General discussion

  • Creator
    Topic
  • #2176414

    E-mail retention policy – ethical dilemma

    Locked

    by angry_white_male ·

    My company presently does not have a policy regarding the retention of e-mail. With only 75-100 mailboxes on our Exchange server, reasonable mailbox size limits in place and plenty of HD space – we really never gave it much consideration. We do have a practice of running AutoArchive in Outlook to keep the power users from amassing monster-size mailboxes to keep the load on the server down, and to keep the “mailbox is full” warnings from populating their mailboxes – and the archive files are saved on the file server. Everything gets back up to tape every night and archived monthly. So far so good.

    This is where things get dicey. It was just handed down to the IT dept from the top of the mountain that we must delete _everything_ off the Exchange server and keep only those e-mails which are less than 30 days old – and to make this an ongoing policy. This also includes destroying 4 years worth of archived backup tape that we have secured in our records room. Red flags are waving and alarms are ringing. From an IT perspective, we have enough disk space on our Exchange box for at least another 20 years of e-mail – and the hardware we run it on barely breaks a sweat. My boss told me to make this happen starting next week. He’s just as perplexed about it as I am, but said we need to follow orders.

    The twist is that we’re a government agency that falls under a number of state and federal regulations, requirements and obligations. For all intents and purposes, e-mails are business documents. From an operational standpoint, most of my users rely heavily on e-mail and often need to go back several months or longer to retrieve information regarding any particular project they’re working on.

    Now, I’m sure by doing this, I’m probably not breaking any laws – however, there are guidelines and requirements in place by the state/federal government that pertain to record retention, in addition to the legal implications of destoying records — especially if they can save your company in the event of a sizeable lawsuit. But what if all those records are subpoenaed in court and we can’t produce them because they were destroyed? If we’re in compliance in what we’re supposed to do, then we shouldn’t have to worry about any damaging documents floating around our mail server – so no need to destroy them.

    I’m sure you remember the Ollie North Iran-Contra scandal with the all of the document shredding, and the hot water he got in for obstructing justice. Do I really want to be implicated in this when I have mouths to feed and a mortgage to pay? Do I want my name and reputation tarnished – even though I was following orders?

    But if you were put in this situation, what would you do? The IT job market has yet to recover from it’s heyday (and likely never will).

All Comments

  • Author
    Replies
    • #3251448

      Government document laws

      by bfilmfan ·

      In reply to E-mail retention policy – ethical dilemma

      You are required and compelled under the National Archives and Records Administration Act of 1984 (Pub. L. 98 – 497, 44 U.S.C. 101 note) to preserve certain documents, including email.

      You can verify most of your requirements here:

      http://www.archives.gov/records_management/records_management_basics/federal_government.html

      Personally and in writing, I would immediately contact my superior asking how they planned to meet compliance with the Federal law. If they should tell you to “jus get with the program,” immediately call the Justice Department and use the Whistleblower’s law. You might also wish to contact the National Archives, your senators and congreeman and those fun party gang at the General Accounting Office.

      It never ceases to suprise me how mnay Federal agency department heads look really good in prison atttire. Don’t be one of them.

      • #3251421

        Following orders doesn’t clear you

        by jdclyde ·

        In reply to Government document laws

        So cover your a$$!

        BFilmFan is right on track with this.

        It is a poor business practice in a PRIVATE business, and almost certanly illegal in an governmental institution. Freedom of information and all.

        Looks real bad.

        Make sure your not breaking any laws, and then get it in writting for when the brass ask why they can’t get that e-mail back from 32 days ago that he NEEDS.

        • #3232469

          If it goes wrong, you’ll be the scapegoat

          by pedwards17 ·

          In reply to Following orders doesn’t clear you

          I agree with jdclyde–following orders won’t absolve you of responsibility. If you follow these orders and there is an investigation in the future, you’ll be the one who will take the fall. As others have suggested, get the request in writing (not in email unless you’re going to print it–it’ll be gone in 31 days otherwise;-) ), ask how the regulations are to be met, and then contact the necessary authorities.

      • #3251418

        Tough one!!!

        by caestelle ·

        In reply to Government document laws

        I do not know what I would do in your shoes, but I am sure glad I am not there. Are they giving any motive as to why they might be wanting to destroy these emails. If not, maybe their motives are pure….like maybe their thinking is that they do not want confidential emails floating around out there and they just don’t realize that by deleting them, they will be breaking some laws. If this is the case, then maybe pointing out these laws that BFilmFan is referring to deter them. Regardless…like BFilmFan said, I would express your concerns to your supervisor in a manner that you can keep for your personal protection should you need it. Good luck in whatever you decide!!

        • #3251412

          Reply To: E-mail retention policy – ethical dilemma

          by angry_white_male ·

          In reply to Tough one!!!

          No idea what’s motivating them to do this. I just hope it’s because the HMFIC here fell and hit his head and isn’t thinking straight. In any event – I did some research and called a lawyer friend of mine and while I may be clear from a legal/civil/criminal perspective when I dump the info store and trash the tapes, it won’t look good for the company – and it may very well bite us down the road. My boss is pushing this back onto the HMFIC and advising him of the pitfalls, so we’ll see what happens.

          Apparently they want this done within the next couple of weeks – seems like a hasty decision, so it tells me that something’s up.

        • #3251363

          Listen to BfilmFan

          by amcol ·

          In reply to Reply To: E-mail retention policy – ethical dilemma

          Because he’s exactly, precisely, absolutely, positively, 100% correct.

          I also work for the government. I know the laws and regs in this area, from NARA to OMB to FOIA to FISMA. Do what BFilmFan is telling you to do. And document every move you make, every conversation you have, everything that happens from here on out.

        • #3233133

          In the clear, you say?

          by no name specified ·

          In reply to Reply To: E-mail retention policy – ethical dilemma

          Just remember this: the phrase “I was just following orders” does NOT make you innocent, and you can bet that there will be someone out there itching (or getting paid a lot) to prove that you aren’t. Another something to remember is that you are NOT innocent simply because you “did not know it was illegal”, and bottom line is that the lowest person on the totem pole always pays the price. Don’t believe it? Ask the seven soldiers from Abu Grahib. You pushed the button = you pulled the trigger = “nobody told them to abuse the prisoners”.

        • #3233041

          Might be time for a private copy

          by raclapp ·

          In reply to Reply To: E-mail retention policy – ethical dilemma

          Might be time to make copys of the archive tapes and put them into the hands of an attorney. If something is up, you can be the hero by producing the destroyed info. If nothing comes about, then simply ask the attorney to see they are destroyed. Might give you some protection, in case the idiot upstairs does not wise up.

        • #3232921

          Almost

          by meesha ·

          In reply to Might be time for a private copy

          Although I agree with pretty well all the responses so far, this one by raclapp has me worried. Since the motives aren’t known, taking any corporate data et al may constitute theft and if “anything comes back to bite” the firm may see this as a cause for action. If the emails are addressed to you directly, I don’t believe there would be a problem printing or coping for safe guarding. But not all corporate emails especially those not addressed to or by you. I admit, I may be wrong but I would rather document my concerns, point out the legal ramifications and keep covering my back side until a reasonable “legal” explanation is received. Like others in this post, the law is clear and unless the corporation has leave of the law then I would ensure that I cover all the bases. Don’t do it! If they want it done and after you’ve explicitly outlined why you won’t do it, leave them to it.

        • #3236135

          Their Motivation is Not that Mysterious

          by sendbux ·

          In reply to Reply To: E-mail retention policy – ethical dilemma

          Anybody in Govt who makes an order like that, who’s fairly elevated, knows it’s illegal to destroy docs, including emails.

          The boss is doing this because he believes he is protecting himself or someone or something by doing it, pure and simple. It is up to you to discover what that is, if you choose to accept the assignment.

          This e-mail will now self-destruct.

        • #3341540

          under protest

          by avid ·

          In reply to Tough one!!!

          i would definately write a document stating the laws and that you are performing this task under protest and have them sign it. if they won’t sign it then something is definately wrong.

