Slashdot Mirror
Deleting E-mail Could Get You In Trouble
Sterling D. Allan writes "A story in the Deseret News cautions governments and corporations from deleting legitimate email. Expensive measures are being called into place to archive the mail for future subpoena purposes. Think Enron on one hand. Think Monicagate on the other. Next they'll ask us to keep recordings of all our phone conversations? Big brother gets bigger -- with good reasons, as always. What about all those business propositions I get from Nigeria. Do I have to keep those too? "Get rich from home" (to pay for the purchase of a new hard drive to contain all your spam). One man's junk is another man's treasure. You never know what an IRS agent might find lucky."
One man's junk is another man's treasure. You never know what an IRS agent might find lucky.
Wait, what? Are you saying that IRS agents have small penises, and want to get rich from home, and want to gain a full cup size, and save Nigerian people from occupation?
If I send an e-mail to my friend using my Work's e-mail address the government should not be allowed to view that e-mail without a warrant.
But how do they know that what you sent was a personal email, without reading it? When you send an email from your work account, you are effectively speaking on behalf of your company. If you want to send a personal email, you should use a personal email account.
How many years worth of company paper memo's were stored? I suspect the ability was much reduced so in which case so why do they need so much more data?
I suspect that if paper records were as easy to store as electronic ones, they would have required just as much to be retained. A couple of SAN-type things the size of an office filing cabinet would no doubt be capable of storing all the records your company is likely to ever create; the actual filing cabinets may only be sufficient for a couple of years' worth of paper records.
It's official. Most of you are morons.
This is actually something the people who run googlewatch.org are worried about. They feel google's suggestion to archive and never delete will cause lots of privacy problems. Here's a quote from http://gmail-is-too-creepy.com/
"After 180 days in the U.S., email messages lose their status as a protected communication under the Electronic Communications Privacy Act, and become just another database record. This means that a subpoena instead of a warrant is all that's needed to force Google to produce a copy. Other countries may even lack this basic protection, and Google's databases are distributed all over the world. Since the Patriot Act was passed, it's unclear whether this ECPA protection is worth much anymore in the U.S., or whether it even applies to email that originates from non-citizens in other countries."
http://nyamenation.org/
Salt Lake County is looking at a system whereby employees would decide whether the e-mail is a "non-record" (spam or personal; delete whenever you want);
So, no, we don't have to keep spam.
I'm scared of numbers that can't be written as a fraction. It's an irrational fear.
Next they'll ask us to keep recordings of all our phone conversations?
Actually trading corporations (like Bear Sterns or Bloomburg) are required to record all conversations relating to market orders. That means that some phone lines are always being recorded at all times. This is required by the SEC. You'd be suprised what restrictions are already in place to prevent things like insider trading from happening.
I submitted this story last night, and it didn't get posted.
Some companies have "document retention" policies that require employees to delete email after a certain period of time. It's not to free up space on the servers, it's to make sure the stuff can't be subpoenaed. Many respected companies have policies like this. Many even have tools that make the email deletion automatic, and require management approval to disable the tool.
So maybe this story is really just focused on banning policies like this.
Hear recorded Slashdot headlines on your phone! New service beta testing. Just call (248) 434-5508
I asked about how long to save emails and any other type of documents. He said to have a policy and follow it. In other words, if your company's policy is to delete your emails after two years, then there's nothing to worry about. On the other hand, if you're getting sued, having a gov't agency investigate, or think one of those things are about to happen, and you still delete the docs (even with the policy), you will have a problem.
BTW, I asked this a year ago, so I don't think that much has changed in the last year.
I think it's called echelon...
This is a good point, but I go further: I am a doctor and we say 'never write something in the notes that you would not want them to see'.
Similarly we only use our 'official' work emails for the most anodyne correspondence. Anything of interest is between our home email accounts, which are much less likely to get subpoened.
(we are not involved in widespread criminal activity, well not yet anyway - we just don't want our admins to read all our mail too easily. I suppose encryption would be good as well).
Humorous signatures are over-rated.
I own a small company that among other things helps implement e-mail archiving systems for compliance. Some information:
1. The archiving of e-mail applies only to company e-mail. ALL e-mail inside a company is considered to be owned by the company and is NOT private! (If you check your AOL account at work and it's not blocked this isn't company mail.) If you're using your work e-mail you have no privacy. As to spam, not spam etc. If it's caught by a spam filter at the firewall and the user doesn't see it it's spam and doesn't need to be kept. IF it makes it to the user, it isn't spam, (even if it really is;)
2. There are specific regulations applying to trading firms, (such as SEC 17a-4 and NASD blah,) but more general legislation such as Sarbanes Oxley can also be interpreted to apply to archiving and making searchable electronic records such as e-mail. This really isn't any different than keeping memos or other paper records that have been generated in companies and kept in archives for years.
3. Having a policy for what to keep for how long as far as electronic records is good, but it's not the whole battle. You need to document why you choose a given amount of time to keep a record, how you kept it, (can it be altered? Can it be eraseed without anyone knowing it?) How you're auditing those records. (E-mail was deleted after 7 years, prove it!) And how you can prove nothing was lost. It's just doing your homework.
4. This is all actually an opportunity for companies to save money, right now, most companies keep everything the employee doesn't delete until they leave and the account is deleted. Why keep potentially damaging information that's taking up space and costing money for storage if you don't have to? Also if a company is sued and an employee is for instance accused of sexual harassment through e-mail, it's an easy matter to check isn't it? It'll stand up in court, something e-mail wouldn't do if it isn't really being turned into a record.