How long should you keep ad hoc internal communications? That is the question that bubbled up while listening to the four Big Tech CEO’s trying to explain a few of their 1.3 million emails and internal documents obtained by the House Antitrust Subcommittee’s investigation that kicked off June 2019. The vast majority of those exhibits dated from 2010-2012 M&A strategy discussions. We have no idea if these documents were preserved under other legal holds. If not, why were executive non-record communications still around almost a decade later? It is my observation that management, techs and execs are inveterate ESI hoarders.
Execs seem to be the exception to most corporate retention policies. My discovery readiness and retention lifecycle health checks routinely find execs with PST stashes, overflowing archives, mailboxes and chat logs that have never been enabled for retention expiry. All it takes is one edge case where an exec has to reach back in time to find a critical draft presentation or email thread to set the precedent that ALL ESI MUST BE SAVED.
I have never met a records manager or messaging admin who will push to enforce their retention policies on a C-level user. In many global corporations the vast majority of key decision makers are under multiple overlapping legal holds. Unless you are placing selective legal holds with complex, validated criteria, any user under 5+ legal holds is unlikely to ever be off of legal hold again. So if you fall into the common practice of placing raw custodial holds, you might as well put your frequent flyers on permanent hold. It is an older article, but Randolph Kahn of Business Law Today highlights the risks of permanent retention in the age of GDPR and other privacy regulations.
As Zuckerberg, Bezos, Pichai and Cook found out the hard way, these permanent retention practices can come back to haunt even our must powerful plutocrats. I am wondering if the big four would have been so eager to take the oath if they had realized that they were going to be effectively deposed on C-SPAN. Even better, a large collection of these documents has been collected and is available for download here. I encourage my favorite analytics providers to download, process, extract metadata and cluster this collection for public exploration.
So what can or should we do about permanent aggregations of corporate communications? First and foremost, know your data and its corresponding risk profile. Is it under regulatory or legal hold preservation retention? If not, I recommend conducting a fast survey of all retention exception users. One technique is to process communications easily available in O365 or archives to generate a metrics report that gives simple visual charts showing volumes, counts, domains, recipients by date or other groupings. Another technique is to run searches with lists of emotional charged terms, profanity, etc. For O365 customers, you can make these results available to the execs for review in the Compliance Center (or whatever we can calling it this week). I would never recommend digging through exec email directly, but giving them a report on their hundreds of GB communications that highlights the juicier ones may go a long ways to getting them to let go of their hoarding ways. All of this is just to get exec buy in on enforcement of their corporate retention policy.
Are your execs or clients unrepentant hoarders unlikely to change their ways? If you cannot kick off an expiry initiative, then you need to look at investment in making those high risk collections accessible to advanced analytics so that your discovery team has the best tools available to minimize the production of non-relevant docs. Investment in a proactive regulatory/criminal investigation scenario test can measure your team’s ability to respond to high pressure requests while minimizing risk.
Greg Buckles wants your feedback, questions or project inquiries at [email protected]eDJGroupInc.com. Contact him directly for a free 15 minute ‘Good Karma’ call. He solves problems and creates eDiscovery solutions for enterprise and law firm clients.
Greg’s blog perspectives are personal opinions and should not be interpreted as a professional judgment or advice. Greg is no longer a journalist and all perspectives are based on best public information. Blog content is neither approved nor reviewed by any providers prior to being posted. Do you want to share your own perspective? Greg is looking for practical, professional informative perspectives free of marketing fluff, hidden agendas or personal/product bias. Outside blogs will clearly indicate the author, company and any relevant affiliations.