      • #3232536

        Godd advice from all – combine it!

        by elliemk1 ·

        In reply to Government document laws

        Take BFilmFan’s advice. He knows what he is talkign about. Then take the other guy’s advice who said to burn it all to DVD or make tapes of everything – even if you have to do it on your own time. Get a lawyer, blow the whistle, call the Washington Post and the New York Times. Ask them to run an article about how government agencies have to keep e-mail archives just like other companies do. Put a copy of the article on your CEO’s desk. Plan to get fired, but by doing the right thing, you’ll probably get hired by some ethical company or start your own business with the money you make from the book and movie rights to this story 🙂 I’m a writer and can direct you to some savvy political writers who will gladly ghostwrite the story for you.
        Whatever you do, get a lawyer and listen to what he tells you. Have him write a letter to your CEO. That’s always a good move.
        And whatever else you do, don’t destroy everything without having blown the whistle big-time.
        Have your resignation letter ready to go the day before the article appears in the papers.
        Contact me offlist if you want any more help along these lines.
        I just love these modern day “whodunits.”
        Don’t participate in a crime. It’s not worth it.

        • #3232535

          Ooops – at 5:00 a.m., I’m bound to make errors!

          by elliemk1 ·

          In reply to Godd advice from all – combine it!

          I wrote “Godd” advice. Well, let’s change it to “Good advice,” can we? Maybe I really should get to bed now!

        • #3232532

          Never a truer word written

          by neil leacy ·

          In reply to Godd advice from all – combine it!

          > Don’t participate in a crime. It’s not worth it.

          If I were in your position I too would take all the previous advice. As in your thread never a truer word has been written than those above, I think it would also be prudent to point out to your CEO that he is asking you to break the law which is an offence in itself.

          Cover your back as best you can. You are in the right and anyone with an ounce of common-sense will see that straight away, it’s just the legal eagles that will need the hard proof of proposed wrong-doing.

          Regards, Neil

        • #3232970

          Great Advice but DON’T GO TO THE PRESS yet

          by steverd ·

          In reply to Godd advice from all – combine it!

          Having run IT and SOX audits and been in IT for more years than I want to count, something stinks here. The advice given is good. Please get a lawyer – one who specializes in white collar crime. I would listen to the lawyer before I start going to the press.

          If you go to the press, you’ll be labeled a pariah. There are legal avenues to take first. DOCUMENT EVERYTHING.

          This will be very uncomfortable for you but you will be so much better off in so many ways doing the right thing.

        • #3232811

          Are you breaking laws?

          by mross01 ·

          In reply to Godd advice from all – combine it!

          There has been a considerable amount of mentioning of you breaking the law. But no specific law has been mentioned. Lawyers can be expensive and copying all the data and taking it off site can be construed as stealing (first law mentioned that you would be breaking).

          Take the advice of most, document what you are required to do. Voice your concerns, get it documented, check into it the best you can on what laws are out there on this type of behavior. This can’t be the first time this has happened.

          It does seem that something is up is this is being pushed hard for no apparent reason, especially with a short deadline for it to happen. You may want to talk to the governing body above your government organization and let them know what is going on (anonymous of course), but its possible this is coming from there.

          Becareful, start looking for a job, one way or another its going to hit the fan.

          Good Luck

        • #3234896

          44 USC, Chapter 31, Section 3106

          by rimman.larry ·

          In reply to Are you breaking laws?

          TITLE 44 > CHAPTER 31 > ? 3106

          ? 3106. Unlawful removal, destruction of records

          Release date: 2005-03-01

          The head of each Federal agency shall notify the Archivist of any actual, impending, or threatened unlawful removal, defacing, alteration, or destruction of records in the custody of the agency of which he is the head that shall come to his attention, and with the assistance of the Archivist shall initiate action through the Attorney General for the recovery of records he knows or has reason to believe have been unlawfully removed from his agency, or from another Federal agency whose records have been transferred to his legal custody. In any case in which the head of the agency does not initiate an action for such recovery or other redress within a reasonable period of time after being notified of any such unlawful action, the Archivist shall request the Attorney General to initiate such an action, and shall notify the Congress when such a request has been made.

        • #3261484

          Law-mentioning

          by ChrisP547 ·

          In reply to Are you breaking laws?

          In the first post in the thread, BFilmFan cited the following:

          You are required and compelled under the National Archives and Records Administration Act of 1984 (Pub. L. 98 – 497, 44 U.S.C. 101 note) to preserve certain documents, including email.

          Also, IMHO, document everything, CYA, consult an attorney, do NOT have that attorney call the CEO as suggested elsewhere (definite CEM if he’s innocent, and if not could get you fired at best, Pelican-Briefed at worst), and the post about the Archivist sounds like a definite avenue.

        • #3240022

          TR: Open Records laws, privacy, and government IT

          by ChrisP547 ·

          In reply to Law-mentioning

          On the ‘ask, and ye shall receive’ front…

          Translating rules into policy: Open Records laws, privacy, and government IT

          http://techrepublic.com.com/5100-10593_11-5680099.html?tag=nl.e101

      • #3232516

        Don’t rely on theWistleblower’s Law

        by cgresley ·

        In reply to Government document laws

        The Wistleblower’s Law might have good intentions, but end of the day you have to come back and work in that office. How-ever will find out you are the snitch. Follow another route like speaking to your superior.

        • #3233141

          Better a snitch than someones plaything in prison EOM

          by landsharrk ·

          In reply to Don’t rely on theWistleblower’s Law

          EOM

        • #3233119

          Do what they say, but make a copy

          by mcseford ·

          In reply to Don’t rely on theWistleblower’s Law

          You are going to have to be clever on this one. Do what they say, but first back the entire database up onto tape and store a copy someplace, (perhaps with your attorney – where you are covered by client/attorney covenent).

          If and when the fit hits the shan you are holding aces over eights.

        • #3234542

          Some small consolation…

          by deansonn ·

          In reply to Do what they say, but make a copy

          Aces and eights, isn’t that the dead man’s hand?

        • #3234334

          two wrongs don’t make a right

          by john ·

          In reply to Do what they say, but make a copy

          Personally retaining a copy of this data offsite, like in the proposed solution where you leave it with a lawyer, is illegal in and of itself. It is definately data theft. What they are asking you to do is not legal, it is not even legal for them to ask you to do it! Don’t follow those infractions with one of your own!

          I would follow all of the other suggestions, contacting the authorities, contacting senior management, etc. In the end, I would walk before I stuck my head in the noose by complying with this demand!

      • #3233044

        Yikes!

        by cagedmonkey ·

        In reply to Government document laws

        Sounds to me like someone is trying to cover something up. I’d most definitley get all of this in writing along with a copy of this so-called new policy and who approved it.

        Expecting a 30 day retention period is just assinine. As an IT admin I need more than 30 days retention just to keep track of documents when making network changes. I’d have to resort to using .PST files and we know how well desktops get backed up if ever.

      • #3232997

        Agency or Company?

        by barbedwire ·

        In reply to Government document laws

        I’ve never heard anyone working in a federal agency call there dept. a “company”, or a fed. IT guy talk about “busines documents”. So what is this place he works for?
        Anyway, are the laws different for fed. agency, state agency, or company?

      • #3232885

        Big Mistake

        by kevin.uberti ·

        In reply to Government document laws

        Take the advice of BFilmFan…DO NOT destroy any of those records. You would be responsible for breaking the law and when all is said and done, you would be the one the blame was put on. Get it in writing that they want you to destroy all those old e-mail records and then take it to the Justice Department. Let your consience be clear.

      • #3234383

        Destroying Email – You know the answer

        by tngamecockfan ·

        In reply to Government document laws

        If you felt compelled to ask the question then you already know the answer. I work for a federal agency and use to work for DOD. Nothing sounds right about these orders. As the old adage goes “Crap flows downhill” and you are at the very bottom sitting in a very deep hole. Follow BFilmFan’s advice, your own “gut” feelings, and your morals. It’s better to be out of work than in jail or no longer able to work in your field of choices.

