As a result of the explosion of email over the past five years, email has become a major issue for companies when dealing with records retention and eDiscovery.
What makes email different? A number of factors.
Most prevalent is the sheer volume of email. Unlike several other types of electronic records (e.g. Word, Excel and PowerPoint files), email is used in large part for conversations involving multiple replies and recipients. Email is extremely quick and easy to create. This results in a very high number of separate emails on a single topic of conversation. When dealing with eDiscovery requests, each separate email must be dealt with. While automated technology can assist, to the extent the human element is required, the processing and resource time can be multiplied exponentially as a result of the number of separate emails dealing with a single topic or conversation.
Another differentiating factor adding complexity to email is that it is rarely organized in any cohesive manner. While Word, Excel and PowerPoint are often managed in a document management system, or at least folders, the same cannot be said for email.
How can companies reduce the costs and risks associated with email without investing in an expensive email management application?
Adopt and implement a simple and easy to understand email retention policy.
When email was in its early days and the volume of email was manageable, companies often treated email like paper records when it came to records retention. The records retention policy stated that employees should determine whether an email was a record which needed to be retained, and if so, determine which records category the email fell into and apply that retention period. Thus, an email relating to an HR matter may be retained for five years, but an email relating to an accounts payable for three years.
Given the volume of email today, this approach no longer works. Thus, companies with successful email management and retention strategies typically use a single email retention period (e.g., three to five years), allowing for limited exceptions where required under applicable law or for legitimate business reasons. While emails often have attachments which will need to be retained pursuant to the company’s retention policy, the attachments should be retained in a separate location – where the particular type of record is ordinarily maintained – and not in a user’s inbox for other email folders.
For most companies, a single retention period will typically be appropriate for most (e.g. 95%) of all emails. A company can consider exceptions to the baseline period for certain critical business functions and personnel. For example, a company that adopts a three year base retention period may want to consider a longer retention period for human resource related emails as necessary to comply with state and federal retention requirements which may be longer, or because such emails are more likely to be needed for the defense of claims which may not be asserted within the initial three-year period.
Companies can consider exceptions or a different retention period for key personnel, such as senior management. Legal hold exceptions and requirements will apply to emails just like any other record. Accordingly, the company will need to have procedures in place to segregate emails subject to a legal hold to avoid destruction through operation of the normal email destruction process, whether handled by the IT department or individual users. Finally, a legitimate business reason exception can be appropriate for retaining emails longer than the baseline retention period. However, this exception should truly be an exception, and used rarely only under appropriate circumstances. For example, email relating to a contentious merger may be appropriate for longer retention, but the legitimate business reason exception should not be used as a frequent end run around the baseline retention period.
A simple and easy to understand email retention policy can help companies cope with the increasing difficulties presented by email in responding to the eDiscovery request.