One of the most common conversations that I have with clients is the issue of where and how long to retain email. Generally clients either want to keep email forever or get rid of it as fast as possible. Both have their challenges and dangers.

The most common of these approaches is the get rid of email as fast a possible. When applied this typically means that email is only backed up up for 30 days or so. Then after the 30 day period of time backups and records of email is deleted.

The most dangerous problem with this sort of strategy is that it provides a false sense of security. Most organizations allow users to store email outside of this 30-day window in local PST files. This means that any incrementing email is still very accessible; in fact it is far easier to find then trying to manually pull from tape. Once an opposing legal council can prove that this is an acceptable practice within your organization (written or not) they can then force the deliver of all PST files for discovery or worse force the IT staff to scan user PST files for the desired data.

These PST files also create another problem. Most organizations allow users to store PST files on corporate fileservers. In fact we have seen organizations have to create specific PST fileservers just to store the data. I know of one organization that actually has over 7TB’s of  PST data stored across 10 dedicated PST files. These PST files reek havoc on an IT staffs ability to backup and protect the enterprise and is a common source of complaint when IT staffs list off backup problems. This is because one change to a PST file means the whole file needs to be backed up. Most PST files change every day. Most IT Staff proceed to protect these PST fileservers as they would any other fileserver in the environment. If the challenges of data protection can be overcome then protecting the PST file server breaks the assumed value of  the short term email retention strategy. Once these PST files are backed up there are treated similar to any other fileservers protection scheme. Now not only are the PST files available on-line for the discovery of potentially damaging email but also are know available for an even longer period of time on backup tapes. There are many tools now available to manage PST files. We can help determine which of these tools are right for you and how to implement them in your environment.

If the organization has the ability to make sure these use of PST files can be contained or does not allow their use at all they can sow up this hole in the short term email retention strategy. However there are other problems and issues to consider.

Another issue is when it comes to servicing discovery requests. Today, when an organization is served with a discovery request it is much harder to simply state that the cost of delivering the cost of the discovery request is unreasonable. Now most discovery requests must be served. Even if the organization has a written thirty day retention policy, if it can be proven that email is being stored (regardless of form) longer than that either via PST retention, Backup Tape not being properly destroyed or other methods then the IT staff must deliver the requested data or prove that it is not there. Because the data could now be spread across multiple PST files, fileserver and users laptops this can be a time consuming task.

In addition to a short-term false sense of security it could also grow into a long term real lack of security. With short-term email retention you may be destroying the very evidence needed to prove your innocence in a case.

As an example, there is an account of I know of that has an email archiving system in place. Every email is captured,  logged and put into a database. All of this is done in real time, so the archive has high integrity. This client was sued recently in a wrongful termination case. The plaintiff claimed that they were sexually harassed and had incriminating email to prove the point. With the email archive system the client was able to quickly find the emails that the plaintiff was referring to. While it was not exactly the information that they wanted to find, the process took minutes as opposed to days, as would have been the case without an archive system. In fact many clients just take the word of the plaintiff in that situation, as they’re not able to confirm the evidence themselves.

The story gets interesting in that with the archive system in place the client was able to quickly determine that the plaintiff had actually forwarded the offending emails to their friends and other co-workers. Sending it once to their private account made sense, but sending to twenty or so other email addresses did not, especially when at the top of the forwarded message the plaintiff had written “Ha Ha this is funny…”.  Once this was brought to the attention of the plaintiff the case was dropped.

If the client had a short-term retention policy in place they would have been at the mercy of the plaintiff. This lawsuit was brought forward six months after their termination. In that case the emails that they used to combat the case would have long since been deleted. If they did not have an email archive system in place but did keep emails for more than a year, they may have been able to find the offending emails.  They may also have been able to find out about the forwarded messages but at a much greater expense of time and resources. With the email archive system in place they were able to find the messages quickly, the life cycle of these messages became obvious and because they appeared so organized the case was quickly dropped. 

There is also a temptation of late to keep all emails forever. That creates its own set of problems. There are good, sound reasons to destroy emails when their time is up and it’s legal to do so. Again, an email archive system can help with these processes as well.

If you would like more information on this subject and some of the suppliers that work in the space please email me at georgeacrump@mac.com