Features - E-Managing a Crisis of Trust

By Robert Alan Eisenberg, Published on October 15, 2002

Robert Eisenberg practiced law in the State of New York for 15 years. He is now a consultant in the Discovery Services Practice Group of Peterson Consulting, Washington, D.C. For more information on e-mail retention programs and e-discovery strategies, email him at reisenberg@navigantconsulting.com or call him at 202-973-4548.

Consultants who work with companies that design and implement e-mail management systems for large-scale commercial enterprises are incredulous. For it appears that government entities mandated to seek ways to monitor and prevent corporate skullduggery are fundamentally ignorant of a potentially effective tool for preventively combating corporate corruption.

E-mail management software that can automatically filter, classify and archive e-mail can serve as a means of promoting and gauging corporate honesty and competency and erect “an early warning system” against corruption and sharp dealing. Simply stated, such software can establish a system by which one can get to the truth quickly.

Inundated With E-mail

The significance of e-mail to most large, publicly traded corporations (and to smaller corporate entities, as well) cannot be overstated. Its use to convey important information in the message text and transmit critical business records via attachments has become ubiquitous:

· More than 50% of business-related information is transmitted and contained within e-mail. Accordingly, e-mail has become a primary repository of institutional memory and corporate intellectual assets.
· The average employee-user of e-mail will expend more than 4 hours of the business day “within” electronic mail.

· The employee-user sends and receives, on average, 60 to 250 e-mails per day. Approximately 25% of these e-mails come with attachments – with many of the documents attached containing information vital to the corporate business.

The use of e-mail is growing exponentially. In 2000, Americans transmitted more than 2.3 billion e-mail messages per day – compared to approximately 300 million pieces of first class mail (USA Today, June 26, 2001).

As a result of the document destruction or “spoliation” perpetrated by Arthur Andersen in the Enron debacle, and the resulting conviction of the firm for obstruction of justice, retention policies for both paper documents and electronic data have come into sharp focus. In corporate offices, a chilling realization has taken hold that improper retention policies resulting in wanton destruction of evidence can entail enormous risks.

Despite the risk posed by spoliation, the collection and retention of electronic data is still performed haphazardly by most companies. e-mail retention has, for the most part, been left in the hands of the individual user. This user rarely possesses a clue as to what to retain and what to destroy or the formal organizational policy in place to avoid spoliation. In lieu of rule-based classification and archiving, the e-mail user will store data in an ad hoc fashion, on desktop hard drives, diskettes, zip cartridges, home computers or personal laptops. Not infrequently, print-and-delete methods of retention and destruction are used, generating difficult to retrieve hardcopies that are both much less accessible than the computer-searchable electronic file and much less informative than the document in its native digital format (which will contain the revealing “metadata” or “data about the “data”.) Worse yet, a common e-mail “management policy” is to simply delete or over-write messages, without retaining a paper copy. This renders the e-mails irretrievable (by the average computer user), sometimes resulting in a frantic attempt by the author to re-create from memory what was once extant.

The risks to the corporation and its officers, employees and investors that arise when company e-mail remains unfiltered, unclassified and, consequently, outside a formal archiving regime, fall into three categories:

1. The unstructured and haphazard accumulation of vital data– whether investigation-relevant, exculpatory or “mission-critical” – can impede the organization’s day-to-day business operations.

2. The enormous cost of recovery and production of data may necessitate a settlement of a given claim, no matter how legally unsupportable the adversary’s case may be. Costs connected to the discovery of data are simply too expensive to permit the pursuit of litigation.

3. Ill-conceived disposition of e-mail or other electronic data can lead to catastrophic sanctions and damages for spoliation of evidence including, in some jurisdictions, a separate action against the corporation and even its officers and employees, grounded upon the tort of willful or negligent spoliation.

Moreover, an e-mail management policy has defensive as well as preventative applications. For the company and its agents who may be victims of corporate wrongdoing, it is certainly advantageous to have the capability to efficiently inspect e-mail for evidence.

E-mail Management Software -- A New Notion

E-mail management software was largely unknown as recently as a couple of years ago. As e-mail has become indispensable in the commercial environment, this software has gained recognition as a means of avoiding exposure to potentially catastrophically injurious employee correspondence, and as a tool for retaining an archive of vital business data. The indiscrete e-mail repartee was the original justification for the use of such filtering and retention software – that is, misogynistic “jokes” or racist remarks of employee-users. In light of recent corporate shenanigans, the software may have equal application in exposing and halting the wrongdoing of upper management.

The impact of implementing e-mail management software and associated protocols is multi-fold:

1. Such a system is an incentive for corporate management to be more cautious. A multitude of information can be tracked and random loose threads can, as often is the case, unravel an entire cloak of corruption. The frequently informal and gossipy nature of e-mail, together with its growing prevalence as a communication tool, renders it particularly useful in tracking sharp dealing. Indeed, such “smoking gun” scenarios have become part of our corporate cultural lore.

