Email archiving: To delete or not to delete?
Email archiving, in particular, used to be expensive and hard to do well - specially for organisations the size of News Corp. Customers had to buy horrendously expensive systems and pay exorbitant maintenance to keep them going. So it's not surprising that companies opted for the safest, cheapest and easiest way to manage this problem: deletion. However, this problematic solution is no longer necessary now there are low-cost, seamless archiving solutions for business email.
Following TechCrunch’s recent post ‘The Only Reason Companies Delete Emails Is To Destroy Evidence’, I joined many commentators discussing the various reasons why businesses might (or should) delete or archive their email in light of the News Corp revelations. Whereas it used to be time consuming and costly to retain emails, primarily due to the cost of storage, today no such constraints exist. In fact, there is no longer any technical reason whatsoever to delete email. Interestingly, corporate tendencies seem to differ across the pond: I have found that Americans delete, whereas Europeans hoard.
TechCrunch’s post does, however, point out how useful it can be to have certain communications saved, particularly when retrieval of a conversation is required in the pursuit of justice:
“The News Corp. phone-hacking scandal continues to spiral out of control […] A paper copy of a deleted email found in a crate ties deputy COO James Murdoch directly to the events under investigation.”
Clearly, archiving is crucial in order to maintain transparency within a business. So it’s really more a question of "Should emails be deleted at all?"
With an email archive where you are storing the only copy of the email, you can ensure an email is permanently deleted instead of residing in hundreds of places on the LAN. But how do you decide what to delete and when? On the one hand, companies are often fearful of compliance (like HIPAA, SOX or FSA) or they can be afraid of litigation.
Key to TechCrunch’s post, which commentators seem to forget, is the rules around retention. In the US, for example:
"[if] you can reasonably anticipate legal action on these emails then you are bound by FRCP to hold those documents in anticipation of a possible discovery. Destruction of emails once you know a legal hold is necessary could expose an organization (public or private) to court sanctions for spoliation."
It's a fine line to tread, but there is a way forward with well-designed retention policies.
In addition, we see completely different attitudes on the two sides of the Atlantic: in the US, there is a desire to delete everything as quickly as possible to reduce discovery costs and potential litigation. Whereas, in Europe we are much more likely to see a "keep everything" attitude.
As archiving improves, surely there is a legitimate reason to keep everything if you can reduce the discovery costs and avoid these issues, because -- certainly, in News Corp.’s case -- the deletion seems over-zealous.
Customers of Mimecast don't have to pay exorbitant fees or suffer bad infrastructure to retain everything they want to, because they outsource it to the Cloud. Those who want to implement deletion policies can do the same; ensuring the right information is deleted at the right time and removing human error from the process.