It is well established that companies must take steps to safeguard potentially relevant evidence when litigation is reasonably foreseeable. As numerous, well-publicized decisions demonstrate, many companies are still struggling with developing policies and procedures to comply with this obligation. Now that the Amendments to the Federal Rules of Civil Procedure pertaining to eDiscovery are in effect, there is no question that electronically stored information such as E-mail is subject to the same preservation and production duties as paper records. Yet most companies have avoided managing E-mail in the same way as other business records.

The Dangers of an Outdated or Ineffective E-mail Retention Program

Companies largely fall into two camps with respect to E-mail retention. Either they have retained all E-mail on backup tapes and diskettes (i.e., the “Save Everything Approach”), or they dispose of all E-mails, regardless of content, after the passage of an arbitrary period (i.e., the “Save Nothing Approach”). Both approaches expose companies to signifi cant risk. Indeed, as demonstrated in recent litigation, opting to retain E-mails and other electronic documents indefi nitely is an inadequate policy for several reasons. First, it is costly and takes up massive physical and electronic server space. Second, storing too much information on corporate servers can overburden and destabilize them, with a result of a possible loss of information. Third, reviewing an unnecessarily vast number of eRecords during discovery increases attorney review time and, consequently, litigation costs. Moreover, maintaining E-mail indefi nitely greatly increases the chance that a company may be found liable during litigation because it is forced to turn over a “smoking gun” document it was not required to maintain in the fi rst place. Recent tobacco and asbestos litigation provides examples of this last point.

If your company follows the “Save Nothing Approach,” it is likely disposing of records it is otherwise obligated to retain. Regardless of which approach your company follows, most companies allow their employees to store E-mail off-line or on local hard drives, meaning that the company is retaining these records anyway, and has lost control over some corporate records. If this is the case, it is likely that your company is not adequately searching all repositories where relevant E-mails are stored when responding to discovery requests.This lack of control could also result in an atmosphere where your E-mail management program is called into doubt.

As recent news reports involving the Congressional investigation into the Justice Department’s dismissal of certain federal prosecutors, the White House was criticized for its failure to properly retain and disclose relevant E-mails. According to press accounts, White House offi cials stated that political advisers to President Bush may have improperly used their political Email accounts to conduct offi cial business, and some communications required to be retained under federal law may have been improperly deleted. Having initiated an inquiry of its own, the Bush administration concluded that its policy governing political E-mail accounts was unclear, that it had not been aggressive enough in monitoring off-line use of E-mail, and that some people who had used the private accounts did not follow the policy.1 As noted above, most companies have inadequate controls over their employees’ E-mail usage, creating myriad risks for those companies.

Your Company Must Retain Record E-mails for the Periods Required under Law

Building a lawfully compliant and legally defensible Email management program is the fi rst step in minimizing your company’s litigation risk and improving its operational effi ciency. There are three primary aspects to building and implementing such a program. First, your company should develop an E-mail management program that requires the retention of electronic records that constitute business records. This should be handled in a consistent, systematic and reliable manner, so they can be promptly retrieved when required for legal, regulatory or operational reasons. Second, your company should dispose of stale electronic records as soon as it is legally permissible to do so. Third, your company must develop a litigation hold program that is tailored to its unique litigation environment and that extends to electronic communications. Fourth, your company must disavow the use of pst. fi les and desktop E-mail archiving, so as to prevent its employees from having discretionary control over the retention and disposition of the E-mails they generate.

What Steps Can Your Company Take to Avoid the Problems Associated with the “Save Everything” and “Save Nothing” Approaches?

Retain Only Record E-mails

Companies are obligated by law to retain only record E-mails. Record E-mails document a specifi c businessrelated activity; demonstrate a specifi c business transaction; identify individuals who participated in a business activity; support facts of a particular business-related event, activity or transaction; or are needed for other specifi c legal, accounting, business or compliance reasons. Record E-mails must be maintained in accordance with your company’s records retention schedule.

In contrast, companies are not required to retain transitory E-mails, such as routine administrative messages, information-only copies of memoranda or notes, company-wide announcements and updates, or unsolicited vendor bids. Disposing of transitory E-mails after a short period (i.e., 30 or 60 days) will reduce the volume of information your company must manage and thus reduce its storage costs and the amount of time outside counsel must spend reviewing unimportant records and legacy data storage systems.

An Effective Litigation Hold Program Is Necessary

Several recent court decisions 2 demonstrate the severe sanctions companies face for destroying E-mails during litigation and underscore the necessity of extending litigation holds to E-mails.

Developing an effective litigation hold program is also an invaluable tool to demonstrate a company’s good faith and reasonable efforts to comply with its pretrial discovery obligations. Where no such program exists, companies will not be given the benefi t of the doubt when their retention practices are called into question.3 An effective litigation hold program should include:

  • A policy that allows for the immediate suspension of the planned disposition of records that may relate to pending or reasonably foreseeable litigation;
  • A standard notice (such as a Notice of Litigation Hold) and an acknowledgement procedure from affected employees; A list of company employees who should be notifi ed of the issuance of the litigation hold;
  • Specific steps and assignments for preserving backup tapes, archived E-mails;
  • A method to monitor compliance with any litigation hold in effect;
  • Periodic follow-ups with company employees to reiterate the litigation hold instructions; and
  • A procedure for rescinding the litigation hold and resuming the disposition of records in accordance with the Company’s records retention schedule.

Benefi ts of Proactively Managing Retention and Litigation Risks

Developing and implementing an effective and lawfully compliant E-mail management program and litigation hold procedures may allow your company to:

  • avoid expending unnecessary legal fees by reducing attorney review time in connection with producing documents in discovery;
  • avoid potential civil and criminal sanctions during a governmental or agency investigation by retaining necessary documents;
  • comply with legal requirements to retain business records;
  • avoid claims for “spoliation” of evidence before and during the litigation;
  • improve operational effi ciency and reduce costs associated with the unnecessary storage and maintenance of stale records;
  • minimize the chance that your company will produce a “smoking gun” E-mail it was not required to keep in the fi rst place;
  • keep documents confi dential and protect them from exploitation by competitors; and
  • comply with newly enacted data privacy laws.