US Email Archive Law
December 18, 2006 8:41 AM Subscribe
Are American companies required to archive all incoming and out going email?
Somebody just informed me that he heard about a US law going into effect on January 1st, that requires all US companies to maintain an archive of up to 7 years on all outgoing and incoming email. This seems extremely unlikely and unrealistic to me, but some Google searching has mentioned similar laws in the UK and hints at a recent Supreme Court decision that confirms part of it.
Has anybody heard this? And where can I find the actual law to make sure my company is in compliance? Thanks in advance.
Somebody just informed me that he heard about a US law going into effect on January 1st, that requires all US companies to maintain an archive of up to 7 years on all outgoing and incoming email. This seems extremely unlikely and unrealistic to me, but some Google searching has mentioned similar laws in the UK and hints at a recent Supreme Court decision that confirms part of it.
Has anybody heard this? And where can I find the actual law to make sure my company is in compliance? Thanks in advance.
Best answer: What actually happened is that December 1, 2006, amendments to the Federal Rules of Civil Procedure went into affect addressing issues that come up in discovery (in litigation) of electronic documents. (See here, for instance.) The amendments don't so much affect what companies are obligated to keep, as much as what they have to disclose if they do keep it. So if the company does have (relevant) emails from five years ago, they will have to be disclosed. But the rules don't say the company does have to. (Other rules might say that, though. There are some longstanding obligations, particularly of publicly traded companies, to keep documents. But not all documents; just some limited categories.)
Personally, I don't think the amendments are that big a deal, since in any high-stakes litigation the judge was already requiring disclosure of electronic documents in electronic form, but they make the norm now required.
(I am a lawyer, but this is not legal advice. Consult competent counsel.)
posted by raf at 8:56 AM on December 18, 2006
Personally, I don't think the amendments are that big a deal, since in any high-stakes litigation the judge was already requiring disclosure of electronic documents in electronic form, but they make the norm now required.
(I am a lawyer, but this is not legal advice. Consult competent counsel.)
posted by raf at 8:56 AM on December 18, 2006
Best answer: This is almost certainly a confused combination of the new electronic discovery rules mentioned above (which are, in fact, new) and Sabanes Oxley -- which is not especially new. Seven Years is the retention period for outside auditors performing audits of public companies. Thus, for example, if E&Y audits your company's financials for release in the 10-K or 10-Q they must retain the audit work papers for seven years. The company itself is not required to do so, though some particularly paranoid companies do.
The "January 1" part of the question probably comes from the new electronic discovery rules mentioned above. As the poster said, those rules do not specify retention periods, but the do require that electronic documents be retained and produced in searchable electronic form with all metadata intact. They explicitly state, however, that deletion of files in the course of a regular retention and deletion plan (such as a backup scheme that reuses tapes) is not a violation of the rule and does not constitute spoliation (a fancy word for deliberately destroying relevant documents).
Note that in the course of a litigation all bets are off. If the documents are or could be relevant to a litigation or potential litigation to which a company may be a party, a "litigation hold" is required and those documents may not be destroyed, including pursuant to an ordinary document retention and destruction plan. That can get very expensive (warehouses full of backup tapes that cannot be overwritten) but them's the breaks.
Yes, IAAL. No IANYL.
posted by The Bellman at 12:58 PM on December 18, 2006
The "January 1" part of the question probably comes from the new electronic discovery rules mentioned above. As the poster said, those rules do not specify retention periods, but the do require that electronic documents be retained and produced in searchable electronic form with all metadata intact. They explicitly state, however, that deletion of files in the course of a regular retention and deletion plan (such as a backup scheme that reuses tapes) is not a violation of the rule and does not constitute spoliation (a fancy word for deliberately destroying relevant documents).
