"Delete Button Not Secure"

Originally published in Fort Worth Business Press, April 2002.

Quentin Faust is a corporate lawyer of the Dallas office of Andrews Kurth. His email address is quentinfaust@andrewskurth.com.

Article reprinted by permission of the Forth Worth Business Press.

Employees would resist a tape recorder attached to their work area creating a record of every random comment, impression or observation they make to friends, family and co-workers throughout the day. However, many employees voluntarily activate just such a recording device every time they send e-mail from an employer’s computer terminal.

Email creates a false sense of privacy in many users leading them to forget that these communications are not private. Any inappropriate comment, lewd joke or criticism of management is saved to the hard drive of the sender’s computer. Even after the sender has hit the “delete” button, the message is still stored on the computer’s hard drive until new information overwrites the old message.

Not only is the message copied on the sender’s hard drive but also many other places within a few moments of hitting the “send” button. E-mails are initially copied on the employer’s server, the recipient’s server and the recipient’s hard drive. After the e-mail is opened, the sender has no control over whether the recipient saves the message or forwards it to one or one hundred other recipients.

E-mail has the potential not only to embarrass, but to impose legal liability on the sender or the sender’s employer. Plaintiff’s attorneys routinely use discovery requests to examine e-mail records. They realize that employees make unguarded comments in e-mail communications. Such candid remarks can be used to their advantage in the courtroom. Even if an e-mail can’t be used as the “smoking gun” to prove allegations of discrimination or other wrongdoing, they can often be used to cast doubt on the integrity or business practices of a company and its employees. The ability to paint a negative picture can significantly weaken an employer’s case and increase the settlement value of a plaintiff’s claim.

Even if a company could delete all e-mail records within a few days of their creation, any policy governing deletion of records must part of a comprehensive document retention policy. A document retention program must be tailored for individual businesses. It must identify which documents are to be kept and for what period of time. It must take into consideration all applicable legal or regulatory record-keeping requirements and any requirement to keep records as part of a separate contractual obligation. A duty to preserve records also arises whenever the information could be used as evidence in a current, pending or reasonably foreseeable lawsuit.

Deletion of e-mail records deserves special consideration because of the reduced control an employer has over such a record. An employer has no control over whether an e-mail message, including any attachments which might have accompanied such message, is either destroyed or preserved by the recipient. This lack of control multiplies when considering that the message may have been forwarded after the original transmission to any number of additional recipients.

Business should not expect a traditional document retention program to adequately address the preservation and deletion of e-mail records. While an employer has no control over documents that must be created and transmitted in the ordinary course of business, special consideration should be given to those e-mail records that should never be created at all.

Employers must periodically remind employees that an e-mail is a permanent record. E-mail should never be used to transmit off-color jokes, disparaging comments about co-workers or anything in general that would be considered slanderous if spoken in public. Businesses should consider a combination of a sound document retention policy for all business records, including e-mail messages, together with a proactive program to educate and inform employees about the hazards of treating e-mail as private correspondence.