightful

    I suspect that if paper records were as easy to store as electronic ones, they would have required just as much to be retained.

    Interestingly enough, although electronic records are easier to store than paper ones, they are also far more easily deleted. Deleting email is easier than throwing away a paper letter. And what's more important, deleting a thousand or ten thousand emails isn't a lot more difficult than deleting just one. It's psychologically easier, as well, since paper documents have a more significant, official feel to them.

    --
    Switch back to Slashdot's D1 system.
  12. not practicle by JDizzy · · Score: 4, Interesting

    When I worked as a Unix guy at Computer Associates, who fired me for reporting them to the BSA, I fondly remember being told that CA policy was to delete all email off the servers after a period of 90 days, and that no email server was to *EVER* participate in the enterprise backups. In other words, if any email server had a failure which resulted in data loss, that data was gone, and the hundres of affected users were down shit creak with no paddle. I was informed that this policy was enacted several years previous when the SEC busted down the doors and seized the emails servers looking for some evidence against the company. So CA simply made it so no email is ever kept on any archive, less it be the users own personal archive on their computer terminals. Even then, most users would have to delete emails in their own archives to cope with space issues. So enacting laws that requires companies to retain an archive si a bit silly in my experience. Also, what would happen if a company retained an archive of email, but encrypted the mail data-base, and keyed it on the users password? Would that violate the letter of the law, or the spirt, to retain the emails in a cipher-text format. Certainly you could get a court order to force somebody to provide the password, right?

    Just thinking outloud here...

    Thanks.

    --
    It isn't a lie if you belive it.
  13. Re:I'm not that bothered by Sad+Loser · · Score: 5, Interesting

    This is a good point, but I go further: I am a doctor and we say 'never write something in the notes that you would not want them to see'.

    Similarly we only use our 'official' work emails for the most anodyne correspondence. Anything of interest is between our home email accounts, which are much less likely to get subpoened.

    (we are not involved in widespread criminal activity, well not yet anyway - we just don't want our admins to read all our mail too easily. I suppose encryption would be good as well).

    --
    Humorous signatures are over-rated.
  14. E-mail Archiving by ardinos · · Score: 5, Interesting

    I own a small company that among other things helps implement e-mail archiving systems for compliance. Some information:

    1. The archiving of e-mail applies only to company e-mail. ALL e-mail inside a company is considered to be owned by the company and is NOT private! (If you check your AOL account at work and it's not blocked this isn't company mail.) If you're using your work e-mail you have no privacy. As to spam, not spam etc. If it's caught by a spam filter at the firewall and the user doesn't see it it's spam and doesn't need to be kept. IF it makes it to the user, it isn't spam, (even if it really is;)

    2. There are specific regulations applying to trading firms, (such as SEC 17a-4 and NASD blah,) but more general legislation such as Sarbanes Oxley can also be interpreted to apply to archiving and making searchable electronic records such as e-mail. This really isn't any different than keeping memos or other paper records that have been generated in companies and kept in archives for years.

    3. Having a policy for what to keep for how long as far as electronic records is good, but it's not the whole battle. You need to document why you choose a given amount of time to keep a record, how you kept it, (can it be altered? Can it be eraseed without anyone knowing it?) How you're auditing those records. (E-mail was deleted after 7 years, prove it!) And how you can prove nothing was lost. It's just doing your homework.

    4. This is all actually an opportunity for companies to save money, right now, most companies keep everything the employee doesn't delete until they leave and the account is deleted. Why keep potentially damaging information that's taking up space and costing money for storage if you don't have to? Also if a company is sued and an employee is for instance accused of sexual harassment through e-mail, it's an easy matter to check isn't it? It'll stand up in court, something e-mail wouldn't do if it isn't really being turned into a record.

  15. Not in the state of Washington... by Eric+Damron · · Score: 4, Informative

    "Expensive measures are being called into place to archive the mail for future subpoena purposes."

    I work for the State of Washington. In this state's government there is no problem deleting email as long as your department has a written policy defining the retention time for email.

    Email is covered by the freedom of information act which means that it is not hard for an average citizen to request copies of email sent and received by the department. There is a procedure, fee and waiting period that discourages someone from coming in and requesting all mail during the retention period. It could be done but it would be very expensive. Not really worth it for someone on a wild fishing expedition but doable for a citizen that wants specific information..

    If we receive a subpoena for email that was sent or received within out written email retention policy we had better be able to produce it. If we can't the requesting party could conceivably compel us to hire a very expensive data retrieval company to come in and reconstruct our data in order to comply. And of course if the courts believe that we deleted email prior to the retention date in an attempt to destroy evidence there is a chance that someone could be spending some quality time as Bubba's new love toy. If you know what I mean...

    --
    The race isn't always to the swift... but that's the way to bet!