Reproduction permitted for personal use only. For reprints and reprint permission, contact firstname.lastname@example.org.
The recent $1.45 billion judgment against Morgan Stanley in the Ronald Perelman case is a clarion call for revisiting your organizations e-mail message retention policies. First, a quick recap of the main points in the case:
The financial services firm Morgan Stanley was sued by billionaire financier Ronald Perelman
Morgan Stanley could not reliably produce e-mails for the court
The judge in the case ruled that Morgan Stanley deliberately violated her orders
In an uncommon move, the Judge switched the burden of proof to Morgan Stanley, and instructed the jury to determine only if Perelman had relied on Morgan Stanley in the transaction in question
The Jury awarded Ronald Perelman $604.3 million in compensatory damages and $850 million in punitive damages
Most organizations have not been involved the high stakes litigation in the league of the recent case like this well publicized one. However, we can all gain some insight into what happens when disputes arise and e-mail is in the mix.
Today, many firms are under the mistaken impression that if they have an e-mail retention policy that deletes their firms e-mail messages after a fixed set of time, say two or three months, they will be exonerated from the commitments made via e-mail. The issue with this approach is that there is always at least one other copy of the e-mail on the other side of the correspondence. Furthermore, there are often additional copies; tape backups are made with arcane rotation schemes and users with the ability to copy their e-mails or personal post offices to their laptop local disk all contribute to this.
A basic reality is that it is nearly impossible to conclude if a message has ever been deleted. These days, the organizations that prevail in court are often the ones that can thoroughly examine their messages with the most speed and accuracy. Gone are the days when a firm could claim ignorance with regards to not being able to reproduce an e-mail message. This head in the sand approach does not cut it with the realities of todays business environment.
In addition, many organizations are already under specific regulatory requirements to archive certain e-mail messages from two to seven years. Various laws and regulating organizations are driving this.
The question becomes what e-mails get saved, for what rule or purpose and for how long. Message recovery metrics need be made into quantifiable performance goals and placed within a message retention policy.
Tape backup systems are not adequate for searching for e-mails. The whole post office system typically needs to be restored and then searched. In addition, corporate e-mail systems such as Microsoft Exchange and Lotus Notes were designed basically to handle the routine of e-mail messages, not the efficient searching for a specific set of e-mails. The result of this is that recovering a single message or a group of messages is cumbersome and time-consuming at best.
Additionally, these e-mail systems have become the de facto storage systems for much their organizations information. We see many message servers with their storage capacity maxed out and users spending valuable time having to delete their unwanted e-mail this is after the spam has been filtered.
For these reasons businesses are revisiting or creating corporate messaging policies as part of their overall risk management strategy. A clear approach needs to be taken to store large volumes of historical messages with the ability to easily search for and retrieve specific e-mails. The good news is that there are a number of new approaches that enable organizations to do this that are not capital intensive or time consuming for the IT department to implement.
Most organizations are exposed with regards to their ability to confidently reproduce legally admissible e-mail messages. Undoubtedly Morgan Stanley is painfully revisiting this area. It is no longer just a regulatory compliance issue. Firms first must identify and quantify the business risk of not having a planned approach to the archiving of e-mails.
The business value needs to be identified and the policy needs to be memorialized within a corporate messaging policy. From there clear, specific actions can be taken to mitigate this perilous situation.
Dave Hynek is president of Business Fitness, Inc. a business advisory firm based in Mequon, Wis.
The opinions expressed herein or statements made in the above column are solely those of the author, and do not necessarily reflect the views of Wisconsin Technology Network, LLC. (WTN). WTN, LLC accepts no legal liability or responsibility for any claims made or opinions expressed herein.