      • #3234592

        Government Document Laws

        by rose.flood ·

        In reply to Government document laws

        That’s good advice – no one is above the law. If the request is documented save the documentation and if it is not documented – get it in writing so you have proof of your claim.

      • #3340129

        Soooo true…

        by mrsgarbers ·

        In reply to Government document laws

        I too work for a Federal Agency and I can attest to the archives dept and its strict policies.
        BFilm is correct.

      • #3249390

        Over the top

        by mollenhourb9 ·

        In reply to Government document laws

        BFilmFan will get you fired, whistle blower laws or not. Temperance my friend, temperance.

        You can comply with the laws without getting all blustery, and raising a big stink at the first sign of this new directive (or is it new policy?).

        Tread lightly, and carry the big stick of documenting your conversations. Keep in mind though, that all of your documentation can also be FOIA’d. Be careful what you write.

    • #3251340

      Something’s up

      by roger99a ·

      In reply to E-mail retention policy – ethical dilemma

      This sounds to me like somebody is trying to cover something up. I’d be scared.

      • #3233113

        Agree…

        by mikeblane ·

        In reply to Something’s up

        I’d start researching these laws, making printouts and keeping in a binder. I’d also start talking quietly to the Ethics and Legal offices to see what your options are. Also, it never hurts to update your resume.

      • #3234504

        Is there anything that might be considered a security issue?

        by danetter ·

        In reply to Something’s up

        I didn’t notice any consideration of security issues. I don’t know what the subject matter might be of the records of concern. Perhaps no one knows for sure that there is nothing there that might be construed as potentially significant intelligence information, especially if combined with other, external information. Details of apparently innocous contracts may include data revealing the size of secret military development and procurement plans. An overzealous investigator might not care much if that is something you really shouldn’t be expected to know.

      • #3339003

        Fishy!

        by n494f ·

        In reply to Something’s up

        Hmm..from IT audit perspective something is definitely fishy. More often than not, email correspondences are acceptable audit evidence. IF there is really no problem with the Exchange Server (capacity, et al.) and no logical good reason was provided, I’d say you better cover your @ss first. Make sure that whatever they ordered you to do is in writing/documented (emailed!). Print it out and keep a softcopy of it just to be sure that you are protected as well.

    • #3251315

      This is what I would do…

      by ohiois ·

      In reply to E-mail retention policy – ethical dilemma

      Record retention policies have to meet several tests.

      1. Is the policy in compliance with all laws and regulatations governing the company or agency?

      2. Is the policy in align with other similar companies and agencies? In other words, does it stray from acceptable practicies in similar companies?

      3. Is the policy in compliance with certifications awarded by professional organizations?

      4. Is the policy established without any consideration to existing materials? A policy cannot be implemented while there is information under subpoena or explicityly to avoid litigation.

      If the answer to any of these is no, present your reasons for disobeying in a professional manner. I would also document all conversations with dates and names. And yes, I too would make a wistle blowing call under these circumstances if they do not listen to reason.

    • #3233559

      Reply To: E-mail retention policy – ethical dilemma

      by angry_white_male ·

      In reply to E-mail retention policy – ethical dilemma

      I talked with our CEO – brought up the fact that the state and federal gov’t have retention guidelines regarding data – but he seems to think that e-mail doesn’t count as a business records (which it is). He’s concerned that a potential “exhibit A” may be lurking on our mail server somewhere (with lots of thinking hard long pauses trying to manufacture a BS excuse on the fly)… then later he changed his tune and said that it was more about efficiency on our mail server.

      Our mail server is just fine – so their claims of server efficiency is total bullshit since we’re upgrading it in a few weeks from a P3 1 gig dual processor with 3 gig RAM and 100 GB of disk space to a P4 3.2 gig dual processor with 4 gig RAM and about 216 GB of disk space. Our Exchange info store now is only about 25 gig… and the only reason why we’re upgrading the server is because the one we have now is out of warranty and eating up 7U of rack space.

      So I go and put out the blast mail to the entire company stating this new policy will take effect in about a week to give people time to go through and get anything they deem of importance off the server and onto hardcopy (yeah – now that’s efficient with people printing 1000’s of pages of e-mail at an additional cost to the company… and where are they gonna put it all?). What really sucks is that the message is coming from me and not my boss because my boss is out of the country til Wednesday on vacation and they wanted this done yesterday. So I’m gonna take the heat from everyone who’ll be pissed off at this whole thing. I’m basically lying to everyone who works there… the responses I got back so far I haven’t had a good answer for them because I was never told how I should address it… so I’m just playing stupid and either ignoring them or telling people we’re still hammering out the details. People are not going to be very happy when they realize that e-mail from 3 months ago they need now is gone forever.

      So red flags are waving and alarms are ringing that something isn’t quite right if this is coming out of the blue for no reason other than efficiency when we’re upgrading the mail server in a few weeks. The CEO/COO have some ulterior motive they won’t talk about and they’re putting the whole thing on IT to make it seem like it’s our idea. Something’s fucked up.

      I’ve been quietly looking for a new job since January anyway. Underpaid, overworked and tired of the politics that run the place.

      • #3233520

        Looking for a new job won’t help

        by amcol ·

        In reply to Reply To: E-mail retention policy – ethical dilemma

        Find a country that doesn’t have an extradition policy with the US.

        You’re in a heap of trouble, son. It’s YOUR name that’s all over this, and the law’s going to come looking for YOU when the sauce hits the blender.

        Doesn’t matter if you leave your job, what’s done is done and it’s on the public record. You shouldn’t be soliciting our advice, you should be spending your time finding legal counsel…BEFORE actions are taken that can’t be undone.

        • #3232743

          Reply To: E-mail retention policy – ethical dilemma

          by angry_white_male ·

          In reply to Looking for a new job won’t help

          I have copies of the e-mails sent between our CEO, COO and my boss regarding this whole thing – in addition to e-mail from our VP of legal who’s telling them the same thing I am (it hasn’t dawned on them that a network/mail admin knows _everything_ and has full complete access to everything).

          If this turns out to be a bad hand, I hold the trump card (and it’s legal here for me to inspect mailboxes, as well as company policy gives me the OK to do so).

          And if I get canned, I have a willing ear at the newspaper who would love to run an expose on us (helps that we quietly fired her husband last year). Either that or my guaranteed silence will by me nice severance package I’m sure.

        • #3233030

          but no information?

          by anthem ·

          In reply to Reply To: E-mail retention policy – ethical dilemma

          You have copies of all of their emails regarding this, and still don’t know exactly why they want to do it? Come on, go ahead and read them…

        • #3233006

          Don’t forget that what you’ve posted here is public

          by wildmarjoram ·

          In reply to Reply To: E-mail retention policy – ethical dilemma

          And you’ve provided evidence right here that you know what you’re about to do is illegal. And you’re going to do it anyway (with the note that you might consider taking a payoff bribe as severance too – that would play well in front of a jury.) I hope you will decide to speak to a lawyer before taking any irrevocable steps.

        • #3232801

          Oh Ho – Oops – You have changed your tone

          by mross01 ·

          In reply to Reply To: E-mail retention policy – ethical dilemma

          Not sure you should be shouting this information out. If you did do the deletion and you sent the email out saying you were, you are tied to it. Remember the post talking about lowest man on the totem pole. This is the first post you have done that sounded vendictive and childish. You now are going down the wrong road here.

          Cover yourself, don’t look at this as a easy road possibility, it won’t be, you will not win here. There are no possible situations where you are going to be better off than right now.

          No matter what you may think is your rights to private emails, only HR has the right to requisition them. You are now crossing a different line.

        • #3232501

          Email – order & Instructions.

          by tech ·

          In reply to Looking for a new job won’t help

          Don’t just write the Email to the company – Forward and comment on the order from the Big Boss. This will help show who the instruction is from, and help point the finger at them. Also does your arm of the Governmental tree have a specific regulator – if so drop them a query as to the specific data retention requirements, under current conditions. There have been a number of special orders made in various countries, with legal status, but in addition to the published statutes, as part of the various anti-terrorism laws.

