Earlier this year, Harvard College made national news for conducting a search of its employees’ emails. The search, as reported by multiple media outlets, was connected to a student cheating scandal and was designed to locate the source of a leak of confidential information regarding the investigation. Notably absent from the news coverage were allegations that the search was against school policy. Consider, however, how different the story and public reaction could have been if Harvard did not have a policy permitting the search or, even worse, had violated a policy that it did have.
The Harvard incident demonstrates how important it is that your company have a policy regarding how it treats employees’ email. The best data retention policies will describe your employees’ privacy rights (or usual complete lack thereof) with regard to email they send or receive on your companies’ system and will delineate for how long emails are kept before they are deleted. In fact, your data retention policy, or perhaps more aptly named data “destruction” policy, should discuss all types of electronically stored information (ESI) sent, received, and used by your company and how long that ESI will be retained before it is destroyed. The policy should also cover ESI on mobile devices, text messages, instant messaging, and any other means of communication used by your employees.
But wait… are you really allowed to intentionally destroy emails?… To read the article in full, click here.