E-mail retention a must after Morgan Stanley case

A $1.45 billion verdict against Morgan Stanley serves as a dire warning to companies about keeping complete e-mail records.

The story "E-mail retention a must after Morgan Stanley case" published May 21, 2005 at 6:00 AM is no longer available on CNET News.

Content from Reuters expires after 30 days.

Article Conclustion Totally Wrong

Your article "E-mail retention a must after Morgan Stanley case" raises some important issues. But, the conclusion, as reflected in the title, is totally false. Organizations should only keep records for the period required by its records retention program. E-mail may or may not be records. Thus, "e-mail retention a must ..." is an inappropriate conclusion.

Clearly, under Security and Exchange Commission regulations, broker-dealers must keep all correspondence with customers, including email, for 3 years. But, this requirement does NOT apply to anyone else.

You article implies that it is legally prudent to maintain all emails for long. That is a totally false and dangerous conclusion. Email is not a "record" of the organization. It is a tool of communication. All the email communications must be recorded for the technology to work -- they are not recorded because of their informational value.

We recognize that some emails may be records -- they reflect the transactions or business of the organization. These records should be placed in the organization's recordkeeping system -- paper, electronic, or some other media -- and preserved for the appropriate period based on legal, user and other significant reasons. The remaining "junk" should be destroyed automatically after a short period -- e.g., 30 days, 60 days, etc. Of course, no relevant recorded information should be destroyed (whether records, non-records, drafts, etc.) when litigation, government investigation or audit is pending or imminent.

Unless appropriate procedures are implemented the organization will have significant legal and operational problems including the growth of personal or private filing systems for organization business, difficulty in finding information during litigation, government investigation and audit, selective destruction, selective retention, retention of incomplete or misleading information, etc.

I would suggest that in the future you report the facts of a case, but not mislead your readers with hysterical and false conclusions.

[Patrick_Chgo]

Substantiate the Statements

As Don has noted, the article is needlessly hyping an approach that is not legally required, and is likely dangerous.

Any record of an organization should be maintained in accord with legal requirements -- but just because something was created, doesn't make it a record.

The content -- and the action taken or documented -- determines the retention period for any record. Email is a means of transmission of information, not a record type. Likewise, IM is also a means of transmission. It is incorrect to set a retention period for "email" or "IM".

The SEC is concerned about broker-dealers because of the many channels that they can use to communicate with customers and with each other. The SEC has a vested interest in seeing that all communications are retained. But SarbOx is different. It is about the integrity of record-keeping and business process. It does not mandate the retention of all information, regardless of record state.

Many vendors are suggesting what has been stated in this article, Funny, but those same vendors sell storage systems. Storage is not records management. A sound records management program ensure that the correct information is retained for the correct period of time.

No, Email is NOT a Record

Email is not a record as you claim, although it recorded material. The recording only takes place so that the technology works, not because it documents anything in particular.

Records of an organization document the business and transactions of the organization. They need to be keep in centralized recordkeeping systems and not relogated to these personal email-type filing systems.

Some emails are records and need to placed in an appropriate centralized repository. Then, the rest of email will self-destruction in a short period. If users fail to move records to the central depository, the organization is effectively deprived of those records. Nobody knows about the records except one person who is hording them. In that case, the organization doesn't lose much by having the email self-destruct.

Keeping all the emails so you or some trial lawyers can rummage through the material, at great cost to the organization, and possibly find some wrong-doing is not a requirement of law or a value in society. We have ten of thousands of laws establishing requirements as to what records must be kept to support regulatory and criminal investigations. Keeping all this junk is simply a bad idea.