      • #3232742

        Keep insisting

        by zetman ·

        In reply to Reply To: E-mail retention policy – ethical dilemma

        If your CEO’s saying that he wants to lessen the load on the server, tell him you’ll keep the archives off the server, onto tapes…

      • #3232533

        There are many precedents that require you to disobey illegal orders

        by komodo ·

        In reply to Reply To: E-mail retention policy – ethical dilemma

        There are many precedents out there that dictate the you have an obligation to disobey orders that are illegal/immoral or where a “reasonable man” would find it wrong to carry out the orders.

        In your case I would protect myself by burning two copies of the data to a CD or DVD then delete as instructed. I would keep one copy of the media in the normal company records (i.e. with archived backup tapes) and the other in the custody of your legal counsel as a means of self-protection.

        If things blow up you can always point to your documentation of your archives and where they were stored at the company. If they were disposed of without your knowledge you can always fall back to the copy your legal counsel has.

        Finally, before you do any of this you __must__ obtain the best legal avice you can afford. Your future employability is at stake so make sure the counsel you choose is an expert in employment law and data retention law.

      • #3232503

        Don’t forget FOIA

        by sloan ·

        In reply to Reply To: E-mail retention policy – ethical dilemma

        The Freedom Of Information Act requires all government agencys to not only retain all communications, but to classify and catorgize them for efficient retrival. It’s a felony to destroy any of these records (including email), and any government employee ordering the destruction is also committing a felony.

        Also, if there are 3 or more people involved (you, your boss, and his boss, for example), you could also be convicted under the Patriot act for “acting in a conspiracy” to destroy potential evidence.

        Even with a CYA (or “get out of jail” letter) letter from the top dog, you would still be convicted should it ever come to light. An earlier post suggested that you get a signed order from someone up the ladder — a very good idea, but I wouldn’t actually destroy the backups until you got advise from a lawyer and/or the FBI.

        An agency I used to work for got in trouble, and several people’s careers were ruined, because they weren’t backing up the local email stores on user’s computers. You really should get some legal advise because of the exposure you may have. For instance, if you keep a copy of the emails until you have a clear legal answer, you cannot take them “offsite” (Patriot Act & simple theft laws). You would need to find a safe place to keep them at the office.

        Good luck, and I hope you post the final results of your delima.

      • #3232476

        I’ve given it some thought . . .

        by gentlerf ·

        In reply to Reply To: E-mail retention policy – ethical dilemma

        And the others are quite correct in the CEO has something to hide that showed up in one of his e-mails. The aspect of “I was just following orders” didn’t fly at Nuremberg (WW2 Nazi War Crimes trials) and it doesn’t today either. Document, document, document and make a private backup of that data as was suggested elsewhere because I know from my personal readings of court cases involving e-mail that your CEO is dead wrong about it not being covered by Federal Data retention laws. No, I am not a lawyer nor do I play one on TV but I do listen and read a lot.

      • #3233145

        saving the monthly tape may be a bad thing

        by neal.cleaver ·

        In reply to Reply To: E-mail retention policy – ethical dilemma

        Although I do not work for a government agency, I do work for a company that is regulated by a federal agency. I am not an expert on document retention rules either. Our present email system is similar to the one described. I was told by management that archiving a monthly backup was not acceptable for log term arhiving. For legal purposes, we would have no way of proving that a user did not send or receive mail and then delete it during the month Because of that, they felt we were better off not making any attempting any long-term storage program. We currently use a 3-week tape rotation for disaster recovery purposes.

      • #3233101

        What I would do in your shoes

        by zaferus ·

        In reply to Reply To: E-mail retention policy – ethical dilemma

        I believe in “Walk softly and carry a big backup”.

        I would keep a comprehensive “off site backup” of everything (two copies – 2 different places with the original memo) and then comply with the request. As long as you make sure you’re not the one without a chair when the music stops – it should at least buy you time to find another job. And if the music stops you can say “yes I did delete it, but to comply with the law I kept a good backup”.

        Zaf

      • #3233027

        RE: angry_white_male

        by alanlox ·

        In reply to Reply To: E-mail retention policy – ethical dilemma

        I have read the thread here and I would put a very big Warning on deleting and email, This smells like hell to me best report him as others have advised you to do.

        And CC the Memo to this CEO So he cannot say he does not know why this was done.

      • #3232928

        Oops ….

        by pmpsicle ·

        In reply to Reply To: E-mail retention policy – ethical dilemma

        That was a big mistake… you’ve been avoiding the look of being unprofessional by acting like you’re unprofessional (“I don’t know – we’ll figure it out later”).

        What you should have done is make sure that everyone who complains knows that you’ve been told to do it by the CEO. That way if the post-processing food waste hits the rotating ventilation device everyone will point at the CEO. As it stands you’ve let the company think the IT department is going off half-cocked.

        The only comment I have is that this is your boss’s problem.

        Other than that … follow the advice you’ve gotten so far.

        Do an archival backup to CD or DVD … but perform your normal archival procedures (i.e. store offsite, store in fire-resistant room etc.). Then document where it is in a method that will allow an auditor and/or investigator to find both the archive and the document. Keep a copy of that document.

        Call and report the “potential” violation … but wait until enough others know of the situation that any of them could have blown the whistle.

        Finally, contact the ethics bureau for your area of government (if it exists) and a lawyer familiar with the issues. Do what they tell you to do to protect yourself. At worst you can point to the lawyer and say … “But he said it was actually legal and that I was overreacting”.

        Remember your first duty is to yourself. Don’t outright refuse and don’t get the reputation of either acting without thinking, mulish behaviour or “Pretty Perfect Programmer”. And don’t make an enemy of the CEO – you’ll lose.

        Let him be caught on his own petard not yours. Just don’t get caught yourself.

        Glen Ford, PMP
        Can Da Software
        IS Project Management
        Business Systems & Process Improvement

      • #3232807

        Archive to a personal PST

        by mross01 ·

        In reply to Reply To: E-mail retention policy – ethical dilemma

        In your email, you should suggest creating a personal PST and have it stored on a server. This way the data is being backuped and the folder just looks like a regular folder in OutLook. You can mass copy everything to it including, sent and deleted emails.

        I do this everyday, so that I have a copy of all my emails. I rarely delete an email, I just move it to its appropriate folder.

      • #3234898

        Personal Folders

        by tngamecockfan ·

        In reply to Reply To: E-mail retention policy – ethical dilemma

        Inform everyone that they can create personal folders on their PC as back up. Might be surprised at what will end up on their personal folders. Could be a way for the “bad” emails to be saved without mgmt consent.

      • #3234892

        I wish we had your resources.

        by rockymtnman ·

        In reply to Reply To: E-mail retention policy – ethical dilemma

        Wow. 75 to 100 mailboxes and I’m assuming some public folders and calendars running on dual 1 gig CPU with 3 gig RAM with about 75 GB free space… and you’re getting a new one!?!

        Anyway, I agree with everyone else who’s telling you ‘something else is going on’. You should already have reported this to someone mentioned in the other recommendations. I work in health care and while deleting the email may not be a problem, removing them in any form to an unauthorized location or giving someone possession of potentially HIPAA (a federal law) related info is a felony. Attorney or otherwise. That’s just plain a bad idea no matter what unless you’re directed to by some higher athority like the Justice Department. Good luck.

      • #3234864

        Watch out for the black helicopters…

        by govtcio ·

        In reply to Reply To: E-mail retention policy – ethical dilemma

        We will be implementing a email retention policy here soon that will delete all email over 60 days from the email server. We currently keep it all but are working with legal to define a formal policy. If you don’t archive it will be gone after 60 days…. It happens all the time – dont’ read more into this than is there.

        govtcio

        • #3234626

          Reply To: E-mail retention policy – ethical dilemma

          by angry_white_male ·

          In reply to Watch out for the black helicopters…

          That’s part of the bigger issue we’re facing. They just want us to start deleting mail without a formal policy in place and put it on IT as a server efficiency bulls–t story.

