In the latest of a series of rulings, a federal judge has issued a $1.45 billion judgment against Morgan Stanley for not keeping records of email communications.
Partly in response to such rulings, many corporations now have detailed
email retention policies and keep years of email records. But this is a
lose-lose situation for companies: five years ago, New York Attorney
General Eliot Spitzer fined Morgan Stanley $10 million dollars because
it (like most firms at the time) did not keep e-mail records. Merill
Lynch was one of a few that did keep detailed records, and was fined
$100 million dollars for its efforts because some e-mails contained
compromising materials.

Keeping track of what e-mail is to be retained for how long is a
major headache – and not just for mail administrators like myself.
While SEC regulations require a variety of periods for record
retention, anti-discrimination statutes like the Data Protection Act of
1998 require that personal data should not be kept “for longer than is
necessary.” This effectively means that each e-mail user must be an
expert in the relevant laws in order to filter every single received
email into the appropriate category, as dictated by a multitude of
vague and contradictory regulations. Managers must obsess over trifling
communications sent by a low-level employee that might be uncovered by
prosecutors armed with powerful search software years later. The
consequent cost (or boon, depending on your perspective) to
software-development and consulting companies is enormous as well.

Can you guess the most likely response to the DOJ’s policy? If you
guessed that companies are likely to severely restrict e-mail use, you
might be right. Next on the DOJ agenda: requiring years of instant
messaging and phone records.

Crossposted to The Egosphere