Note that in the course of a litigation all bets are off. If the documents are or could be relevant to a litigation or potential litigation to which a company may be a party, a "litigation hold" is required and those documents may not be destroyed, including pursuant to an ordinary document retention and destruction plan. That can get very expensive (warehouses full of backup tapes that cannot be overwritten) but them's the breaks.
Yes, IAAL. No IANYL.
posted by The Bellman at 12:58 PM on December 18, 2006
"Also, how would they enforce it? I hit delete and then what, they're going to run data recovery software on a server that overwrites where the deleted information was stored 100 times a week?"
It's totally easy. Capture a copy of each mail as it enters or leaves the network, before it even hits your mailbox. The hard part is what to do next. For large companies, there are expensive archiving systems. Small and medium sized companies often have to home brew a solution. I hate Sarbanes-Oxley.
posted by Area Control at 2:48 PM on December 18, 2006
It's totally easy. Capture a copy of each mail as it enters or leaves the network, before it even hits your mailbox. The hard part is what to do next. For large companies, there are expensive archiving systems. Small and medium sized companies often have to home brew a solution. I hate Sarbanes-Oxley.
posted by Area Control at 2:48 PM on December 18, 2006
This is so that if we are subpoenaed, we are libel for something that a member organization did 20 years ago.
No, 7 years ago.
I hit delete and then what, they're going to run data recovery software on a server that overwrites where the deleted information was stored 100 times a week?
Yep, pretty much.
I work in D.C., and every day one of those mobile paper shredder semi-trucks is parked in front of a different bank or business.
Those are to shred duplicates or records past the required dates, not to shred the new stuff. Those warehouses that you see on your way out of town, yeah, those are stacked, literally 160 bankers boxes high in every direction for a half mile or so with paper crap that has to be held by the various banks, businesses and law firms around town. The feds and some businesses use a former mine in West Virginia for a lot of their stuff.
posted by Pollomacho at 5:34 PM on December 18, 2006
No, 7 years ago.
I hit delete and then what, they're going to run data recovery software on a server that overwrites where the deleted information was stored 100 times a week?
Yep, pretty much.
I work in D.C., and every day one of those mobile paper shredder semi-trucks is parked in front of a different bank or business.
Those are to shred duplicates or records past the required dates, not to shred the new stuff. Those warehouses that you see on your way out of town, yeah, those are stacked, literally 160 bankers boxes high in every direction for a half mile or so with paper crap that has to be held by the various banks, businesses and law firms around town. The feds and some businesses use a former mine in West Virginia for a lot of their stuff.
posted by Pollomacho at 5:34 PM on December 18, 2006
I work for a stock brokerage and we've been required to keep a seven-year archive of e-mails for at least a couple years now. We're a highly-regulated industry though; I haven't heard about anything requiring all businesses to follow these rules. Could your friend be thinking of a financial company?
posted by hootch at 6:25 PM on December 18, 2006
posted by hootch at 6:25 PM on December 18, 2006
The feds and some businesses use a former mine in West Virginia for a lot of their stuff.
Actually, the feds use the Federal Records Centers to store their records...
posted by grateful at 10:37 AM on December 19, 2006
Actually, the feds use the Federal Records Centers to store their records...
posted by grateful at 10:37 AM on December 19, 2006
Response by poster: You guys were right! I went back to the person and the only things that they had read about were the new electronic discovery rules and Sarbanes Oxley. Thanks for all the help.
posted by coolin86 at 6:37 AM on December 21, 2006
posted by coolin86 at 6:37 AM on December 21, 2006
This thread is closed to new comments.
This is so that if we are subpoenaed, we are libel for something that a member organization did 20 years ago.
I work in D.C., and every day one of those mobile paper shredder semi-trucks is parked in front of a different bank or business.
Also, how would they enforce it? I hit delete and then what, they're going to run data recovery software on a server that overwrites where the deleted information was stored 100 times a week?
We do have tape back up, but only for the last week, and then we rotate.
posted by JeremiahBritt at 8:47 AM on December 18, 2006