Managing electronic records: Email purging guidelines

Smart organizations educate their employees about acceptable email use and follow a policy of regular computer-file purging to keep the company network free of unnecessary data storage.

But what if your organization thinks it may be a lawsuit target? Should you keep purging email messages in accordance with your regular policy? The answer, many organizations are surprised to find out, is “No.”

Email messages are official company records that can be summoned in a lawsuit. So, you may have to put a “litigation hold” on email deletion if you think those messages could be important to the case. The same goes for instant messages (IM).

Most employers aren’t aware of this legal danger. In an American Bar Association survey, more than 80 percent of trial lawyers said their clients don’t have a policy to handle electronic discovery requests. Two-thirds said that when their clients are notified of a lawsuit, the clients “rarely or never” take steps to preserve electronic data.

Two court rulings send a strong message on this issue: Employers who don’t take the right steps to preserve electronic data can face big financial penalties.

Case 1: “No delete” warning didn’t mention email messages. Soon after an equities trader filed a sex-bias lawsuit, the company’s in-house counsel warned employees not to destroy relevant documents. But that warning didn’t mention email messages stored on backup tapes, which the company regularly recycled. As a result, relevant emails were deleted and lost forever. A federal district court said the company was at fault because it had a duty to preserve email and other electronic files, as well as backups of those documents. (Zubulake v. UBS Warburg LLC, No. 02-Civ 1243, S.D.N.Y.)

Case 2: Email purge continued after lawsuit. A federal court penalized a company for failing to prevent 11 of its top-level employees from deleting key emails during pending litigation. Saying the company kept up its practice of automatically deleting emails even after litigation began, and despite a court order to preserve evidence, the court imposed a hefty $2.75 million fine. (USA v. Philip Morris USA Inc., No. 99-2496, D.D.C.)

These cases act as a strong reminder that courts will get tough with organizations that treat electronic discovery, retention and preservation lightly.

1. Suspend regular data destruction if litigation is likely. You’re required to impose a “litigation hold” on routine data destruction in certain circumstances.

This duty to preserve comes into play, at a minimum, when you receive notice that an administrative or judicial claim has been filed against the organization and, even sooner, if your organization has reason to believe that a lawsuit is on the horizon.

But your duty to preserve doesn’t extend to every document and bit of data. You have to save data only if it’s been prepared by or for employees who will be “key players” in the litigation. Rule of thumb: If you’re in doubt, don’t throw it out.

Before purging email or other files, sort through them to determine which items could have legal significance. Print them out and file the hard copies. Consult with your IT experts about procedures to protect data from being arbitrarily deleted or overwritten.

2. Establish document-retention periods. Your organization must retain certain documents even without the threat of litigation. For example, all employers must retain federal payroll tax records for at least four years. Trucking companies must hold onto employee alcohol test results for five years.

Also, apply time limits to data not regulated by government rules. Your key business documents should likely be retained indefinitely. Email in accessible format, however, should be subject to a short retention period of about 30 days.

3. Train managers and employees on your electronic communication policy and make them aware that emails are official correspondence that can be called into evidence during a lawsuit. FAQs are a good way to describe your policy.

4. Apply and enforce your policy consistently. Inconsistency, say, for example, letting high-level employees destroy data more frequently than your policy states, could put you at risk of a charge of bad-faith evidence destruction.

By the numbers: E-mail policies and retention