        • #3233333

          This is really not that difficult.

          by shadowdark ·

          In reply to Reply To: E-mail retention policy – ethical dilemma

          1) Here is your ammo:
          http://www.netdiligence.com/pdf/SarbanesOxley.pdf
          and
          http://www.cio.com/archive/011505/compliance.html
          Print these & give copies to the CEO, CFO & CIO. Draw their attention to page 2 of the Sarbanes-Oxley.pdf, especially the part about the $2 million dollar fine per incident for records (email) violation.

          2) Ask if they are familiar with the Sarbanes-Oxley Act of 2002. As a Network Admin you yourself should be familiar with it. If not, get familiar & quick.

          3) As Network Admin it’s your responsibility to respectfully educate mngmt when what they are requesting is illegal & would put them in the way of liability. (read: felony if you are any kind of govt agency.)

          4) Firing or otherwise discipling you for refusing to would leave them open to charges of wrongful termination, bringing to light in a court of law whatever it was that they were attempting to hide in the first place.

          5) Do Not make secret backups & Do Not turn over tapes, etc to anyone unless subpoenead by a court of law. Doing otherwise would make you guilty of stealing corporate/gov’t data, an offense which would give them cause to fire you and/or bring suit resulting in a hefty fine or worse, jail time. You’d also have a tough time getting employment after that.

          Very simple. Quit stressing it & get a good night’s sleep ‘Angry White Male’. Peace.

        • #3233317

          Reply To: E-mail retention policy – ethical dilemma

          by angry_white_male ·

          In reply to This is really not that difficult.

          We’re public/gov’t sector – so SOX wouldn’t apply to us. I did talk without CEO and he didn’t seem too fazed about my concerns. Will try talking with my IT manager on Friday – see if he made any progress. Our state is an “at will” employment state – and we’re not in a union – so there’s little protection for me in that regard.

        • #3234033

          While you may not be bound by SOX

          by rimman.larry ·

          In reply to Reply To: E-mail retention policy – ethical dilemma

          It’s not at all uncommon for Public Sector to decide that many aspects of regulations issued should be incorporated in their “best practices”. We’re not impacted directly by SOX because we’re not publicly traded, but our audit function thinks that adopting some of the issues in SOX would be beneficial to us as well, so our policy is being “massaged” to incorporate certain aspects of it.

        • #3246500

          Gov’t sector has plenty of its own email regs

          by archiveitall ·

          In reply to Reply To: E-mail retention policy – ethical dilemma

          You may not be covered by SOX, but aren’t you covered by the
          Freedom of Information Act (FOIA)? Or what about state “open
          records laws” — requiring government agencies to produce
          emails and other records when requested by citizens? (Also
          sometimes called “sunshine laws.”) All states may not have them
          yet, but many do from what I’ve heard — like CA, FL, NY. Does
          anyone know who, exactly, is covered by FOIA? Is it only federal
          gov’t agencies, or also state and local? Regardless, with these
          and scads of other e-records laws, it seems there are plenty of
          reasons for government entities to have a system for archiving
          and quick search/retrieval of their email. Like it or not, email
          messages are definitely recognized by the regulatory bodies and
          the courts as digital records. And your regular backups aren’t
          going to cut it for the fast response time required.

      • #3339490

        Get outta there!

        by old_sys_admin_guy ·

        In reply to Reply To: E-mail retention policy – ethical dilemma

        Sounds like something fishy is going on. At the end of the day you know who will be twisting in the wind. Back up the info store twice, give one copy to someone you can trust in the legal or accounting dept. Keep the other in your attorney’s safekeeping. Get another job, before you need it! Better safe than sorry. Don’t end up up like Clifford Baxter.

      • #3341543

        Sarbanes – Oxley

        by rrosca ·

        In reply to Reply To: E-mail retention policy – ethical dilemma

        I seem to remember Tech republic posting on this very subject not too long ago. I don’t want to lead you on a wild goose chase but do yourself a favor and read up on this piece of legislature (Sarabanes-Oaxley) and it should clear some things up.

        If you are correct and you are legaly bound to archive items then write a memo to the company owners or president (anyone in charge) and put down on paper your concerns and objections. Make them say that it’s legal to destroy the archives. Leave a paper trail that exonerates you in case of trouble and puts the blame and responsibility squarely where it belongs if the crap hits the fan.

    • #3232541

      Someone wants to destroy a trail.

      by larry.barnhill ·

      In reply to E-mail retention policy – ethical dilemma

      This situation is not new. It ( most probably ) means someone is trying to cover their tracks and prevent an email trail from pointing to them. especially if you are a Government Agency ( of any kind ) or affiliated with the Government. You should deffinitely get a Lawyer or very good legal advice.

    • #3232540

      What I’d do

      by haylocks ·

      In reply to E-mail retention policy – ethical dilemma

      1/ Burn ’em to DVD, then follow illegal orders.
      2/ Get some legal advice

      Sounds terrible!

      • #3232530

        Always cover your ass…

        by keithx ·

        In reply to What I’d do

        Ive worked in and out of government and public sector organisations in the UK for the last 8/9 years. The single most important thing you learn from these places is that you can trust NOONE. Its a sad fact. Keep a copy of everything. Double backup that copy and give it to a lawyer or someone you trust implicitly.

        The law may differ between the UK and US somewhat, but im no lawyer so it matters not. There are three things you need to do asap.

        1) Get independent legal advice in writing it is unadvisable to present this to your employer as he may see it as a threat, but if you can provide evidence that you disagreed with his instructions your already in the clear.
        2) Archive everything on the mail server. Then copy that archive and deposit a copy of it with your third party. DO NOT keep a copy for yourself, that would most likely be illegal but DO keep a copy of the receipt from the third party of the archive.
        3) Do as asked by your employer.

        I would be looking to get out of the company now too, but its not necessary. However, if/when the shit starts flying you DO NOT want to be in the scatter radius. No matter how protected you think you are this sort of shit sticks. The only thing you have in any business is your reputation. The moment it gets tarnished its damn near impossible to get it shiny again.

        Good luck.

      • #3232513

        Tailor of Panama

        by cgresley ·

        In reply to What I’d do

        1. Burn ’em DVD’s. Do as asked.
        2. Create some fanciful story about the contents.
        3. Sell to the highest bidder.

        If just!! 🙂

    • #3232537

      Get Written Order

      by donovan ·

      In reply to E-mail retention policy – ethical dilemma

      No matter what you do, get a written order from the top instructing you to delete those mails. Make sure they sign and date it and keep some spare copies. This will then be admissable in a court of law in the US.
      If they refuse to give it to you in writing then I think they have other intentions for deleting these mails.

      • #3232531

        Smell A rat

        by rapell ·

        In reply to Get Written Order

        Do not accept to do this. Blaze the data onto DVD and archive.
        Make three copies, one for storage, Second to your legal counsel, and the third in a hidden location on company premises, not home. The boss might sweet talk counsel, after all they are the big shots in suits and they may be alike when issues are hot for the company. Finally run for the hills, squeal everything from up there.

        • #3232517

          be careful about taking data off-site

          by ncc ·

          In reply to Smell A rat

          Be careful about making those copies and taking it off-site, or giving it to anyone (including lawyers). In most cases, you would be guilty of breaking the law doing this by taking confidential information. I’d burn the copy and leave it somewhere in your files in the office.

        • #3233364

          Movie to follow

          by dr dij ·

          In reply to Smell A rat

          so we may soon see a movie based on this situation: black suited goons come to his door, (pan to him running out the fire escape).

          they hold his family ransom, demanding return of the ‘hidden copy’ of archive email because it contains (either secret project document or evidence of some gov’t officials [bungling | crime | putting a hit on someone]).

          Our hero contacts a senator who should have authority to clean out ‘the crud’, only to find out later he is in on the plot and rats him out. (insert more twisty turny plots here).

      • #3232512

        You Write the Order

        by fgarvin ·

        In reply to Get Written Order

        Not only that, you write the order. Make sure you put in it that you have warned the Executive in question that the action he is requiring is not legal, and that he is still ordering you to do so under threat of your continued employment.

        If he signs, you have him taking full responsibility for the action. You might even think about sending a copy of this order to the authoities.

