Hardly ephemeral, email is often the “smoking gun” a plaintiff needs to extract a settlement. But email, like other electronic documentation, need not be retained forever, if you follow a document retention policy. Creating such a policy typically helps an organization streamline and improve its internal communications, archiving procedures, and other business processes.
Many years ago when I worked at Novell, management would regularly send email instructing every employee to carefully find and forward all email regarding a particular subject. The instructions, typically made at the behest of the legal department also asked that employees not delete anything related to that subject. However, after receiving about four such requests — and since litigation among technology companies was the exception and not the norm at that time — I started to ignore the email. Nonetheless, Novell’s concerns were well-founded, because email frequently lies at the intersection of IT and litigation.
Whenever a lawsuit is in the offing — from patent litigation to prosecuting a sexual harassment suit — email is the best source of a “smoking gun,” or evidence that almost ensures a victory or lucrative settlement for one side. After all, email is very informal: email is worded much differently than a printed letter, and things are often said in email that might never be said in a face-to-face conversation. Moreover, most employees think of email as ephemeral, like so much water-cooler conversation. But it isn’t ephemeral: copies of an email message may stay around for a long time, whether on a backup tape, on a server, or on a workstation (in an inbox, in the recycle bin, or on a hard disk, accessible via data forensics tools).
Employers generally have a right in the United States to monitor all email traffic and the communication of all employees. This right is conditioned on the employee not having any expectation of privacy in his or her communications. Employers try to remove any such expectation by including text in employee manuals, signed agreements, postings, emails to all employees, and so on, stating that the employer can, sometimes subject to various conditions, examine any communication made using company property or made on company premises. Most employers don’t bother with monitoring unless they receive a tip of some problem.
The issue for employees is this: What will the employer consider a problem? Embezzlement obviously qualifies, but how about exchanging derogatory remarks about the new product manager or discussing your date with a coworker? Based on the disclosure that the employer makes to employees, the employer probably has the right to search through email for any of these topics. As with privacy policies posted on web sites, the employer’s actions are based more on contract — a promise to act a certain way — than on specific statutory requirements.
Besides watching for illegal activity or offensive material, employers are more and more likely to pay attention to email to protect themselves in the event of future litigation. The biggest risk that email poses is that the opposite side in a lawsuit requests your emails during discovery, and, being poorly organized, you have to give them everything you’ve got. Turning over a mass of email may reveal a smoking gun, or it may just cost you a fortune. But you can’t simply delete old messages when someone files a lawsuit against you.
Each organization should have a document retention policy that includes a schedule of when different types of electronic communications can be deleted. If the schedule is followed consistently, the organization is not expected to keep all electronic communications indefinitely.
The first and perhaps most painful part of setting up a document retention policy involves creating an inventory of your electronic communications. This inventory defines the different types of communications, specifying the content, location, and importance to business processes. Each category in the inventory is analyzed to determine an appropriate retention schedule. These two steps are best done with the guidance of an attorney that can evaluate the potential liabilities and costs associated with different documents.
Once an organization has a document retention policy in place, it merely follows the schedule unless management receives some notice of potential litigation. Without a clear policy and a consistent history of following it, you have to save everything indefinitely, or risk large penalties for spoliation (destroying potential evidence). The costs for retention or spoliation can be much greater than what you’d spend preparing and implementing a good document retention policy.
Several recent federal cases, as well as proposed Federal Rules of Civil Procedure, address the issue of retaining electronic communications. Protecting your organization from penalties or huge costs of document production requires sound legal advice and management involvement. But key to its success is the participation of IT professionals who manage the actual data. When the IT staff understands the rights of an employer to access employee communications, and knows how to manage those communications according to company policies, they play a major role in protecting the company’s future and reducing potential liabilities.
Nicholas Wells is an attorney practicing technology and intellectual property law. This article provides general information and should not be considered legal advice. You can reach Nicholas at