Letting go of email

When an email arrives at global insurance broker Willis, a decision about the message’s future is made almost immediately. If the email relates to a customer transaction, it is printed off and a paper copy kept in that customer’s file, stored away in the company’s massive paper archives. If it does not, the email is deleted.

“We only keep those emails that are substantive and relevant to a customer history. Emails that are conversational rather than authoritative are binned,” says Mike Wright, Willis’s group IS director. “We try, on the whole, to keep our e-records down to the bare minimum,” he explains.

The reason for that relatively new policy: the court case resulting from the world’s largest ever insurance claim. In 2001, Willis brokered the insurance on New York’s World Trade Center, and post-9/11, has been required to disclose millions of its executives’ old emails from that period.

That approach flies in the face of a deluge of advice from storage suppliers: Keep everything sent or received, they say, or suffer the consequences when court action or a regulator’s enquiry demands full e-disclosure.

Many companies are heeding that advice, with the result that email management systems and software have become big business to storage systems and software management companies. According to industry research by Gartner, spending on email management at large companies is running at around $1,600 per user per year. The email management burden has given rise to a whole ecosystem of software and services companies whose products are designed to eliminate at least some of the associated pain, cost and risk.

Certainly the risks of deleting emails prematurely, either by accident or deliberately are substantial, and a number of high-profile companies have fallen foul of the law in that respect – Microsoft, Arthur Andersen, Ciba-Geigy, Norwich Union, to name a few (see box,’Email offenders’).


Email offenders

CIBA-Geigy (1995)
Swiss pharmaceutical giant CIBA-Geigy was ordered to produce email documentation during a 1995 court case against it. The company attempted to contest the order, arguing that it was “untimely, overly broad and overly burdensome” but eventually had to comply. It was ultimately forced to search though 30 million email messages – at a cost of some £60,000.

Norwich Union (1997)
Insurance giant Norwich Union was forced into an out of court settlement for alleged defamation by email against a competitor, Western Provident Association (WPA). Norwich Union staff sent emails falsely claiming that WPA was insolvent. By the time a writ had been issued the email messages had been deleted within Norwich Union. Western Provident obtained a court order forcing Norwich Union to search their backup systems to retrieve the data. Norwich Union made a High Court apology and paid £450,000 in damages and costs to settle the case.

Merrill Lynch (2002)
Over 1999 and 2000, while bankers at investment bank Merrill Lynch had been talking up the prospects of the high-tech companies they were hoping to take public on Wall Street, the bank’s then high-flying Internet stock analyst Henry Blodget and some of his colleagues were warning the company’s private investment clients to steer clear of many of the very same companies. Unfortunately for his employer, Blodget used email to do so. When regulators investigated Merrill Lynch and discovered the emails, some of which described their former recommendations as “a piece of shit”, the bank decided to settle. It eventually paid out a painful $100 million in penalties.

Arthur Andersen/Enron (2002)
Andersen staff implicated in the Enron fraud are likely to regret that they ever conversed by email. In January 2002, David Duncan, the partner in charge of Enron at Andersen’s Houston office, was fired by the auditor for “an expedited effort to destroy documents”. Specifically, Duncan was accused of the systematic shredding and deleting of thousands of Enron-related paper and electronic documents, emails and memos. “Enron robbed the bank. Arthur Andersen provided the getaway car and they say you were at the wheel,” James Greenwood, chair of the oversight and investigations sub-committee told Duncan.

Microsoft (2003-2004)
Microsoft’s legal battles seem endless. A recent case pits Microsoft against streaming audio venture Burst.com, which in 2002 accused Microsoft of stealing its video-streaming technology. In September 2003, however, the first hearing in the case was cut short when Burst’s lawyers pointed out something peculiar about the Microsoft email records they had been shown during the discovery stage: there were no messages from the 35-week period during which the two companies were in discussions. Asked about the missing messages, Microsoft’s attorneys explained they’d been deleted. Unfortunately for Microsoft, Burst’s legal team remembered testimony from a hearing in the Sun Microsystems versus Microsoft antitrust case in which Microsoft representatives said all internal company email was backed up twice: once at Microsoft headquarters and again at an off-site location. The judge in the Burst case ordered Microsoft to produce the missing emails, but a year later the company seems to be still working on recovering the mail.



The laws and regulations surrounding email retention and the legal admissibility of emails, however, remains fuzzy and there is considerable confusion among IT directors as to what should be kept – and for how long – and what should be discarded.

“The largest issue in email compliance is understanding which regulations are applicable,” says Charlie Brett, an analyst at IT management adviser the Meta Group. “This is particularly true in the US, where regulatory bodies such as the Securities and Exchange Commission and legal binds, such as HIPAA and Sarbanes-Oxley, have set requirements for privacy, retention and supervision of email,” he says.

The rest of the world, including the European Union, Canada, Japan and several other nations are not far behind in implementing similar regulations, he adds. “However, brute-force email capture and storage is still the standard operating procedure, especially in environments with thousands of users.”