    • #3232511

      CYA

      by nonsequitr ·

      In reply to E-mail retention policy – ethical dilemma

      As an attorney, I’d tell lwilson to go to the corporate legal counsel and ask for regulatory direction before deleting any documentation. Federal and state regulations may require you to retain that data for a certain period of time no matter what the top of the mtn says. Ignorance of the law will not save you or your agency if someone finds out what you’ve done and it is a violation of the law. Also, make sure there’s a documented policy in placed signed by the on-high person establishing a data destruction policy. This is your CYA if anything happens in the future. I would NOT destroy anything until there is written documentation with a authorized signature that establishes the policy and a legal eagle that tells you it’s all right to do so.

    • #3232510

      Don’t rush into it

      by rosaticrew ·

      In reply to E-mail retention policy – ethical dilemma

      I tend to agree with others, you are the one who’s head will be on the chopping block if you destroy records and not your supers. Follow the laws that are in place and question why this is being done. Most likely the honcho who is ordering this is clueless.

      • #3232490

        I guess it all depends

        by michont ·

        In reply to Don’t rush into it

        If you feel you might be in danger of losing your job over this either way, guess it depends if you want to lose your job by following illegal company policy or lose your job by following what the law says and protecting yourself for future implications. Since the CEO seems clueless here, you could just set up his account to not see email over 30 days old and he’d probably never know that the new “directive” is not being followed. What about local hard drive copies of emails that people archive? I’m guessing that any lawsuit would grab the local hard drives, so it wouldn’t really matter if the server is not storing things over a month old. There will be copies around.

    • #3232497

      Follow the Law

      by robert_m_knight ·

      In reply to E-mail retention policy – ethical dilemma

      I would remind my supervisors of the law. I would then follow the law. If something goes wrong, you will be the first one put out on an island all by yourself. If they give the order through email and you follow their directions, after 30 days, you would not have proof of what they said. Stick to the law. It is the right thing to do.

    • #3232492

      Don’t Do It

      by ramonas ·

      In reply to E-mail retention policy – ethical dilemma

      Absolutely NOT. Job or no job, its a matter of ethics. Government requires retention, you retain.

      • #3232479

        DON’T DO IT

        by mllwyd ·

        In reply to Don’t Do It

        You asked for the advice of your peers. We all are telling you not to destroy the email. Listen to us!

    • #3232489

      Been there…done that…

      by dr.phil ·

      In reply to E-mail retention policy – ethical dilemma

      During my 25+ years working with the Fed Gov I can tell you that almost all of the recommendations are correct on this thread. I can also tell you that I’ve been where you are right now. Document, document, document. Cover yourself several times. If you burn DVD’s make sure you put one in a safety deposit box in a bank. By doing this you have the FDIC and other agencies involved as well and when the feces hit the air handler you’ll have been covered once again. Find the local Fraud Waste and Abuse hotline and keep that number on you. If my hunch is right we will find out that this is not a management mis-judgement. It is way too blatant. If this is a cover-up the company may loose it’s ability to gain future contract work which usually puts a company out of business.

      I was in the same position as you are back in 1984 and I can tell you that you must cover yourself very well. Moving on to a new position will not guarantee you anything as you have already documented yourself in the overall picture by sending out that email telling the users the new policy.

      Even if you are working for a contracting company to the Gov you aren’t saved from Big Brother “inviting” you to testify. I know, I’ve had to do it 3 times.

      In closing, the work place isn’t as simple as it used to be nor as friendly.

    • #3232484

      Go to the Agency IG

      by dancejoe ·

      In reply to E-mail retention policy – ethical dilemma

      Report this directive to the agency Inspector General without delay. Do NOT comply, as you WILL be in trouble. And try to keep your head down.

    • #3232475

      C.Y.A.

      by landsharrk ·

      In reply to E-mail retention policy – ethical dilemma

      That’s an order that I would follow ONLY IF I got it in writing and ONLY WHEN that document was in a safe place off site. Then I wolud gladly get in step.

      • #3232453

        On 2nd thought…There is business and friends. Never the two shall meet.

        by landsharrk ·

        In reply to C.Y.A.

        Get the order in writing. Use any excuse you need to get it. Follow the whistle blowing protocol listed previously by other posters. REMEMBER!!!
        There is business and there are friends. Never the two shall meet.

    • #3232473

      Two Steps

      by mollenhourb9 ·

      In reply to E-mail retention policy – ethical dilemma

      Keep in mind that IT is a service to the rest of the organization, not the other way around. If higher up (an executive group, for instance) says you have to delete the emails, you have to do it.

      That said, you should keep documentation of who said to do it, and when. You should also keep any documentation you have showing that you advised them otherwise; that they were probably breaking the law. Lastly, alert the appropriate governing organization (in your case probably Management and Budget, or some other GAO type department).

      If you are not sure how to do this properly, without leaving your tail in a crack, talk to some “old timers” who know how to work within the system. People who know how to do what is right without hanging themselves out to dry.

    • #3232471

      Get Signed Written Instructions and Confirmation

      by rikdee ·

      In reply to E-mail retention policy – ethical dilemma

      AWM,

      I too work with government, albeit in another country.

      I would write a memo to the CEO detailing my concerns, stating that I believe that carrying out the instructions would violate document retention rules. I would also state in the memo that the capacity of the email server can handle the archiving needs and is not a restricting constraint. In the memo I would request a signed, written document from the CEO that requests the deletion of the emails and a confirmation that deleting the emails is not a violation of document retention laws. To make it esier for the CEO (if he/she indeed thinks it’s legitimate) I would prepare the wording of the document for him to sign but leave it to him to put it on letterhead and sign.

      It is quite likely that the CEO will be mad and may even fire you for insubordination. You will, however, have proof that you did your due dilligence with a copy of your memo. Better to be out of work than to be working in the big yard with Bubba behind you. You even have the option to sue for unlawful dismissal if you are so inclined.

      On the other hand, if your CEO signs then make sure you compare his signature on the document to others he has signed to make sure he can’t claim that you forged his signature. Save the hardopy of the signed confirmation away from the office in case you have to leave the office on someone else’s terms.

      This may seem a bit extreme but you may be set up. Your boss is out of the country? Hmmm…. He gave you verbal instructions so he can claim ignorance in the future and dispute everything you say. You’ll almost surely be the fall guy.

      I’d rather be fired than implicated….

      RikDee

      • #3232462

        less extreme

        by jeffersnet ·

        In reply to Get Signed Written Instructions and Confirmation

        Good thoughts but I’d be less extreme. Something close to this happened to me while working for the State of Nebraska. I used email to communicate my thoughts to my supervisors and they wrote back right away confirming their previous orders. I kept those emails and even burnt an extra copy on a CD for my personal records. If you word it write and only voice your concerns then your boss won’t think you are questioning his authority and you will get a reply that you can save to save yourself.

    • #3232463

      Two choices, or…

      by shraven ·

      In reply to E-mail retention policy – ethical dilemma

      At first it would seem you either have to comply with the request and break the law or refuse the request and risk your job…
      But what if you simply archived all the email to be deleted, notified your superiors of the potential legal conflict and delivered the archive tape with a copy of the legal requirements to your boss? Make sure you have copies of your responses and let your boss do any actual destroying of archive tapes. You will not be guilty of anything and will have complied with the request presented you.
      If you’re really concerned, keep a copy of the archive tape for yourself which you could produce if you ever got dragged into court (at that point I’m assuming you would have no interest in keeping the job – just clearing your name.)

    • #3232461

      CYA

      by kjenkinsaf ·

      In reply to E-mail retention policy – ethical dilemma

      A couple of things that aren’t clear. Is yours a sensitive/secure area and are the files/emails you are asked to destroy of a sensitive nature (read National Security or of Intelligence Value)? Regardless, if you have a “written directive” authorizing destruction from a superior. You should be good to go. Just make sure the OPR has a clearly written policy on this. And if all else fails, try to get the supervisor to sign an authorization (fat chance). Last but not least, the Federal Govt has whistle blower’s lines. You may want to avail yourself of this option if things look bad.

