Email: keep it, don’t delete it, say lawyers

10 Oct 2012

Warning comes as new Mimecast survey shows that more than a quarter of UK businesses have no policy at all on retaining email.

Companies should retain all documents and emails relating to projects for at least six years before they consider deleting or destroying the information, according to Ian Birdsey, a senior associate at law firm Pinsent Masons and an expert in IT dispute resolution.

In fact, in an article on the firm’s Out-Law.com site, Birdsey advises firms to consider retaining the information for even longer than six years, if they want to be able to respond “appropriately” to electronic disclosure, or ‘e-discovery, requests made as a result of disputes arising from outside of the UK.

“In terms of retaining documents and having a policy which complies with the requirements of limitation periods, six years is the typical period for ontract claims, but for an IT project, the project itself might take three, four, five or six years,” he writes.

“Therefore, it is preferable, particularly for IT companies, to be looking at implementing a policy that begins six years after the completion of the project, or from a point at which it is a bit clearer that no claims have been made.” Multinational companies, meanwhile, will need to consider retention and disclosure requirements in every jurisdiction in which they operate, he adds.

A recent survey from cloud-based email management company Mimecast, however, shows that UK companies consistently fail to heed such warnings, with email archiving and retention policies that are “muddled and unclear”, despite the risk of exposure to litigation and compliance issues.

According to the poll of 500 IT managers based in the UK, US and South Africa, more than one-quarter (26 percent) of UK businesses “do not have a clear policy on retaining email at all” and only 30 percent store archived emails for three years or more.

Faced with a discovery request – a demand from the opposing party in a dispute to reveal relevant data and content - most companies would struggle to respond in a timely manner, as the law dictates it must. On average, the survey reveals, it would take a UK business 12 working days to identify all emails relating to a potential litigation, while 17 percent of respondents said they do not thing the would be able to comply within a month.

As well as being lengthy, e-discovery processes are notoriously skills-intensive and costly for companies that have not prepared in advance.

“IT departments can and should be doing more to protect their organisations by adopting a more rigorous approach to email archiving,” commented Eliza Hedegaard, director of legal IT at Mimecast. “However, the businesses I speak to are not being helped by a regulatory system that is incredibly confusing and difficult to navigate. Regulators should be helping businesses by simplifying the regulatory framework and putting greater emphasis on clearly communicating what organisations need to do in order to comply, instead of adopting scare tactics that focus on what will happen if organisations fall foul of the rules.”

Right now, however, ignorance or confusion do not constitute any kind of defence for companies that fall foul of competitors, customers or regulators and end up in court. It’s clear that, in order to protect themselves, they’ll need to be clearer on the retention and disclosure requirements they face, have clear policies in place and the IT architecture in which to store emails, documents and other information for as long as it might feasibly be required.

Mimecast’s chief technology officer Nathan Borenstein will be presenting at IP EXPO 2012. His seminar, Permission management: the key to unlocking value in corporate archives, will take place at 14:30 on Wednesday 17 October, in the Cloud Services and Applications Theatre.