Guest Column | November 22, 2016

Email Management: The Elephant In The Room

Pam Doyle, Director of Education & Worldwide Spokesperson, Fujitsu Computer Products of America, Inc.

By Pam Doyle, Director of Education & Worldwide Spokesperson, Fujitsu Computer Products of America, Inc.

It’s hard to believe that it has been 10 years since the Federal Rules of Civil Procedure (FRCP) were modified to make all electronically stored information subject to discovery, thrusting electronic records management (ERM) into the spotlight. Fast forward to 2016 and the need for effective electronic records management is amplified by compliance concerns, security issues, and the explosive growth of digital content. The criticality of effective ERM is evidenced by the number of executive level positions that target information management. While at one time most organizations had a chief information officer, today many organizations have a chief privacy officer, chief security officer, chief data scientist — to name just a few.

The federal rules of civil procedure govern court procedures for civil cases in the United States Federal District Courts, and many states have based their own procedures on these guidelines. In 2006, the federal rules were modified to extend the need to discover electronically stored information. This requirement means organizations must keep a searchable and accessible record of all electronic discussions, decisions, and commitments made within the organization.

During this same 10-year period, email has evolved to be the dominant means of business communication. Email is pervasive across all aspects of business and is critical as a primary line of business application. Employees spend the better part of their day reading and responding to emails, both in-office and from their mobile devices. According to the Radicati Group’s Email Statistics Report, 2015-2019, the number of business emails sent and received per user per day totals 122, not including spam. This figure continues to show growth and is expected to average 126 messages sent and received per business user by the end of 2019.

What absolutely blows my mind, however, is the fact email management remains “the elephant in the room” for most organizations. It’s rare I run into any information professional who claims absolute confidence their email management would be fully defensible in a court of law, yet the biggest record-related issues appearing in court these days almost always comes down to emails. In the last two years, time and time again, email has been the primary evidence used to determine the court’s ruling either because of its existence or because of its glaring non-existence.

Most recently, email management has been thrust into the public eye by the politically-charged investigation into Secretary Hilary Clinton’s use of a personal email server. But this issue is appearing in courts all over the country, reinforcing why your organization, why my organization, cannot afford to be careless with email management.

In Sells v. Country Life Insurance, the Arizona District Court issued a default judgment against the insurer because of its discovery deficiencies. Central to the court’s decision was the fact the insurer did not sufficiently retain or preserve critical emails pertaining to their denial of Sell’s insurance claim. According to a June LegalTech News article by Phillip Favro, the insurer's exchange server would overwrite emails when it reached its storage capacity, requiring employees to “clean their email boxes every three or four months to avoid filling up the exchange server.” Favro says, “The only way to circumvent mass destruction of critical emails would be for the employees to electronically deposit their communications into the appropriate claim file. In other words, employees would need to self-select documents for retention because emails are not automatically included in the claim file.” These company retention practices forced employees to use their own discretion to determine which electronic communications were saved and filed, and which were trashed.

It was because of the insurer’s failure to retain these business critical emails the court issued the default judgment, emphasizing the fact organizations need a comprehensive email record retention policy rather than relying on employees’ decisions. They must adopt an appropriate electronic system that supports records management and litigation requirements, which may include placing legal holds on emails involved in current litigation.

So how are most organizations handling email today?

Many organizations keep everything! They have a backup or archive copy of every email sent or received. This may seem the safest approach but is often only offering organizations a false sense of security.

Keeping backup or archive copies doesn’t mean the organization is effectively managing emails. It means they are literally drowning in an ocean of emails and it would be extremely costly and time consuming to find relevant emails should litigation warrant it. However, from a regulatory perspective, it would be better for the organization to delete emails based on a defined policy to demonstrate defensible disposition. Other organizations delete emails based on date, rather than content or their value to the business. But worst of all is to do absolutely nothing, leaving email management to the discretion of employees.

Emails, like other record types, should have retention and disposition schedules based on subject and relevance to the organization. Consistent management of all records demonstrates good faith as defined by the FRCP.

AIIM’s most recent market intelligence report, Information Management – State of the Industry 2016, reveals some interesting findings regarding the current state of email management. According to Doug Miles, the author of the report, “Forty percent of the AIIM respondents, across all sizes and types of organization, describe the governance of their emails as chaotic. Of the rest, 19 percent delete emails based on date and not content or value, and 16 percent keep everything even though it would be safer from the regulatory point of view to delete them under a define policy.

“Only 27 percent archive emails to a system with search, retention and hold, including just 10 percent who selectively pass emails to their ECM or RM system based on their potential future value to the business. Fear of overloading the ECM system with too many emails is one reason for this, although this often comes from having no clear governance policies to define which emails to retain as records and which to delete.”

The heightening concern over email management is also reflected in two other findings in AIIM’s state of the industry report. First, 55 percent of the respondents indicate “email is still the big untagged, ungoverned, high-risk content type” and 76 percent agree “chaotic email management is still the elephant in the room for Information Governance (IG) and Enterprise Content Management (ECM).”

These findings make it clear organizations must address the elephant in the room. Email management needs to become an integral part of the organization’s overall information governance strategy and emails should be another content type that is effectively managed by their ECM system — not managed in isolation under the sole discretion of the organization’s IT group. Doing so opens up endless possibilities to reduce costs, increase productivity, enhance the customer experience, and avert potential compliance and litigation disasters.

Here are some recommendations to consider:

  • If email management is not a part of your organization’s information governance policy or policies, gather an inter-departmental team to develop it.
  • Stakeholders should include C-Level executives, line of business managers, records management, legal, compliance, and information technology professionals.
  • The policy should clearly define what emails should be captured as part of the organizations corporate records. You don’t want to be bogging down your ECM system with ROT — redundant, obsolete or trivial emails.
  • Define the lifecycle for all email types based on their administrative, fiscal, legal, and historical value to the organization. Lifecycle includes both retention and disposition schedules.
  • The policy should address eDiscovery issues where lifecycle schedules are overridden with legal holds during litigation.
  • Publish your email policy using any and all internal communication vehicles such as newsletters, intranet sites, and corporate social tools.
  • Develop a formal training program and verify employee knowledge of the email policy.
  • Monitor adherence to the policy and encourage employee feedback and recommendations for enhancing the policy. As with all information governance policies the goal is continuous improvement.
  • And finally, take advantage of the latest capture technologies that can help with metadata extraction, automated classification, and can link emails to your ECM system. Updating to capture tools that have these capabilities can make a huge difference in indexing accuracy and user satisfaction.

About The Author

Pam Doyle, Director of Education & Worldwide Spokesperson, Fujitsu Computer Products of America, Inc. and is an AIIM Board of Director. She is responsible for forming and driving key imaging industry relationships as the worldwide Spokesperson for Fujitsu. She’s an information management industry veteran with more than 30 years of experience in both content management software and hardware. She’s well known in the industry as an educator and visionary, traveling the world to evangelize the adoption of enterprise content management. Pam is often referred to as the industry’s luminary by sharing her experience at numerous events, including global conferences such as AIIM, JIIMA, and ARMA.