    • #3232454

      If you knew and did nothing…

      by dpuls ·

      In reply to E-mail retention policy – ethical dilemma

      I’m a CISSP – Certified Information Systems Security Professional. I sat for a 6-hour exam and signed a document that basically says that I will not do anything unethical or against the laws of the country I work in.

      If you are actually working for a government agency, then you are right about questioning the policy. A member of the Clinton Admin just got fined and my do jail time for destroying gov’t information by mistake — his clamin.

      And I know the IT market is still very tight – I have to live away from home for my job – but I thing you need to contact either the FBI, the AG’s office, or GAO. The SOx Act has a whistle-blower protections written right in the act; so I am sure there are many rules against this in gov’t.

      If you knew of this and you did nothing, and actually followed the order your future will be greater jeopardy.

    • #3232452

      EMail Creater is the Custodian of Record

      by drew.mashburn ·

      In reply to E-mail retention policy – ethical dilemma

      To answer your question, “What would you do?” It’s high time we quit using the email backup system as the Official, santioned location for storing official email records. Over 90% of the email we create is transitory anyway (non-substantive) and has a very short (if any) required retention period), so we are spending a lot of resources keeping all these email records that should be purged anyway every 30 days. I would advice leadership that the official email record, if meeting the requirement of retention, be kept by the creater of the record itself. This will require some education for the email users. One problem with the current practice of storing all email in the backup system is it makes it hard to retrieve particular records when requested, due to lack of organization/indexing of the email records. Making the IT shop responsible for storing and indexing email records is poor records management. If the users are big enough to use email as efficient means of communication, then they are big enough to learn how to retain their own email records that are subject to retention requirements.

      • #3233118

        Your opinion doesn’t really matter…..

        by rmonaco ·

        In reply to EMail Creater is the Custodian of Record

        Drew, although your comments have some validity, they really are not germane to this discussion. The current law explicitly specifies retention requirements and must be followed as written until and unless the law is amended.

        • #3234548

          Current Law?!

          by drew.mashburn ·

          In reply to Your opinion doesn’t really matter…..

          Each state has their own unique set of record retention law, some more liberal that others. There are some Fed retention law that supercedes state law. Regardless of what retention law we’re dealing with their are common practices for effective record keeping and an email backup system is not one of them.

      • #3232869

        Think a little…

        by kevin.uberti ·

        In reply to EMail Creater is the Custodian of Record

        If the users stored thier e-mail instead of the “IT” people, and thier HDD crashed…where would thier e-mail be. What good would it have done them to save it and have it indexed if thier machine no longer works. You are inncorrect in stating that e-mail storage should be handled by the user…The “IT” pro is the only one to guarentee it will be there when needed.

        • #3234551

          response to kevin

          by drew.mashburn ·

          In reply to Think a little…

          Kevin – regular email users have backups too. I still think an email backup system is a cop out for good record management and retention.

        • #3234511

          Actually, IT is not the answer….

          by govtcio ·

          In reply to Think a little…

          IT provides a service. We are not the email police police… We just make sure the email that the company needs is backed up. We do not tell them how long to keep it or where to keep it.

          I saw in another email that the original poster is reading email of users – I hope not.

          everybody signs a piece of paper that email is company property but I’ll bet the company didn’t give him that access whenever he wants it. You should always have a written request to do that from HR or a manager. You are commiting a crime if you are reading email without authorization.

          govt cio

        • #3234893

          Think a little MORE…

          by rimman.larry ·

          In reply to Think a little…

          IT’s responsibilities for managing the information are little more than providing a place to store it and seeing that the hardware, networks and systems remain available.

          The responsibility for the management of the information (which is a corporate asset) belongs to the originating organization, which is also who funds the service provided by IT in all but the smallest of organizations.

          In the Federal Arena, IT has virtually NO RESPONSIBILITY for the information, as all Federal Records ultimately are to be either destroyed per the retention schedule they are managed under, or transferred to NARA for permanent retention.

          IT is a service that supports the mission of an Agency or a Corporation. As for being the “one to guarantee” information will be there, I’d put my money elsewhere.

          Ask an IT person about persistent format, conversion and migration, media degradation, software and hardware obsolescence planning and see what their response is. In the Federal Arena, many records have retention periods of 75 years and longer, and the same is true for records generated by any Contractors to a Federal Agency… do you HONESTLY THINK that IT is willing to accept this responsibility? They seem to think that 1-3% loss of data during migration is acceptable, and simply state that it’s a “lossy process”… ask and RIM Professional if that’s acceptable.

    • #3233148

      Court Order

      by beachy ·

      In reply to E-mail retention policy – ethical dilemma

      I am the head of the IT dept. for a county government. I would never comply with a dictate such as that. To force people to delete emails, let alone destroy backups, that’s jsut asking for a scandal. As a gov agency in Ohio all of our emails are public info. in fact regqardless of whether we have a email retantion policy, the State does.

      On ethics questions I always consult our local prosecutor’s office. If this is an option for you, I’d suggest you do it. If not (this won’t make you a popluar person) I’d suggest you force the higher ups to get a court order from a judge forcing the issue. I’m sure you aren’t the only person who does not feel comfortable with the decision, you are just the person who will get into trouble because you enforced the dictate.

      If that still isn’t an option, put your thoughts and refusal in writing, take it to your boss and force him to do the records destruction. I’d then start looking elsewhere for a position, because clearly there are ethical issues going on behind the scenes.

      I know this ins’t much advice, but I hope it helps.

      • #3233074

        Snail Mail

        by enserfud ·

        In reply to Court Order

        In this day of high technology there is a low technology way of CYA. Mail a copy of the memo stating your objections to this order to yourself, your attorney, significant other, grandmother; you get the point. However, do not open this letter once it arrives. What you are wanting to establish is proof of your objections and when you objected. The postmark on the envelope proves this. Spend the extra five bucks on the postage and send it registered mail. That way it is kept under lock and key throughout transit. I call this my poor man’s copyright.

    • #3233143

      easier said than done

      by stan.kappiris ·

      In reply to E-mail retention policy – ethical dilemma

      If the details are as you’ve stated: federal vendor, etc. then consider these options…
      1. consult your personal attorney
      2. ask your boss to have the company attorney confirm the legality of the request.
      3. Freshen up your resume
      4. If they fire you ‘after’ you ask for a legal opinion from the company attorney ‘then’ you can claim Whistleblower status.
      5.good luck

    • #3233142

      Don’t jump to conclusions

      by adelpreore ·

      In reply to E-mail retention policy – ethical dilemma

      First off make sure what the policies are regarding e-mail for a government agency (4-7 years).

      Second, make sure Mt. Olympus knows what the statue is – that’s why they pay us – to take care of the details. Someone might have “read” somewhere that it’s good practice to keep 30 days worth of e-mail on the server. It may just be that the higher-ups don’t realize waht all the legal ramifications are. Communicate with them.

      Third, absolutely back-up up everything.

      Fourth – I don’t know what procedures your institution has place for implementing policies – make sure they are followed. At the very least you need a written memorandium to protect yourself.

      Fifth – and I’m sure this is very unpopular – follow your gut. If its telling you it wrong then it probably is. So if its not a miscommunication/misunderstanding – and it is an order – tell your boss you have a problem with it. Worst case you get fired – more than likely you get written-up. Sometimes an employee’s refusal is the quickest way to draw attention to the given case. The person who “sanctioned” the order will be the one under scrutiny, not you.

      Lastly, I don’t know what agency/department you work for but I’m sure there are a great deal of IT positions that you could “laterally” transfer to. Its not the end-of-the-world – its a job. You have to make up your own mind about what you do. WHat ever you decide to do, you must be willing to endure the consequences – whatever they might be.

    • #3233140

      great suggestions, a few more ideas

      by consultant davea ·

      In reply to E-mail retention policy – ethical dilemma

      I read all the preceeding replies, and agree that you have received some great advise. As a consultant to many banks and brokerage firms, I have planned my response in case I am placed in a similar situation.

