You have a retention policy. You train your employees on the policy. You have annual audits. You can rest easy, right? Not necessarily, if your data retention policy is not squared with your IT department's data management system.
How could this be? You included your IT team in planning the retention policy, thinking that you were taking an interdisciplinary approach. If, however, you were speaking a different language, you may not be on the same page. Your IT department is concerned about storage, security, speed, and server space (that is, data management). You may also have a records management team concerned about storage, organization, and the ability to access information quickly (information management).
But Legal is concerned about establishing the use of a defensible policy to avoid litigation and regulatory sanctions if certain information is destroyed (data retention). Although each of these functions has some overlap, each has distinct goals and concerns. If the team uses the terms "data management" and "data retention" interchangeably, or interprets them as identical tasks, assuming both are addressing the same problems and goals, you may be at risk of undermining your retention policy.
A common trend in data storage solutions is the use of cloud-based email archiving. It reduces on-site storage requirements, decreases the overall burden on your systems, allows for faster machines and fewer disruptions, and offers a backup and disaster recovery solution. It is less taxing on employees than mailbox size limitations or auto-delete policies. Cloud email archiving allows employees to have endless mailbox sizes, allowing them to keep every sent and received email in perpetuity. Currently, the cost is very reasonable, so to many it's a no-brainer to just archive all emails at a low cost. Doing so can also eliminate any concerns of improper destruction. However, saving everything can undermine the benefits of your data retention policy.
There are risks associated with using email archiving as a way to save everything. Although most archiving systems are indexed and allow for relatively easy searching, the more data you have, the more difficult it is to find the proverbial needle in the haystack. And while you can search by date, custodian, and keywords, the more data you have stored, the more "hits" you will have, resulting in more time reviewing the results to determine what it is that you are actually looking for.
Any in-house counsel knows that review time is the most expensive part of e-discovery. The same holds true for employees looking for valuable business information as part of their job. If you are engaged in a lawsuit, in addition to the expensive review time, storage of unnecessary archives will likely result in older documents where the relevance and context may not be apparent and the author, even if employed, likely does not recall the specifics or reasoning behind the words chosen.
The Sedona Conference, widely accepted as the authority on best practices for e-discovery and information management, has encouraged companies to be pragmatic when developing retention policies, stating that the ability to save everything indefinitely does not justify doing so. Doing so completely undermines the purpose behind permissible data retention policies (more aptly called data destruction policies). It further devalues the critical information that should be saved.
In fact, email archiving in the cloud may invalidate your retention policy, obligating you to preserve more than you otherwise would be responsible for in a lawsuit or investigation. Contrary to what sometimes appears to be popular belief, merely having a written retention policy does not eliminate or reduce the risk of spoliation. A good retention policy must not just allow for deletion, but should require it. Having a retention policy that ultimately leaves it up to the end consumer to decide what to keep and what to delete, and having an IT email archiving system that backs up everything, completely undermines any retention policy you might have.
From a legal perspective, if you have a backup of all emails, you certainly won't be subject to sanctions or spoliation.
Courts have long recognized the legitimate business need to purge documents and information when no longer valuable to the company or legally required to be preserved. Automatically saving and preserving every single email is certainly a defensible if not iron-clad decision your company can make, if it is concerned with accusations of spoliation. Such a sweeping policy, however, is likely driven by irrational fears. Recent studies have shown that sanctions are rarer than one might think. The burden of proving spoliation that results in sanctions is relatively high, and companies that destroy information prior to the threat of litigation pursuant to a retention policy are protected under the law.
Originally published on LAW.COM
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.