Email management is a constant tug-of-war between legal and compliance stakeholders and those working within specific business units. The former wants to delete nearly everything, while the latter would prefer hanging on to every last thread and attachment.
While having a comprehensive archive of previous clients, vendors, and internal communications can be a useful resource, it’s simply not worth the risk for your colleagues standing guard against potential liabilities. To better understand their perspective, let’s dig into the various reasons why they’re so anxious to delete old emails.
Email messages aren’t the only digital assets representing possible legal risks, but their innate nature as a communication medium poses an additional danger. It’s far easier for emails to accidentally end up in the wrong hands since they’re designed to be forwarded, replied to, and get cc’d or bcc’d on. Plus, employees don’t treat email messages with the same caution and diligence as they might a spreadsheet with birthdates or a database full of credit card transaction records.
However, many emails are considered records, which puts them into an entirely new category when it comes to retention, destruction, and organization. How they’re handled isn’t just personal preference, it has far-reaching ramifications.
In the wake of many headline-grabbing data thefts and leaks that included personally identifiable information (i.e. PII), it’s more important than ever to protect individuals from having their contact information, health data, financial info, Social Security numbers, and other sensitive data from falling into the wrong hands.
To meet this challenge, regulations have popped up around the world that severely penalize firms that play fast and loose with this personal information, particularly in the event of a breach, theft, or leak. Hefty fines have been levied against companies of all sizes, including massive penalties levied in 2023 such as Meta fined €1.2 billion for GDPR violations in Ireland, Amazon fined €746 million for GDPR violations in Luxembourg, and TikTok fined €345 million for GDPR violations in Ireland
It’s not just tech companies either. H&M faced a €35 million fine from Germany and British Airways was hit for €22.4 million in the United Kingdom for GDPR violations as well. In the United States, the California Consumer Privacy Act has already walloped Google with a $93 million fine as this law and other state-level regulations come online, and federal agencies such as the Federal Trade Commission and Consumer Financial Protection Bureau are also penalizing firms for data breaches, such as the $575 million settlement with Equifax for a 2017 incident.
While it’s unlikely any lone email could lead to nine-digit fines from a regulator, it’s the legal department’s duty to protect the organization from such actions, and emails can play a part in important data or security info escaping into the wild.
In both civil and criminal matters, one’s culpability ultimately comes down to evidence. Lawyers from both sides paint a picture of guilt or innocence using exhibit after exhibit to supplement testimony. Email is no exception to this, and these messages have played a major role in determining the outcomes of many cases, such as when a Steve Jobs-authored email contributed heavily to a $400 million judgment against Apple in 2013 or when internal emails concerning the risks of OxyContin emerged during the ongoing Purdue Pharma legal saga.
Any conversations documenting even a hint of law-breaking can prove devastating for firms if unearthed during discovery, so legal obviously wants no record to remain. The same theme extends to internal personnel matters, where emails might be used as evidence during lawsuits from current or former employees.
But more innocuous emails can also make things tricky for firms tied up in litigation or audits because, unlike personal emails, work emails are considered business records. From breach of contract to accounting violations, lots of things may get unearthed and used during official proceedings and in settlement negotiations.
Whether you’re worried about filing your patents before the competition or simply don’t want a secret recipe to get exposed, there’s a lot of information in internal emails that the organization would prefer to remain private. Schematics, project plans, formulas, architecture diagrams… this is not the kind of material that should be left to knock about in employee inboxes for years on end, one errant keystroke away from getting accidentally forwarded.
Deleting as much sensitive info as possible and limiting its presence to specific, central storage locations with proper security and version control is a wise best practice.
Whether your organization is the vendor or the customer, legal doesn’t want contract details being shared beyond those who actually needs to know. If these details get out, it could scuttle negotiated deals and have partners who may have agreed to “less favorable” terms looking to revisit things.
These matters are also extremely valuable to competitors, who could leverage this info to optimize their own supply chain or steal your customers with sweeter deals. And, of course, leaked contracts represent the potential for major confidentiality breaches with more private and litigious customers or vendors.
Finally, legal might also just want employees to delete all the useless emails they’ll never use again because it makes it harder to find the 5% of them that matter or must be retained for a specific time period for compliance purposes. With frequent purging and a little organization, it’s much easier to locate those important emails later.
Maintaining proper email hygiene is easier when end users have tools that empower them to quickly categorize and organize their emails, and there’s no better place to do that than right from your inbox. With harmon.ie, end users can save emails to SharePoint or Microsoft Teams and add metadata for easier discovery all without leaving their Outlook.
As edicts from legal to delete this or retain that get handed down, it’s essential not to overlook the importance of the end-user experience in fostering adoption and compliance. Make it easy for everyone to manage their email according to legal’s policies and start your free trial today.
Did you find this content interesting? Subscribe to stay updated.