Deleting Emails Costs Morgan Stanley $1.45B

DoubleWhopper writes "The financial giant Morgan Stanley lost a $1.45 billion judgement yesterday due, in part, to their failure to retain old email. The judge in the case, 'frustrated at Morgan Stanley's repeated failure to provide [the plaintiff's] attorneys with e-mails, handed down a pretrial ruling that effectively found the bank had conspired to defraud' their former client. The CEO of a record retention software company noted, 'Morgan Stanley is going to be a harbinger'."

Not really the best use of the "YRO" category

[Rude+Turnip]

Big investment firms like Morgan Stanley are obligated by law to retain lots of records. This is more of an "Almighty Buck" type of story, IMO.

Rention policy wouldn't make a difference

[downsize]

ok being serious (no more shinyfeet plugs), I used to work as an admin where the retention policy was 1 year. however, that just meant you rotated the tapes for 1 year. the email growth rate was very small (even though there was 1,000s each day), it was the files that grew beyond the retention. even the attachments and email boxes with 1+GB were safe, as 20 years of email fit onto a single DLT4.

granted, MS, er Morgan Stanley is a much bigger company, but I find it very hard to believe that any retention policy would include email, that has got to be their smallest backup.

Selective Memory Loss

[SoupIsGood+Food]

I think the issue is "selective memory loss" - Microsoft plays this card all the time in court. Emails from a relevant time period are "deleted" when convenient, while older or newer or even contemporaneous mail is saved... the judge in this case was simply smart enough to call shenanigans.

You can delete old email if you're that hard up for space, just have a rock-solid deletion policy you can prove you adhered to in a court of law.

It also helps to audit your archives and backups regularly, and document what data was lost when. 'Cuz face it, every admin at some point or other loses some data to corruption, hardware failure, bookeeping mixups or user error. Knowing what you forgot and when you forgot it can help in situations where not having the data on hand can cost a billion bucks or so.

SoupIsGood Food

Idiot

[pyite69]

where are my moderator points when I need them.

Most companies purposefully choose short retention policies, in an attempt to avoid these kinds of settlements... it isn't a sysadmin's fault.

The theory was that this would let them discard old emails without having it be intentional obstruction of justice. I guess that theory will be out the window now.

IANAL - Someone help me understand this.

[tshak]

Can someone with more legal understanding than myself please explain why emails can be considered as hard evidence?

1) They can't be authenticated: There's no way to prove if the email was written by the person on record.

2) The contents can not be validated: There's no way to prove that the contents were not altered in transit.

To me, email is so easy to spoof that I would take anything I got from such "evidence" with a huge proverbial bucket of salt. Furthermore, I know that institutions such as Morgan Stanley are required to keep certain records on hand but considering the fragile nature of email I find it quite odd that companies would be required to keep it around. Do IM conversations fall into the same category?

Call me ignorant (I am), but this issue really confuses me. It's not like Morgan Stanly destroyed a bunch of notorized documents.

Good....FINALLY!

[PortHaven]

Think about it...

If it can cost Morgan-Stanley $1.5 billion for not storing email. And 90% of email is SPAM. The risk of deleting/filtering SPAM and losing valid email is going to be too risky.

Therefore, it will become extremely cost effective for Morgan-Stanley (and other large firms) to hire lobbyists to make unsolicited SPAM (with no valid return email addresses) illegal, criminal, and enforced.

Re:They should learn from Microsoft

[kfg]

And why shouldn't they? Are you required to keep every piece of paper that ever goes through your hands, or every email that might pass through your inbox, because someday you might violate some law and be prosecuted for it?

You aren't required to tie your own noose, and there are even provisions to assume you are innocent until found guilty/liable and Morgan Stanley is being found liable for behavior after the suit was filed, which changes the rules.

Certainly you are required to retain some records for legal purposes, but they all also have an expiration date for that legal requirement.

In the not too distant future that legal requirement for business email will be three years, at which point you'd have to be an idiot not to just delete it all.

Even Microsoft has legal rights in this country, and any right you deny to them you simply deny to yourself. Beware of the emotional response.

KFG

What I think really happened

[jbolden]

For a large business knowing all the places something might be backed up and how the servers connect to one another requires a great deal of institutional knowledge. Even knowing how to find this sort of thing out requires institutional knowledge and time. Which is to say an experienced system's analyst with the time necessary to do this project and lots of other expert system admins, network admins, etc... for him to talk to.

This is exactly the kind of "fat" that Morgan Stanley and other companies got rid of 4 years ago. They couldn't answer the question because they no longer understand their email system because they fired everybody who had the broad and deep knowledge. They no longer have people on staff who have the experience in doing this sort of research and they don't have the other kinds of experts available to do it in reasonable time.

But they would much rather pay the fine than admit this under oath.