An avalanche of information
There’s no doubt that emails have become our main method of communicating in our business dealings – it is estimated that 90% of our correspondence is by email. It used to be a Herculean task to archive physical documents. The ease of email has meant that the number of documents we create has risen exponentially.
Many businesses faced with this avalanche of information delete emails after a certain period – perhaps as little as three months. Contrast that with the US where all emails are routinely kept for a period of three years.
The risks – and how to avoid them
What are the implications of not keeping emails and/or having no easy way of retrieving them?
The courts now recognise emails as a source of evidence. Laws require us to keep documentation for laid-down periods – for example SARS requires fifteen years. Thus, if we replace our emails on a regular basis, we run the risk of potentially destroying evidence. And that could even be a criminal offence – Goldman Sacks paid a US $8 million fine for destroying emails central to a criminal case. Further, if we have a dispute with a staff member it could be important to have kept a record of his or her emails to see for example if they have been defaming their colleagues or abusing their email usage.
Government has passed legislation on electronic communications including emails. The Electronic Communications Act lays down the how emails are to be stored:
• The information is to stay in its original format (this is to prevent tampering with emails)
• The origin and to whom the document was sent must be identifiable. The date and time the document was sent are also to be shown
• The emails are to be easily accessible
From this it is clear that management needs to have a good document management system along with good use of technology and robust controls like limiting access to sensitive information and good storage facilities. Firewalls, back-ups and a disclaimer policy also come into the mix.
The Constitution guarantees every citizen the right to privacy and part of a document management system must be to put stringent safeguards in place to protect private personal information.
Risk considerations and good governance also dictate that control of information, well indexed for ease of retrieval and kept safely for a minimum period of time is implemented by the business.
So how long should you keep emails?
Finally, how long should the information be kept? It depends under which Act it falls – SARS as mentioned is fifteen years. A rule of thumb (and it is only a rule of thumb, so take advice in any doubt) would be to keep all information not governed by specific legislation for three years. After three years prescription lapses so it makes sense to keep information for at least three years.
In summary, don’t take this lightly – there is much to consider in how we treat and store our emails.