Correcting Your Worst E-mail Retention Practices
How to avoid common mistakes enterprises make with their old e-mail messages.
by David Campbell
Companies and government agencies are increasingly implementing policies and procedures to comply with federal rules requiring them to produce e-mail records relevant to litigation. At the same time, however, many organizations continue to follow outdated, ineffective practices for e-mail management.
Indeed, old e-mail records management habits die hard. Some organizations archive all e-mails forever, “just in case.” A closet full of backup tapes may be the closest thing to e-mail archiving that a company has. Some organizations leave it up to employees to figure out which e-mails should be saved and which should be deleted via their personal PST files. Such faulty practices continue as the enterprise awaits the emergence of the perfect e-mail policy that will transform their environment to a model of efficiency and accuracy.
The trouble is, improper e-mail management is a serious handicap in today’s digital, interconnected world. Many of these worst practices can drive up storage and records management costs while increasing the risk of being unable to comply with e-discovery requests resulting from litigation.
The good news? Companies can begin today to correct these poor e-mail management practices and, in turn, save money and significantly reduce risk. By recognizing current flawed processes and replacing them with proven practices, organizations can have an effective, manageable strategy to improve e-mail management, reduce costs and control information risk.
Worst Practice #1: Saving Everything
The volume of e-mail and messaging data is exploding. E-mail has also become the main target for discovery requests during business-related litigation, but retaining just the right messages for the right amount of time is easier said than done. Little wonder, then, that so many organizations opt to simply save everything.
Of course, there are inherent risks and cost considerations in retaining everything. Storage costs skyrocket, particularly now that e-mail content routinely includes embedded formatting and graphics information and attached documents that require megabytes of additional storage. Poring through disks or tapes full of mostly irrelevant messages just to find those needed for legal purposes can be extremely costly. On average, it costs an enterprise 2000 times as much to review a message for relevance than it does to store it.
To further complicate matters, organizations must also know when to eventually delete saved e-mails. Even if the organization is retaining just the right information, keeping that information longer than necessary can be expensive -- and not just in terms of storage costs. When one well-known company responded to a discovery request, it found that half of the $12 million it had spent reviewing messages for three years was data that had been retained longer than was required. Having a deletion policy in place could have saved the enterprise $6 million.
One of the first steps towards improving a “save everything forever” policy is to sort e-mail into general, easily identifiable categories such as Business, Personal, and Junk. Organizations can then set more granular retention policies across these different categories of information, using a simple record retention schedule. For example, most e-mail may be kept for a minimum of one year, while general business messages may be retained for five years, specific legal, financial, or human resources e-mail for 10 years, executive communication for 50 years, and so on. The goal is to have a general policy in place that is appropriate for the business, is defensible in court, and addresses regulatory requirements.
Worst Practice #2: Using Backup Tapes as an Archive
Backup tapes and disks should not be used as an e-mail archive. Backups were not designed to do what archives do. Backups offer safeguards against unexpected data loss and application errors, while archiving is the process of systematically saving copies of unstructured files to reduce primary storage, manage retention, and enable the discovery of information on a per-item basis.
Backups will always be an important part of an organization’s data protection and disaster recovery strategy, but they are less than efficient when used for archiving purposes. Nevertheless, if tapes are the only source of e-mail backups, then they are fair game should a lawsuit demand their discovery. Saying they’re inaccessible will not hold up. Just ask any company that has been slapped with fines for the inability to produce the required documentation. One company certified they had handed over all e-mail related to a suit and then later discovered 1,600 backup tapes in a closet. The court found that the firm failed to locate and search all of its backup tapes for relevant e-mail, and the jury awarded the plaintiff almost $1.8 billion in compensatory and punitive damages.
With that in mind, organizations looking for a more cost-effective way to meet e-discovery and compliance requirements must implement an information management technology such as archiving that is designed not to provide traditional data protection but to speed response to legal and compliance requests.
Worst Practice #3: Leaving Classification Up to the End User
Relying on users to make difficult decisions about what e-mail to save or delete places a burden on employees that can hobble their productivity. Just getting through an inbox today takes a toll on a busy schedule. Having to stop, carefully review, and classify every message reduces productivity. Furthermore, when policy is left to interpretation by end users, inconsistencies are likely to result.
To ease the burden on users and increase the accuracy of e-mail classification, organizations can turn to automated classification tools provided by archiving solutions. These tools can extend the e-mail classification, capture, and retention capabilities of the archiving technology to the user’s desktop. This software collects metadata about an e-mail message which it uses to determine possible classifications from a predefined list of policy-based categories. The user is prompted to choose from a subset of classifications only when necessary, which streamlines the archiving process, helps preserve user productivity, and improves consistency.
Creating a comprehensive e-mail retention policy requires the input of a variety of stakeholders, from IT and legal staff to human resources, finance, business functions, and other non-IT personnel. The scope of the policy should include all employees who create, send, or receive e-mail messages and attachments as well as a wide variety of possible e-mail categories. In fact, many organizations choose to put off e-mail management efforts until they can devise the perfect e-mail policy.
However, the organization may miss a much more proximate and pressing problem: legal holds. At any moment, an organization may be required to respond to a litigation hold request that in all likelihood will call for all relevant files and e-mail messages to be immediately preserved.
For that reason, organizations should make it a priority to put in place a plan to address legal holds. Although the scope of a legal hold will vary from case to case, virtually all legal holds will take into consideration what type of information is retained, whose information is retained, and where relevant information and documents are located. Once the organization is prepared to address any preservation obligations that may arise, work regarding retention policies can resume.
As the volume of e-mail continues to multiply and organizations face a range of legal and regulatory demands for its storage, retention, and discovery, it is critical to replace outdated and ineffective approaches to message handling with best practices for e-mail archiving and management.
By preserving the right messages for the right amount of time, leveraging an archiving system to ease management, easing classification through automation, and preparing today for potential litigation hold requests tomorrow, organizations can reduce the costs of e-mail management and better position themselves to respond with confidence and competence to legal and regulatory challenges now and in the future.
David Campbell is senior product marketing manager for Symantec Corp. You can contact the author at firstname.lastname@example.org