Are Layoffs a Reason to Destroy Electronic Mail Records?
Departure (dismissal) of an employee does not justify destruction of his e-mail records stored on employer equipment. Those records are not the property of the employee or (normally in the U.S., with some qualifications) the vessel of his privacy. The records are an asset of the employer, showing what the employee did in his capacity as an employee and agent of the employer and how he was supervised.
In our changing economy, employers are learning how to get the same productivity with fewer people. As they let some employees go, the email records of those employees are part of the employer's valuable institutional memory.
Wasting Manager Time
A manager is wasting her time if she paws through a departing employee’s e-mail to decide what to keep and what to destroy (delete). It is better just to keep the e-mail, consistent with the retention and privacy practices generally applicable for all employees.
Email is an Asset of the Enterprise
E-mail records memorialize intellectual property development by employees (such as an inventor or engineer), and they record when and under what conditions trade secrets are shared with business partners. In intellectual property (IP) disputes, proving the time and date that particular events transpired is essential. The beauty of email records is that every message is stamped with time and date.
Today, e-mail records are critical to many investigations and disputes; they are even critical under search warrants, where law enforcement seizes records under court supervision. In Jane Doe v. Norwalk Community College (a sexual harassment case), the court sanctioned a college for destroying electronic records of a suspect teacher after he left the college. The same could happen to any educational institution (public or private . . . higher, secondary, primary, K-12).
E-mail records show what commitments employees did and did not make on behalf of the employer. In Cloud Corp. v. Hasbro, 314 F.3d 289 (7th Cir. 2002), employee e-mail effectively modified a paper-written contract that said it could not be modified except by a “signed writing”. E-mail can be a legally-binding “signed writing” that memorializes the employer’s rights and responsibilities under contracts.
Federal Sentencing Guidelines
E-mail records showing day-to-day education and supervision of employees are consistent with the expectations of the Federal Sentencing Guidelines. The Sentencing Guidelines are the framework within which federal judges select penalties for convicted criminals. If a criminal happens to be an enterprise, the Guidelines call for leniency where the enterprise had taken steps to prevent and mitigate crime by employees. In other words, bad employees might go to jail, but their not-so-bad employer might avoid stiff criminal penalties.
Under the Sentencing Guidelines, the steps the employer must take include establishing and promoting an employee ethics program and then monitoring and disciplining employee conduct. To show that an employer did this, electronic mail records (ESI) can be key evidence. They can document regular education, supervision and discipline of employees.
Update: The Federal Sentencing Guidelines are proposed to be amended so as to place more emphasis on complete record retention.
Policy?
So precisely how long should employers keep email records? There is no one-size-fits-all answer. I have led in-house workshops to address this question at numerous, diverse enterprises. The outcome of these workshops has varied, depending on many factors, including corporate culture.
In my experience, the best email retention policy is one that is developed by collaboration of the various stakeholder departments in the enterprise (legal, IT, HR, operations et al.). Normally, these different stakeholders start with different positions on what the policy should say. But, in my experience, after the stakeholders have talked through the issues, they tend to compromise their positions and coalesce into a policy that is unique to the enterprise.
Mr. Wright is senior instructor for the SANS Institute, where he delivers professional training on the law of e-discovery, e-records management and internal investigations.
P.S. Employers may believe that by deleting email they are preventing a future eDiscovery adversary from conducting a so-called fishing expedition through the records. However, I argue that the advantages of generous record retention outweigh the risk of a fishing expedition.
Someone identified as "thefixer25@gmail.com" submitted this comment under the post above:
"f#%k you for encouraging email sniffing". My response: I appreciate people reading my ideas and commenting, even when they tell me I'm wrong or bad! I re-read the post above, and I don't see mention of sniffing. However, I do interpret modern US law as giving employers ever-stronger incentive to supervise the electronic workplace. These incentives come from our democratic society's expectation that employers do things like 1. ensure a safe work environment, and 2. deter fraud and other illegality within the employers' systems. --Ben
Posted by: Benjamin Wright | March 22, 2009 at 08:48 AM
The topic of "sniffing" employee e-mail is worthy of a lot more discussion. I don't pretend to know everything about it or to have all the right answers. I do welcome more comments from thefixer25@gmail.com or anyone else who will take the time to think about this. --Ben
Posted by: Benjamin Wright | March 22, 2009 at 09:01 AM
I keep thinking about the comment from thefixer25@gmail.com, and I've something else to add. I acknowledge to thefixer25@gmail.com that some employees might not like their employers looking at their e-mail. Some employees will think that employer "sniffing" violates their privacy. But changes in technology may rapidly be reducing the conflict here. Smart phones are quickly becoming so common and so cheap that most all employees have them, even the lowest-paid employees. What that means is that employees can easily take their personal, private, non-business communications (text, e-mail, photos, video, facebook and so on) to their own smart phones, and use their employer-provided e-mail exclusively for the employer's business, with the full knowledge that society firmly expects the employer to supervise what is going on inside the systems that it owns and administers. --Ben
Posted by: Benjamin Wright | March 22, 2009 at 10:04 AM
Well now that I actually realize your intention isnt to spy on employees private emails with DPi or SNMP interception methods, I certainly understand the need for to retain this information.
Thanks for clarifying.
Posted by: Hoback Borama | July 15, 2009 at 05:46 AM
LOL, I said SNMP, I meant SMTP. Sorry
Posted by: Hoback Borama | July 15, 2009 at 05:48 AM
Employees should understand that emails using their employer's email account are not private or personal and should never be considered personal. It's usually a matter of security and often times productivity. If they want to converse via email with their personal friends, I suggest a hotmail or gmail account that can be accessed through the internet. Employers pay employees to work during the time they are at work...
Posted by: Kat Herrin | June 01, 2010 at 10:20 AM