If you either send or receive email in the course of business (and you probably do if you’re reading this) then you need to have a written email retention and email archiving policy.
And at least as importantly, you need to follow it. Religiously.
And here’s why: if you are on the receiving end of a legal demand to produce evidence which includes email – and if you are ever party to a lawsuit you will be – you have to be able to either provide the email requested, or be able to point to a sound policy that explains why you no longer have it.
For that reason it is critical that a business have a written email retention policy, and that the policy be scrupulously followed. What that policy is matters far less than that it be carried out consistently. So, for example, your office’s email retention policy may be that all email is to be archived for three years, and then deleted, or it may be that all email is to be deleted as soon as it’s opened and responded to. It really doesn’t matter so long as it is carried out and applied consistently to all email.
This is also true for all other documents – you need a document retention policy that is clearly spelled out and followed (such as, for example, all documents are kept for seven years and then destroyed), but email is by far the most problematic. This is because when you get into litigation, you will often be asked to produce all of your email records for the period in question. Now, if your email retention policy is such that all of the email for that period has been deleted under your email retention policy – a policy which has been consistently applied all along – then the Court will not blame you for that email not being available to be produced. But if you don’t have a clearly stated email retention policy, and the email being sought just happens to have been deleted and be unavailable, you could face serious trouble. Conversely, you don’t want to find yourself in the situation where the email requested does exist, but you really wish that it didn’t exist, and you now can’t delete it without facing contempt of court charges, or worse, for failing to produce it.
Nearly all of the worst case scenarios would be the result of not having a carefully spelled-out and consistently-applied email retention policy. In that case, if the business owner does not have the email requested, the Court may believe that the business owner willfully destroyed the email rather than produce it, and may apply any number of legal sanctions, including (but not limited to) presuming that the missing document must have contained information which would prove their opponent’s case, levying heavy financial sanctions, or, even, dismissing the case or finding in summary judgement for the other side.
In fact, I am personally familiar with a case where the sanction for deleted material was so severe, it lead to the other party winning and putting the deleting party out of business (the winner acquired them). While this is an extreme case, and the deleted material wasn’t in an email, the principle is the same.
And the key to avoiding this is to have in place a clear, and consistently applied, email retention and archiving policy. Again, what that policy is is almost secondary – what’s important is that you follow it to the letter. Then, if you are called upon to produce email, it’s ok to say “we don’t have it because our policy is to delete all email more than 30 days old” so long as that really is your policy and you can show that you have been following it consistently for years.
What’s not ok is to say “we don’t have it because we deleted it” when you also have legacy emails still remaining in your system or archived somewhere else.
So run, don’t walk, to review your company’s email retention and email archiving policy, and if you don’t have one, for goodness sake get one in place.
And then, follow it.