Migrated from eDJGroupInc.com. Author: Barry Murphy. Published: 2010-06-11 06:00:45Format, images and links may no longer function correctly. Perhaps I am simply becoming cynical, but I continue to believe that companies only create retention policies to ensure that questionable behavior will not be found. The latest example comes from GM – some Republican Congressman have asked the company to suspend disposition of electronic communications in accordance with its 60 day retention policy. I’ve written earlier about what I call “the ostriches” – companies that bury their heads in the sand and then act shocked when eDiscovery is such a challenge and they cry, “undue burden.”
I don’t know the intimate details of the GM electronic communication retention policy, but if – as the article states – it is truly a 60 day and delete policy with no backup program in place, then GM could be considered an ostrich. Now, what’s not clear from reading the source article is if GM lacks a DR system (short term back up tapes) or if the accusation is that they do not have a longer-term system like an email archive. What is clear is that GM wants emails gone after 60 days. Getting rid of emails that quickly without a backup program in place ignores two very basic things: the business-critical nature of email and other electronic communications and human behavior.
We all know that email is one of the most used forms of business communication today. Email contains contracts, sales quotes, intellectual property, and the list goes on and on. Therefore, there is a business need to retain it. There is also a lot of junk email – jokes, lunch invites, and the group email that the company party is this weekend. As such, there is also a need to get rid of unnecessary email that takes up storage space. To address the need to retain what is valuable while getting rid of what is just taking up needless space, organizations put email retention programs in place. The most common type of program is email archiving in combination with email backup, whereby users can archive emails that they deem important (usually by dragging into a folder with a longer retention policy) while all other emails are deleted within a certain timeframe (in my experience, 90 days is about as short as many companies are prepared to go; though admittedly, I’ve heard of 30 day and 60 day policies in recent years). Now, given how critical email is to doing business, every organization I’ve worked with uses backup. How else can you get back all mail (not just archived mail) to users if the mail server crashes? That GM is doing a 60 day policy with no backup in place doesn’t make business sense.
This is where the human element comes into play. Archiving usually requires that users designate that mail needs to be archived. Given the volume of email that users get, there is no way that they can effectively (or consistently) classify all of them. This is why backup is important – there needs to be a failsafe to get the potential records that users miss. This is also why content analytics will be very important for organizations – because users can’t do classification on their own, there needs to be some kind of automation to the process.
The other issue with such a short retention period is that it forces users to hoard email in PST, MSG, etc. This puts the large public corporation on the hook to search every possible hiding place and format. It has the potential to multiply the eDiscovery costs. Think of what happens when a forensic special master samples PC images from 2-3 key custodians and finds some of these stashes. The court is likely to order what my colleague Greg Buckles refers to as a “corporate colonoscopy.”
The only explanation I can think of for a 60-day retention policy on email with no backup program in place is that there is bad behavior to hide. Hiding such behavior is so short-sighted because email can exist in so many places a company doesn’t know about – external organizations, users’ local machines, users’ home email accounts, and jump drives. I would think that it benefits a company to know the smoking gun exists rather than to encounter it somewhere else. Even if just from a public relations perspective so that the company can do the right thing, knowing what is in email can be so important in making the right legal decisions downstream.
I hope there are more details to the GM retention policy than covered in that article because, if that’s all there is too it, GM has become my poster child for bad retention management.