« Behavioral Biometric Forensics | Privacy | Main | Tax Enforcement Intelligence | World Wide Web No Trespassing Sign »

November 11, 2010


Feed You can follow this conversation by subscribing to the comment feed for this post.

Stephen W. Harris

Talk about "big, intrusive government regulation!" The definition you quote of required record keeping could conceivably include almost every company related e-mail sent or received by at least management level employees. Rumors or confirmations of mergers or aquisitions, change in senior mangement, plant openings/closings,the status of pending or potential lawsuits, budgetary matters... Where does the list end? Just as "party admissions" can only be attributed to management/policy making personell as to the corporation (or to a specific employee concerning the scope of his employment) isn't it reasonable to at least limit the class of employee who's communications must be saved? How does the company police/enforce the rule as to dozens or thousands of employees? (I presume you have some ideas.) And as to the type of communications, this trial lawyer would argue that the European definition is "vague and ambiguous" and amounts to a "fishing expidition" into corporate records w/o further specificity. Finally, regardless of the size of the entity (i.e., the bigger the corp. the more employees available to commit to document searches) I would hope the good ole "unduly burdensome" objection would provide some protection in most courts if a party simply copied the statute verbatim in drafting his request for production.

Benjamin Wright

Good points, Mr. Harris. You observe a classic clash between traditional record retention laws and the modern reality of electronic communication. Traditional laws were written when business was conducted on paper, and records were relatively few. Today, e-messaging like email creates far more records -- relevant and important records -- than was possible when business was conducted on paper. I argue that the law (US and elsewhere) gives organizations incentive to store lots of email (especially email of people like managers who are making important decisions) for substantial periods of time. Technology makes it increasingly practical to capture, store and manage large quantities of email. --Ben


The English version of the Babel-Law article you cite can be found here:


The comments to this entry are closed.

Wright's Online SANS Education

Jackson County Case Study

IT Administrators


  • Follow benjaminwright on Twitter

Custom Professional Training

Local ARMA Quote

  • "The presentation by Mr. Wright, sponsored by Messaging Architects, was engaging and provocative. He delivered insights that challenged some of our views on retaining e-mail, and definitely shattered others." - Terry Mergele, CRM, Program Chair, San Antonio ARMA.
My Photo


  • Attorney Benjamin Wright is the author of technology law books, including The Law of Electronic Commerce (Aspen Publishers) and Business Law and Computer Security (SANS). A featured speaker at industry conferences and professional meetings, Wright teaches e-discovery, data security and cyber investigations law at the SANS Institute. Mr. Wright advises clients on digital law and forensic investigations. He helps tech professional firms write engagement contracts, and otherwise manage their legal liability and right to be paid. Such firms include QSAs, auditors, blockchain analysts, penetration testers and forensic investigators. His telephone is 1.214.403.6642. Wright's e-mail is ben_wright at compuserve dot com (put "BLOG" in subject line to distinguish yourself from spam). Mr. Wright graduated from Georgetown University Law Center 1984.

SANS Quote

  • "The best professional trainer in the country on these issues is Ben Wright." --Stephen H. Chapman, Principal and CEO, Security Advisers, LLC, and student in Mr. Wright's SANS legal training


  • No public statement by Mr. Wright (blog, comment, book, article, video, speech, tweet) is legal advice for any particular situation. If you need legal advice, you should consult your lawyer.

    The purpose of this blog -- and the purpose of all of Mr. Wright's public statements -- are public education and discussion, and not the delivery of legal, technical or other professional advice. If you need advice or complete information, this blog is not the place to get it. Mr. Wright's public statements are offered as-is, with no warranty of accuracy or reliability. Mr. Wright sometimes revises his published ideas. If you use the ideas, you do so at your own risk.

    Mr. Wright's public statements on blogs and the like are not intended to advertise or solicit legal services.

    Mr. Wright's contributions to blogs, web courses and the like constitute part of the online update service for the book The Law of Electronic Commerce. Originally released 1991, and revised continually since then, the book is a reference for lawyers, published by Wolters Kluwer Law.

    The only person responsible for Mr. Wright's words is Mr. Wright.

    Mr. Wright has received money from some organizations he mentions online, such as Netmail/Messaging Architects, SANS Institute and LabMD.

    Mr. Wright strives to comply with all applicable laws. He does not have and never has had intention to infringe the rights of anyone. If any person has any information, suspicion or belief that Mr. Wright has done anything illegal or unethical, he asks that person promptly to notify him at 1.214.403.6642, Dallas, TX. Also, please state publicly on Mr. Wright's blogs or pages that he is wrong. Promptness helps mitigate damage.

    Any person accessing this blog agrees not to use data from it (or from any other public activity or statement by Mr. Wright) in a way that is adverse to Mr. Wright's interests.

    Mr. Wright does not have an attorney-client relationship with any person unless and until he and that person explicitly so agree. Interaction with Mr. Wright through public media does not create an attorney-client relationship. Exchanging private messages with Mr. Wright does not, by itself, form an attorney-client relationship.

    Privacy/Security Vision: Some people provide Mr. Wright private information. Mr. Wright strives to treat such information reasonably according to the circumstances. People should have no more than reasonable expectations about information security. It is unreasonable to expect that the offices, computers, cell phones, brief cases, filing cabinets and online or other services used by Mr. Wright are very secure.

Search Wright's Blogs

Find More on This Blog


Become a Fan

Find More on This Blog