Corporate email retention policies continue to be driven by fears of litigation, leading many companies to adhere to strict “save it until you can delete it” procedures. But more nuanced alternatives exist for companies that want their email policies to be motivated more by business needs than legal risks.
Kennedy
“Some companies just don’t get sued that often,” says Dennis Kennedy, a lawyer and technology consultant based in St. Louis. “I don’t know whether it rises to the level of a trend yet, but there is starting to be some rethinking of the view that everything has to be done in preparation of litigation … If litigators had their way, you would have to delete every email before you read it.”
Kennedy notes that more sophisticated software exists today that makes it possible to tailor email retention policies to a company’s business needs. For example, IT systems can recognize email created by a particular department, such as the finance department or human resources department, and retain that information for longer periods. New technology makes it much easier to identify and separate email created for personal reasons from emails that have a legitimate business purpose. “But, if you don’t have that type of software, companies [generally] say, ‘The one thing we know we can do is delete things,'" Kennedy says.
Brownlee
Many companies “are just starting to look at this now,” says Charlene Brownlee, a partner with the law firm Fulbright & Jaworski. But, she admits, such technology is expensive and often requires companies to inventory their records and create a records retention schedule before implementing it. “Depending on the size of the company, from start to finish, you’re looking at least 12 months,” she says.
These days, large software vendors such as Stellent, EMC Documentum, FileNet and Computer Associates all have technology on the market that allows email storage and management based on whether the email actually constitutes a record worth saving, rather than a “save everything” approach, Brownlee says. Still, she adds, the technology is evolving quickly and gives many compliance officers pause before recommending a plan to the boss. “A lot of companies are saying, ‘Do I want to spend $5 million now when the technology keeps getting better? Can I work on an interim solution?'"
The Second Front
The myth of “save everything,” traces its roots to Securities and Exchange Commission rules from the 1990s requiring broker-dealers to retain everything related to trades for three years, Brownlee says. At that time, all email archiving technology could do was intercept messages on the network and dump them into the archives. More complex tasks such as distinguishing between harmless personal email and business-sensitive messages was impossible, she says, “so financial institutions that had to comply and deploy these email archiving systems saved everything.”
Although the SEC rules applied only to broker-dealers, Brownlee says, other companies took their cue from that requirement.
Bart Lazar, an intellectual property litigator with Seyfarth Shaw, acknowledges that much of the development of email policies and compliance procedures “is a reaction to the litigation—and there’s a real justification for it,” he says.
Lazar
He notes that plaintiff lawyers “can create a second lawsuit, in a sense, by making a big deal about document or evidence spoliation. If they can create a second front, and that second front is litigation over the destruction of evidence, it puts the corporation at a potentially tremendous disadvantage.” Fighting litigation on two fronts also costs more money, and can lead to weak positions such as a judge needing to evaluate a witness who may have destroyed evidence.
Barry Cohen, a lawyer with the firm Thorp Reed & Armstrong, laments that some companies go through the effort of crafting a detailed email retention policy—and then don’t obey it. “If the policy is to destroy everything after 24 hours and that policy is enforced in your Seattle office but not in your Tampa office, where they keep things for two years, there’s an argument to be made that, regardless of your written policy, you have a de facto of policy of saving things for two years,” he says. “So if you delete something before two years, it can result in a spoliation charge.”
‘Stupid, Unnecessary, Inflaming Stuff’
Some experts advise that corporations spend less time focusing on what to do with existing emails and more on assuring that employees don’t write careless messages in the first place.
Cohen
“Not to belittle the importance of retention, but the biggest problem in my mind is … employees using email for casual conversation,” Cohen says. “The same is true for text messaging and instant messages. People use these things way too casually. For younger employees, it’s even worse. They’re so used to email; they grew up with it.”
Businesses, Cohen says, must train their employees “that they should not have any sense of privacy when they’re writing emails. If you’re using the company systems, you do not have an expectation of privacy there.”
Brownlee at Fulbright & Jaworski agrees that “a return to more formality” in email is a wise move. She even encourages more use of written memos or telephone calls. “There is a real need for a return to a more unplugged world—a world where people write emails when necessary, and give them more thought,” she says. “Instead of sending ten emails, people should wait until they have all the information and send one. They should be copying only those who need to know.”
The carelessness that goes into creating emails is one reason why companies are so quick to hit the “delete” button, says Eric Rosenberg, a former senior litigator for Merrill Lynch who now heads a company called LitigationProofing that advises companies on wise email policies.
Rosenberg
“Until companies have used the training effectively and are confident that their people have mastered the art of not writing stupid, unnecessary, inflaming stuff, they should keep emails only for the minimal amount of time necessary,” Rosenberg says.
According to Brownlee, email retention and compliance should become less of an issue in the next decade. “It will be the technology that will simplify this process,” she says. “We’re not there yet, but it is improving.” She predicts that by 2010, software will be able to capture messages, save what information a company needs to save, store it for any required retention period, and then discard it. Says she: “Things will get a lot easier.”
Related records retention resources can be found in the box above, right.
No comments yet