According to the ePolicy Institute, 90% of business documents produced and acquired by companies are electronic. “Many employers find themselves drowning in email-related risks as they struggle to manage the use — and curtail the abuse — of what was originally conceived as a time-saving, productivity-enhancing technology tool,” according to a report by that organization and Symantec.
The basic risk is that emails will be destroyed to hide potentially incriminating evidence in a legal proceeding. The consequences can be devastating for the company, both in terms of legal penalties and the resulting bad publicity.
When potentially important evidence (contained in emails) is destroyed, courts have been known to automatically rule in favor of the plaintiff, reasoning that deleted emails would have provided enough evidence to support the plaintiff’s case. And if the case is particularly egregious, an employee involved in deleting emails can personally pay a heavy financial toll.
That’s what happened in a recent case in which a company executive, after the company was put on notice that it would be getting sued (known as a “litigation hold”), “double-deleted” thousands of emails. They were deleted from the executive’s in-box, then from the electronic “trash.” The executive, the senior vice president of sales, was personally fined $1 million.
He made matters worse for himself by encouraging other employees to delete emails related to the litigation. Then he lied about his own email-deleting activities.
Managing email risk requires understanding two basic principles of record retention (electronic or otherwise). First, what kinds of records do you need to hang onto for a while — even without the threat of litigation?
Specifically, determine which emails could be deemed a “business record.” According to the ePolicy Institute report, a business record is one that “provides evidence of a company’s business-related activities, events, and transactions.” They should be kept “according to their on-going business, legal, compliance, operational, and historic value to the company.”
Email exchanges among employees about where to have lunch likely wouldn’t fall under that heading. But anything related to policies, procedures or production probably would.
Also keep in mind that archived emails might come to your rescue if you’re involved in unexpected litigation. These retained records could either establish your innocence if you’ve been falsely accused of wrongdoing, or they could support a case you might bring against another party.
The second basic principle involves the “litigation hold.” This is when a written notice is received that instructs parties with custody of documents to preserve potentially relevant evidence in anticipation of future litigation.
When the notice arrives, purging of documents is forbidden — including overwriting backup electronic storage systems. Doing so may be deemed as “virtual shredding” of evidence.
Employees might wrongly assume that a simple email doesn’t amount to a significant document that needs to be preserved. It’s therefore critical to establish a clear email retention policy and convey it to employees not just once, but on a periodic basis. And everyone in the organization needs to be aware of the policy; managers, such as the sales exec mentioned above, can’t be left off the list.
The policy should define “business record,” and set a schedule for when emails can be deleted. Standards for public companies, and those in certain industries (including privately held ones), are subject to specific record retention rules.
Electronically Stored Information
Under federal court guidelines, emails are just one component of “electronically stored information” (ESI) subject to retention requirements, such as under a litigation hold. ESI also includes email attachments, along with any other kind of data that can be stored in company computers.
So, your email retention strategy should also address ways you can prevent employees from deleting them. For example, you can give your IT department the prerogative to block an employee’s efforts to trash emails that he or she has already deleted.
Or the policy can ensure that there’s a backup system in place beyond the reach of an employee’s efforts to destroy potential evidence. Technology vendors can serve as a valuable resource with regard to building systems that can prevent even the most determined “email deleters” from accomplishing their objectives.
Your Own Hands
As with many areas of business litigation, courts will weigh not only whether you have a policy with regard to potentially problematic employee behavior, but also how well you communicate it and how consistently you uphold it. So the power to prevent email-related missteps lies largely in your own hands.