Email Retention Tension: Legal Risk vs. Business Value

TL;DR We write every word in our blog posts, but asked AI to summarize it

Legal and compliance departments want to protect their organization from risks, but this often collides with business usersโ€™ natural tendency to retain every email just in case. Are these two instincts truly at odds or can they reach a happy medium?

Emails are both an important asset and a serious liability.

Mitigating risk is an essential pillar of any organizationโ€™s data management strategy. After countless tales of data leaks, thefts, and mishapsโ€”along with the fines, penalties, and lost business that follow in their wakeโ€”any business that doesnโ€™t prioritize risk management is playing a dangerous game.

Since risk management doesnโ€™t generate revenue, it often falls under the purview of legal and/or compliance departments. This is ideal in some ways, as short-term business objectives or revenue targets donโ€™t distract these teams from sticking to their core mission of keeping the business โ€œsafe.โ€

What keeps legal and compliance departments up at night

From a legal or compliance perspective, the more content you create, the more risk you create. Every new file, saved email message, and forwarded attachment creates one more potential weak point in the organization’s armor. This might seem a little extreme, but itโ€™s not that far-fetched when viewing things exclusively from a legal or compliance lens.

Their mission is to protect the organization from a host of unfortunate outcomes. Every retained item could open the organization up to future legal scrutiny, particularly if a legal matter moves into discovery. Any careless remarks or strategic conversations included in an emailโ€”even internal messagesโ€”could end up entered into evidence or released in the press during legal proceedings, which could both damage the businessโ€™s case in this matter and potentially further harm its reputation.

In addition to those direct legal risks, every email message and its contents and attachments could be a source for data leaks. Sensitive information could be exposed from a carelessly handled message. If it includes any personally identifiable informationโ€”particularly any financial or medical detailsโ€”it could lead to costly violations of GPDR, HIPAA, or other data protection regulations.

And, in the event bad actors target your organization, retained emails represent a treasure trove of high-value targets. Whether theyโ€™re holding that stolen data for ransom, selling it on the dark web, or leaking it to the media, the outcome is bad for all parties involved.

Steep fines, tarnished reputations, lost customers, and scuttled dealsโ€ฆ with so many negative repercussions to contemplate itโ€™s no wonder legal and compliance departments are so focused on limiting risk via broad, non-negotiable policies and practices. Their broad initiatives to reduce liabilities typically lead to firm mandates to delete all emails older than 30 or 90 days, which usually doesnโ€™t go over very well.

Why business users resist the urge to delete everything

While the calamitous consequences highlighted above might have everyone dreaming of Mission Impossible-style, self-destructing emails, plenty of good reasons for business units to keep those email messages around remain. While they may represent existential risks, they also provide lots of value.

First and foremost, business units arenโ€™t quite sure what emails theyโ€™ll need to reference in the future, so their default mode is to keep everything. Since there are negligible costs to doing so, thereโ€™s little motivation to be more selective in what they retain. The odds may be fairly low that any particular email will be needed months or years from now, but why not retain them all to be safe?

Instead, business units focus on organization. They want to keep all these emails around just in case, but they also want them to be easily discoverable and stored in a logical hierarchy. This is why storing email messages on SharePoint or Microsoft Teams has become a popular information management strategy thanks to robust permissions management and metadata support.

The other concern driving business units to archive emails rather than destroy them is business continuity. What if a key contributor leaves the organization or a critical system experiences data loss? Business leaders know they can forensically reconstruct conversations and recover file attachments if those emails are still available.

Why IT gets stuck in the middle

With two competing goals and mindsets, the friction really begins heating up when IT is asked to implement a strict email retention and destruction policy. The technology itself isnโ€™t the hard part, itโ€™s dealing with the blowback that follows when rolling it out to end users. People arenโ€™t often big fans of change, especially when it impacts their regular routines and expectations.

Finding a middle way to satisfy both sets of stakeholders often falls on ITโ€™s shoulders, who want to keep data safe without negatively impacting business performance. The sweet spot that tends to work for most organizations is selective retention. In this paradigm, most emails get destroyed after, say, 90 days, but end users can select individual messages for long-term storage.

To qualify, these messages must have ongoing value. SharePoint and Microsoft Teams have emerged as the ideal locations to store these select email messages because theyโ€™re already the file repositories of record for many organizations, are tightly integrated with Outlook and the overall Microsoft 365 suite of applications, and have a host of built-in security and permissions features that easily adapt to email as well.

Best of all, when IT adds harmon.ie to the end-user experience, business users can drag-and-drop email messages right into SharePoint or Teams without ever leaving their inbox, including adding in essential metadata for classification purposes. If youโ€™re wondering whether harmon.ie might be the perfect addition to simplify your organizationโ€™s email retention transition, try it out for free today or read more about what it has to offer.

 

Did you find this content interesting? Subscribe to stay updated.