David Tebbutt - Information World Review

Legal risks in informal communications

Written by David Tebbutt in August 2004

Imagine this: the powers-that-be have just put a freeze on your records in order to conduct an investigation. You are not allowed to add, amend or delete anything until all the data has been mirrored. How would you feel about them being able to read your emails and instant messages? And, if you're relaxed about your own correspondence, how comfortable do you think your colleagues would be?

Once the regulators or courts decide that your records are potential evidence, you are obliged to make them all available, however embarrassing for your staff or your business. And, as you move from formal documents, to email, to voicemail, to instant messaging (IM), the chances increase of them being able to find incriminating remarks.

Many companies have formal records management procedures in place but few have extended their scope to include what were once essentially ephemeral communications. People on the road, or in remote locations, often use IM to maintain intimate contact with their colleagues. Voicemail too is part of the weft and warp of corporate life. It is very unlikely that all of these messages are strictly business, or need to be kept but, without a clear retention policy and the necessary staff training, they could well get caught up in a legal or regulatory freeze.

A vital first step is to ensure that staff to regularly purge all messages bar those essential to the running of the business or meeting its regulatory and legal requirements. This should be done in accordance with a written policy which itself would form part of any subsequent evidence. Most non-essential records should be purged within, at most, 90 days. This would keep your organisation reasonably clean in the event of an investigation.

Staff need to know what things they can and can't talk about or keep in their systems. Increasingly, casual email and IM between staff is triggering lawsuits, especially in America. And what happens there usually happens here. According to the 2004 Workplace Email and Instant Messaging Survey of 840 US companies, conducted by the ePolicy Institute and American Management Association, "Over one in five employers (21%) has had employee email and IM subpoenaed in the course of a lawsuit or regulatory investigation." A further 13 percent have experienced workplace lawsuits triggered by internal email. The report describes this kind of evidence "the electronic equivalent of DNA."

The findings are almost certainly mirrored here in Europe. For example, 58 percent of workplace users engage in personal IM chat and the figures for potentially damaging or inappropriate content are: attachments (19%); jokes, gossip, rumours or disparaging remarks (16%); confidential information about the company, a co-worker or a client (9%); sexual, romantic or pornographic content (6%). That's an awful lot of potential for trouble, yet only 20 percent of companies surveyed had a written policy covering IM use.

Coming back to email, here's an example of how things can go horribly wrong. A major investment banker knew that deals his organisation had brokered were being investigated. A senior staff member suggested, in an email, that employees 'clean up' files relating to these deals. In court, the two damning sentences from this email were, "Today, it's administrative housekeeping. In January, it could be improper destruction of evidence." In fact, because the investigations had already started, it was too late to touch the records.

What's the situation in your own organisation? Do you have written policies for once-ephemeral communications such as email, IM and voicemail? If you don't, then now might be a good time to implement them, while they still fall under the umbrella of 'administrative housekeeping'.