2. Such a system will restore investor confidence. A rigorously designed and implemented electronic document retention policy, together with an e-mail management system (functioning automatically and in the absence of user intervention) to implement these rules, will re-assure investors, compel analysts to exercise greater caution (and better judgment), render audits more effective and less costly, forestall the institution of additional, and conceivably more intrusive, government-mandated rules and, presumably, reassure outsiders and help to quell the crisis of trust insinuating itself within the body politic;

3. It will help investigators. Having documents in electronic form is extremely useful and adds considerably to both the perception and reality of transparency. Documents in their native electronic format provide information that cannot be accessed from paper copies. Hidden “data about the data”, known as metadata, is embedded in the electronic file. Such information can include, amongst other information: the document’s creation date, whether (and when) it was modified, the original author and identification of the computer upon which the document was created. For e-mail messages metadata can be even more revealing; providing possibly incriminating evidentiary material, such as to whom the message was forwarded after receipt, whether or not an attachment was appended to the message and the identities of “bcc”’s to the e-mail.

4. Facilitates admissibility of evidence. In presenting electronic documents into evidence, a separate foundation must be laid to establish admissibility unless the relevant data can be admitted under the business records exception to the Hearsay Rule. By the use of electronic data management software and the implementation of appropriate retention protocols in its use, a party can take advantage of the exception and avoid a sometimes-daunting challenge to admissibility posed by highly motivated opposing counsel.

The NYSE and SEC have imposed new standards to prevent corporate malfeasance.  Here’s a not yet proposed regulation that’s worthy of consideration: corporations of a certain size (say, 250 employees or greater) should be required to install e-mail management software and promulgate electronic document retention protocols that fully implement the software’s capabilities. Ideally, the following matrix of rules should be provided by software used for the monitoring, filtering, preserving and archiving of e-mail:

1. For corporations with a critical need to monitor electronic communications for litigation and government regulatory reasons, management software that uses key words and phrases to filter, classify and archive in-coming and out-going e-mails and attachments, should perform its functions in a fully automated manner with no intervention from users. Rule changes and exceptions should be in the hands of a specially designated administrator. Corporations with less critical needs may permit some degree of increased human intervention in implementing e-mail management protocols.

2. Retention periods should be allotted to selected e-mails and attachments and data life spans calculated by using: the date the e-mail or attachment was created; the occurrence of a specific event; indefinite retention period, unless a specific destruction order is approved by an authorized individual; or a “hybrid” retention period such as a retention period calculated from a creation date, but that can be truncated by a superceding destruction order from an authorized individual prior to the expiration of the fixed retention period.

3. The management system should permit “holds” and “quarantines” to be placed upon exceptional messages and attachments subject to litigation, tax audits and regulatory compliance, so that records cannot be destroyed even if a retention period has expired.

4. Destruction of a record should be recorded and data concerning such material maintained for audit purposes for fixed periods.

5. For each e-mail message and attachment, a database linking a full-text searchable version of the actual message and attachment with database records containing critical information in searchable fields should be maintained. For example, the database fields may include: author; recipient; message date; subject created by author; identification of the individual assigned an action by message; action assigned; and information relating to attachment to the e-mail. Software exists which programatically captures said data using artificial intelligence and populates the appropriate fields in the database record. Accordingly, there is no need to maintain a standing force of data entry clerks to maintain such a database.

Some would argue that unscrupulous corporate management could defeat the ability of e-mail monitoring software to serve as an automated watchdog for illegality by merely avoiding or modifying the use of the company e-mail system.

However, even in the unlikely scenario that a wrongdoer, or a wrongdoer’s correspondent, would be infallibly careful in the use of e-mail or effectively avoid reliance on electronic mail, the breezy, informal nature of e-mail would continue to pose a real danger of exposure. An executive with something to hide would have to accept the risk that another person within the “conspiracy” – or even someone with only an inkling that some books have been cooked or taxes evaded – will inadvertently provide, in an e-mail, some clue of illicit dealings. By continuously filtering and classifying corporate e-mail, it’s much more likely that such communication will come to the attention of auditors, investigators, whistle blowers and prosecutors. Moreover, computer forensics specialists can, with relative ease, determine from the analysis of an executive’s computer that he habitually avoided the managed e-mail in his business communications to utilize a private, unmonitored account (and, conceivably, recover the unmonitored messages, if unencrypted.) In this scenario, even an executive’s use of “scrubbing” software on a daily basis to wipe a hard drive in order to obliterate the evidence of digital mail may provoke the very questions the wrongdoer is so desperately attempting to avoid.