It's 2 a.m. Do You Know Where Your E-mail Is?

I have long argued that companies keep too much e-mail. There are numerous approaches to dealing with this problem that I have seen. First are the companies that have no policy at all. Well, actually they have as many policies as they have employees, as everyone is doing their own thing. This not only enlarges the company’s volume (and therefore cost), but it makes it very difficult to preserve e-mail for litigation or other investigations.

Second are those who have a policy but do not audit it through training or technological means. They’ve gone through the process of creating a policy but never quite got around to seeing to it that their employees follow it.

Third, there are those who have a policy, train on it initially, implement and audit but over time it becomes less important as everyone focuses on their job and no one is assigned the task of making sure there is compliance.

Finally, there are those who arbitrarily deal with their e-mail through a purely technological methodology and do not allow their employees to make any decisions about it at all.

Whatever approach describes your company, you also must deal with the issue of employees using their personal e-mail accounts to handle work e-mail. In a recent survey by Axway, 82% of employees surveyed said they use personal e-mail accounts to send large files that would otherwise not make it through their company e-mail systems. It’s not that they’re trying to hide anything; they are simply trying to get their work done and found that it’s just too much hassle to get IT to let that particular document through the system. Perhaps they even chose to have it sent via a disc of some kind but normally they need that e-mail immediately and thus resort to using their personal account(s) to access it.

This is the reality and thus has huge implications for security, record retention and litigation hold purposes. Is your trade secret and confidential information sitting in Gmail or Yahoo! accounts? Or on the personal computers of your employees? What if it’s the official record that the company has a legal or regulatory obligation to keep for a certain time period? What if that employee becomes subject to a litigation hold that requires the company to preserve that information? Can we simply put a hold on his/her shared drive and e-mail accounts at work or must we now make sure his/her home computers are impounded for the same purposes? Obviously there are privacy issues at work here as well.

The employee is usually doing this for work reasons, efficiency, etc. But do they realize the potential impact on their personal privacy if their home computer is subject to an evidentiary hold? Do the employee’s spouse and children realize that their information might be subject to an attorney reviewer looking at their e-mail if it’s co-mingled with corporate e-mail on a home computer?

If employees and companies start asking the questions and talking about these practical issues even more, perhaps we can come up with solutions that work for the reality of the world we live in. Follow Barry on Twitter.