.title-desc-wrapper .dt-published.published.post-date { display: none; }

Companies Must Stop “Shredding” Their Documents Every 30 Days

This article written by Aria Safar and was originally published in the Vanderbilt Journal of Entertainment and Technology Law (JETLaw) Blog on October 14, 2014.

I recently attended a conference in Portland, Oregon dedicated to the preservation of legal data in the case of litigation. Legal technology conferences are always an interesting mix of keeping up to date with “old” technology developments (at least a few years old, like social media) and reaction to upcoming technology (while the industry does not know what to do with social media and the cloud, speakers prophesied that the Apple Watch’s heartbeat tracking data would soon be applied in litigation).

I safely assume that email has completely changed communication in the business world, and it is indeed the primary means most organizations communicate. What was really shocking to me was how the legal community handled email data. Many companies and government entities said their policy was to autodelete emails after 30, 45, or 60 days. Thirty days? I’ve almost never deleted an email since I got my Gmail account in 2004. Why are organizations deleting data? Here are a few reasons raised, and here’s my reaction:

Contention: It costs a lot of money to keep emails.

  • Some individuals talked about how they had thousands of employees, and couldn’t possibly handle storing emails for more than 30 days. To that I say: email storage is cheap! You can store your information with a cloud service like Google for $5 per user per month for 30 GB of space, or unlimited storage for $10 per month. Large corporations that prefer to have their own solution can add 40 terabytes of additional storage for $10,000, coming out to 25 cents per gigabyte.
  • Yes, having more documents will increase eDiscovery volume, but there are a lot of solutions for limiting your eDiscovery costs, including technology assisted review, and properly mapping your data so you’re not collecting emails from your entire organization when you’re handling a case that is much more focused and discrete.

Contention: It is viable to delete your emails after 30 days, or 45 days.

  • Are your deals done within 30 days? Are transactions completed within that time period?
    • If they are not completed in that time, and you are deleting emails, this makes it hard to follow up with current business transactions, or servicing past completed ones when issues arise after the fact.

Contention: But I don’t want bad emails on my systems.

  • While you may not want to keep fodder for opposing counsel on your servers, it’s not just your opposing counsel that will want to get information from emails.
  • Are you accountable to any outside entity in the case of an audit or internal investigation–maybe shareholders, the government, taxpayers, executive committees?
    • A recent op-ed in the LA Times strongly advised the L.A. Unified School District against automatically deleting emails within one year.  The op ed noted that a recent controversial contract with Apple regarding the purchasing of iPads would not have been properly looked into had the autodelete policy been put into effect. “The district’s email rule might not be intended to hide district shenanigans, but it certainly could prove a useful tool for doing so. That would be too bad; the district’s dealings require a commitment to the highest levels of transparency.”
  • Deleting emails also cuts both ways. While you may be deleting potentially compromising emails, you may also delete emails that could prove exculpatory–all the while doing something that does not make you seem like you’re acting in best faith.
  • The solution for people doing bad things is not erasing any trace of those bad things, but minimizing poor behavior. The right answer is to institute policy changes and training so that personnel are working according to best practices. Yes, training costs money and takes time, but so does litigation and low employee morale caused by poor practices.

Contention: My employees file their emails on their computers into folders that will not autodelete, and therefore autodeletion is not a problem.

  • This operates under the assumption that employees are actually filing their emails. Many employees don’t have time to dedicate to sorting through their inbox and filing all their emails in appropriate boxes. It is simply not a widely practiced habit. How many of us do that with our personal emails, for example?
  • Filing emails also takes productive time away from employees, and forces them to engage in an activity that is not particularly useful. When you have a proper email system that you can search with ease, which is commonplace with most email service providers, spending time sorting emails is wasted.
  • Furthermore, if you have autodelete policies, and policies where employees can easily delete their communications, how are you able to track employee behavior if emails are gone forever? How can you identify when a problem employee is causing issues with clients?

Would you shred your paper documents every 30 days? I understand that the volume of information is higher in the email era, but email is the primary means of correspondence at many organizations. They have replaced letters as the chief means of communications. In the prior era, did we shred the all paper documents after 30 days? Would that practice be seen as reasonable? This is the digital equivalent of walking around to everyone’s office and sweeping all the papers into the trash. That policy would be laughed at and so should autodeletion of emails after 30 days.

Organizations–for profit companies, non-profits, and the government—should have email policies consistent with the importance of email and consistent with current technology. Autodeleting communications after a few weeks is not only a bad practice but reckless and wholly without merit.