Deleting Emails Costs Morgan Stanley $1.45B

DoubleWhopper writes "The financial giant Morgan Stanley lost a $1.45 billion judgement yesterday due, in part, to their failure to retain old email. The judge in the case, 'frustrated at Morgan Stanley's repeated failure to provide [the plaintiff's] attorneys with e-mails, handed down a pretrial ruling that effectively found the bank had conspired to defraud' their former client. The CEO of a record retention software company noted, 'Morgan Stanley is going to be a harbinger'."

Re:Oh crap!

[TheNumberSix]

I freely admit I haven't RTFA, but I read some excellent coverage of this story on wsj.com.

Apparently, Morgan Stanley came forward, said they had produced all the emails. (time passes) They find some more emails and turn them over. (time passes) The find a closet stuffed with backup tapes and turn them over. (Time passes) Morgan Stanley files a document certifying that they turned everything over. (Time passes) Morgan finds even more emails and turns them over. This causes the judge to get annoyed.

One of the earlier problems was that Morgan had built a database to house old emails and the first time they were told to turnover emails, a sysadmin who was not in a clueful state just searched the database without finding out how much had already been imported into the DB. (Turned out the DB had only had a small percentage of old emails put into it.)

To Keep or Not to Keep

[WAR-Ink]

That is the question. The answer is keep it, for a while.

Email records can be subpoenaed just like anything else. If it benefits your case, it would be nice to have, if it hurts our case, it would not be so nice to have.

When I write computer use policies, I recommend keeping it for 1 to 2 years. Depending on the type of business that might get extended out much longer. A start-up company might want to keep it 10 or more years to cover any possible arguments with their VCs over who owns the IP.

So why not keep it forever? Unless you want to have the lady sueing you for sexual harassment making your companies email part of the public record, you might want to set some limits.

The key is to document, in writing, what that limit should be. For example, maybe put it in your companies Computer Use policy. You have one...right?

Re:Email retention Policy.

[Valegor]

EMC and Veritas have both bought companies(Legato and KVS) that provide not only this type of service, but also single instance storage. If someone sends out an attachement to 50 people, only one is actually put into storage. There are other vendors that have similar products, but these are the only two I have first hand knowledge of. The best practice if you are not legally required to keep e-mail(as financial institutions are by SEC requirements) seems to be a short retention policy. If you do not keep the e-mail then it cannot be used against you. It is also best to enforce the policy because if it is discovered that you have the e-mail then you are required to produce it. Financial industries however are required to keep all electronic communications for atleast 3 years, but that extrends to 7 if the data in question is in litigation.

Re:Not really the best use of the "YRO" category

[whoever57]

Leaving aside your apparent confusion between emails and financial records, from TFA:

Banks and broker-dealers are obliged to retain e-mail and instant messaging documents for three years under U.S. Securities and Exchange Commission rules. But similar requirements will apply to all public companies from July 2006 under the Sarbanes-Oxley corporate reform measures.

This document discusses email archiving requirements, including an EU-wide requirement for ISPs to keep copies of emails for 1 year.

Re:Yes, but when the madmen are running the asylum

[jskiff]

I think Cheney is the No.1 poster child for corporate corruption. A few years of government "service", then he goes to Haliburton and rakes in the big bucks, then goes back to politics and starts an unnecessary war that "purely coincidentally" throws billions of dollars back to his old company--which is STILL paying him deferred compensation.

I hate to defend Dick Cheney, but saying he only has a few years of government service under his belt is flat-out false.

==
His career in public service began in 1969 when he joined the Nixon Administration, serving in a number of positions at the Cost of Living Council, at the Office of Economic Opportunity, and within the White House.

When Gerald Ford assumed the Presidency in August 1974, Mr. Cheney served on the transition team and later as Deputy Assistant to the President. In November 1975, he was named Assistant to the President and White House Chief of Staff, a position he held throughout the remainder of the Ford Administration.

After he returned to his home state of Wyoming in 1977, Mr. Cheney was elected to serve as the state's sole Congressman in the U.S. House of Representatives. He was re-elected five times and elected by his colleagues to serve as Chairman of the Republican Policy Committee from 1981 to 1987. He was elected Chairman of the House Republican Conference in 1987 and elected House Minority Whip in 1988.
==

From Whitehouse.gov

Re:Email retention Policy.

[darkmeridian]

The Sarbanes-Oxley Act requires all public companies to maintain records for three years. Six months is a problem. What happened to Morgan Stanley, however, is not simply that it failed to keep the records. Rather, it kept on saying that it could not find the files. There is a rather reasonable rule of evidence that says failure to produce evidence in your possession without a reasonable excuse for that failure (like there was a non-suspicious fire, or 9/11) can lead to the presumption that that evidence would have vindicated the position of the opposing party. For instance, pretend a supermarket has a security camera that I claim recorded the store clerk beating me. I want the tape to prove the unprovoked attack. If the store says it lost the tape and the judge believes that this was a pretext for destroying evidence, he may make a pre-trial ruling that the tape would show an unprovoked attack against me by the clerk.

Re:Time Study Analysis on the Cubicle Slaves

[fbjon]

You're almost right, but off by 11 years. Finland in 1994: 16,6%; in 2004: 8,8%.

And hey, at least we don't burn out like a lightbulb after a few years.

Re:i don't get it

[gkuz]

email can be faked or altered so easily

Actually, I've come to the opposite conclusion. I don't know every e-mail system, and I don't know what Morgan Stanley was using, but I have administered serious e-mail systems for about 15 years, and I can tell you that in many, it is in fact very difficult to insert a fake message into the message store in the right place, with the right semantic context. Don't forget that in all these cases the recovery is from (presumably) dated and logged backup tapes, possibly under the observation of opposing counsel's expert, and under penalty of perjury. So go ahead, tell me how you insert (or even alter) a message into a multi-gigabyte message store coming off a tape that's been archived and logged at Iron Mountain for the last five years. Will it have the right SMTP transit headers? The correct "In-Reply-To:"? What about the context of the message? Are you replying to someone? Do they later reply to you? Does it all fit together? This is a distinctly non-trivial exercise. Possible, yes, but maybe only theoretically so. And the grunt doing the recovery is *very unlikely* to want to risk going to jail to cover up some fraud he was probably never associated with.