In less-regulated organisations, some US-based legal counsels are recommending aggressive email purging policies – but that is the direct opposite of what is typically recommended in Europe. Either way, says Brett, “organisations must begin addressing efficient methods to capture, store and search those emails, and to treat all email as valuable – though potentially risky – corporate content.”

To have and to hold?

The trouble with email management is that it frequently relies on human intervention in order for decisions about retention and deletion to be made. That involves a hefty management burden – although systems can be set to automatically follow deletion rules.

Wright of Willis has reservations about tools that automatically delete emails according to predefined policies. “We won’t do automatic deletion on the basis that there is always an exception to whatever rule you could possibly come up with and time/date is far too blunt an instrument when it comes to deleting information in our industry,” he says.

Neither does he believe that retaining electronic copies of emails would enable Willis to manage risk any better than it already does. “To my mind, the legal position is far from clear: it’s very typical that, in court, email retention won’t help you much, because it’s extremely hard to prove that the emails relating to a specific case are complete, and have not been tampered with in any way.”

Not only that, he fears that retained emails could pose a significant threat to the business. “Employees use email as an informal, spontaneous means of communication. My main concern is that a few words in the wrong place or in the wrong tone could, in court, prove to be extremely damaging to our company.”

That is an accurate perception, says Sanjay Bhandari, senior associate at law firm Baker McKenzie. “Email is informal in tone and people are more likely to be caught off guard in an email exchange. Lawyers are getting wise to this and I have already seen numerous examples of requests for pre-action disclosure focused on emails. Opponents then seize on the informal or unguarded nature of emails and quote them back in the case to create a prejudicial impression,” he says.

That said, there is currently an overwhelming lack of UK case law relating to the disclosure of electronic documents. To compound the situation still further, the Civil Procedure Rules (CPRs), introduced by Lord Woolf in 1999, provide no specific guidance as to how the disclosure of electronic documents should be handled.


Discovery ground rules

The Commercial Litigators’ Forum (CLF) proposes that both sides in a litigation situation agree the parameters of a search for electronic documents before it begins. They should be working from a list of several key variables when determining the scope of e-disclosure:

  • Which computer devices should be searched? Just PCs and servers, or should PDAs, mobile phone text messages, voicemails, fax machines, photocopiers and printer memories also be trawled for relevant information?
  • Should the search be based on keywords only (and if so, which ones) or should a search also be based on criteria such as date or the involvement of certain key individuals?
  • How far into the past should data be searched?
  • Should backup data be searched as well, and if so, which sort? In that context, data falls into four categories: Active, replicant (automatic temporary files created by a computer for backup purposes), backup and residual (data that has been ‘deleted’ but is still recoverable from the machine).

A copy of the CLF’s paper on e-disclosure can be obtained at www.commerciallitigatorsforum.com.



One of the main principles behind the CPRs is ‘proportionality’ – that the costs of conducting a case should be consistent with the amount of money being claimed. But electronic documents create a problem in this regard, in that their ease of creation and replication means that they tend to exist in huge volumes. No matter what efficiencies technology can bring to the process of managing them, this has a potentially significant effect on the cost of managing a particular dispute.

As a member of the Commercial Litigators’ Forum (CLF), a body composed of representatives from a range of major commercial law firms, Bhandari is working with his peers to clarify this situation. “The issue of electronic evidence generally seems to be a taboo subject among disputes lawyers, with little open discussion of how we ought to approach the difficulties posed by electronic documents,” he says.

The fundamental problem is the definition of a ‘document’ by the CPRs, which failed to anticipate the widespread use of electronic evidence in litigation, despite being introduced after the use of email had become widespread. The CPRs define the document as being the medium containing the information, rather than the information itself. While that makes sense when considering paper documents, it creates many problems when applied to records stored electronically.

In effect, it makes the hard drive, backup tape, memory strip, CD or floppy disk a document, despite the fact that these mediums will potentially contain millions of other files that have no relevance to the matter in hand. That, in turn, potentially increases the number of documents that need to be searched. In the absence of official guidance or case law on the extent of a search of electronic documents, the Commercial Litigators’ Forum (CLF) suggests that it is imperative that both sides in a litigation situation agree the parameters of a search for electronic documents before it begins (see box, ‘Discovery ground rules’).

The danger for litigators and their clients, of course, is disclosing too much information to the other side. Moreover, as Bhandari points out, the increasing capacity of electronic storage devices means that it may be many years before residual data is overwritten. He suggests that replicant, backup or residual data should only be disclosed in exceptional circumstances

In the US, he points out, the courts generally give the dissenting side in a court action access to the documents it wants, but at its own expense. The Woolf reforms have encouraged co-operation between the parties and what the CLF is proposing is not really any more than is already expected.

The main solution to the email management headache, he says, is to train staff and remind them of best practice in the creation of an email. “Email should be treated more like a formal letter than an informal telephone conversation. Most staff writing formal letters subconsciously apply this test but draft email as if they are talking to their friends,” he says. “Maybe they should be asked how they would feel if their email appeared on the front page of The Times.”

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...

Related Topics