      1. Verbal command from the boss? Follow it up with an email to him (this is an expected action on your part):
      a. restating his instructions, including specific deadlines.
      b. state my concerns from the perspective of the company or organization – legal (try to cite one mandate or order), ethical, whatever – but do not question his authority; let the others do that for you.
      c. request an immediate face to face meeting.
      d. Inform him since he out of town, I will take no action at all until this meeting takes place.
      e. CC his boss (if he has one), my boss, my boss’s boss, the legal dept, and HR – the ‘others’ I mentioned before. Hopefully, they will feel compelled to send a representative to the meeting, or contact him prior to it.

      2. I have just put Legal and HR on notice that I am questioning his authority in this matter, without directly being insubordinate. I am giving them the opportunity to step in on the company’s behalf – that’s their jobs, after all.

      3. Do not as yet get anyone outside the company involved. Until that first meeting, this is still an internal matter.

      4. Sit back and wait. Legal Dept will no doubt get involved quickly.

      5. Contact an attorney for further advise. I am sure his first advise will be to document and/or record everything.

      6. Play it by ear from this point on, under legal advisement.

      The rest will now depend on how the company’s internal politics plays out. In the meantime, take your backups:
      a. keep one copy locked in your desk or your office, where it would be expected to be found should it be searched for.
      b. keep 2 copies hidden in 2 different, relatively secure places in the office; above ceiling tiles in your locked office, or your bosses office, or behind some furniture; the idea here is to be sure that no one will easily stumble upon it, yet it must not leave the guarded premises.
      c. give one copy to a friend in the legal dept, or another trusted company officer or senior manager; try to get a signed receipt for it.
      d. be sure the ongoing off-site archives include your email and all responses to it, including message exchanges between others regarding it; once offsite, it would probably require a court order to be destroyed.

      Good luck, please keep letting us know what happens.

    • #3233131

      Do You Feel Comfortable Asking Why?

      by ask_why ·

      In reply to E-mail retention policy – ethical dilemma

      Not knowing your environment or management ? how would they take it if you ?Asked Why????.specifically due to the legal implications that may exist for your company. Like always there is a worst case ? you could get fired. My take, as you implied there is an ?Ethical Dilemma? and we have seen in the last several years the results when those of us who have to perform the work are coerced into doing things that we did/don?t feel comfortable with ? one big result on our side, the Sarbanes-Oxley Act of 2002. Oh, by the way I know of several suits that have filed suit based on the ?Whistle Blower? section of the Act – they were won.

    • #3233127

      Reply To: E-mail retention policy – ethical dilemma

      by the admiral ·

      In reply to E-mail retention policy – ethical dilemma

      If the word does not come in the form of an official email, then it is not the word. You have to have documentation stating that the top brass has stated that this is the case. If not, it is business as usual.

    • #3233124

      DON’T DO IT!!!

      by no name specified ·

      In reply to E-mail retention policy – ethical dilemma

      Just remember this: the phrase “I was just following orders” does NOT make you innocent, and you can bet that there will be someone out there itching (or getting paid a lot) to prove that you aren’t. Another something to remember is that you are NOT innocent simply because you “did not know it was illegal”, and bottom line is that the lowest person on the totem pole always pays the price. Don’t believe it? Ask the seven soldiers from Abu Grahib. You pushed the button = you pulled the trigger = “nobody told them to abuse the prisoners”.

    • #3233121

      Maybe you need a solomonic solution…

      by abelm ·

      In reply to E-mail retention policy – ethical dilemma

      There’s no doubt that you are in an ethical dilemma. If you do not follow the orders, the “top of the mountain” would think you are such a rebel, but if you do what they ask for would be a policy violation. The way i see to sort this issue is doing a tape backup on your own, hidding it in a secure place. Then proceed to follow the orders.

    • #3233120

      No, No, No

      by strikeleader ·

      In reply to E-mail retention policy – ethical dilemma

      Get a lawyer NOW! Put off doing anything until you talk to legal consul.

      • #3233029

        Best advice yet!

        by trapper ·

        In reply to No, No, No

        I am an employee of one municipal government and an elected official in another. If I did this even with my personal e-mail I would potentially be in violation of several open records laws, and would certainly be considered suspect. The higher the level of government your agency is, the more laws apply. Someone is acting like they are in deep trouble – do not let it be you. Get legal help yesterday.

    • #3233117

      whistleblower

      by jdgeek ·

      In reply to E-mail retention policy – ethical dilemma

      The world needs more of them. Keep them honest, and get your resume ready.

      • #3233050

        Unfortunately,

        by tonythetiger ·

        In reply to whistleblower

        Whistleblowing follows you, and can narrow future opportunities.

    • #3233110

      Lots of good advice from the list

      by wwwebster ·

      In reply to E-mail retention policy – ethical dilemma

      Sounds like a lot of good advice from the list to me. If there are laws requiring record retention (and I’m certain there are) then YOU are obligated to follow the law, as well as the Agency you work for – Doesn’t matter what your employer tells you. It would seem that a prudent course might include some or all of the following ideas (mostly drawn from other posts):

      1) Document that you have raised the issue;
      2) Backup everything that is to be deleted (for your protection, not the Agency’s);
      3) Consult your agency’s legal counsel if their is one – let them argue the point;
      4) If you can’t get them to re-evaluate their decision, you either have to follow through or seek employment elsewhere.
      5) Seeking personal legal counsel would probably be a very wise idea.

      As someone else mentioned, if the law is violated and you were on deck when it happened, you WILL have to discuss it with the authorities, maybe even testify in court, regardless of your personal stand on the issue. Going forward, it may not be any concern of your whether your agency is in compliance with the relevent laws – that would depend on who the authorities considered responsible for guaranteeing compliance. As far as backups are concerned, being in personal possession of the backups might place you in jeopardy as well, as those materials would probably be considered ‘corporate/agency’ property, opening the door for a problem for you of a different sort.

      Finally, I would just like to say that I don;t think anything good can come out of your situation ad you have my sympathy. Your CEO has entirely too much time on his hands if he is concerned about email server efficiency – I mean, exactly what does he need you for?! Isn’t the resolution to a systems problem best left to the systems people to resolve? Rather curious that such a decision comes down to your department and unfortunately, you may have set your self up for ‘disciplinary action’ as a result of raising a red flag.

      Going forward, it isn’t your problem if they are in compliance

      • #3233102

        Agree with wwwebster

        by cgoeckel ·

        In reply to Lots of good advice from the list

        After reading the discussion I would have to agree with everyone telling you to
        1) Document your concern and the responses from the higher ups.
        2) Inform the company/agency law dept as well as HR. Doing the CC for them will set off red flags for them. The law dept will be or should be up to date on any of the issues you have. Especially with all the activities of late.
        3) Don’t do anything till the Boss is back from vacation and arrange a meeting with him, your boss, HR or Legal. Cover your bases and yourself. Look at it from a company point.
        4) The whistle blowers act was designed to cover you in case of retribution. True some companies don’t like that.
        5) Make copies of the back ups and store them on site. Like it was mentioned earlier. Taking them off site could get you in more trouble. The one copy in your desk or office was a good suggestion with another still on site. One to the legal folks with the signed receipt covers you as well.

        Your definitely being pushed to do something that is covering up someone’s mistake. It may not even be a company issue. The Boss may have had personal “talks” with someone outside the company that were immoral, illegal etc. and he realized there is a trail out there and wants it gone.

        But if you work for a government contractor or agency, its better to have your rear covered when or if it all hits.

        Cover yourself and everyone else in the trenches. Let the higher ups take the heat when it hits.

        Personally…I work in a public “company” so we of course keep email backed up and saved. Just like the financial records. The public can view these records at any time thanks to the Public Information Act. And it isn’t a bad thing either. Supposed to keep public offices honest.

        So in ending…don’t do it, cover yourself and get the legal folks to back you up on it. They will have the companies interests in their mind and their own jobs in their hearts if they get asked why they didn’t step in at the beginning if everything goes south.

      • #3233072

        Being one that works for a state agency…

        by jeff ·

        In reply to Lots of good advice from the list

        Since IT people aren’t lawyers why do their job. Get the authorization of the new policy in writing. Then take the letter to the lawyers within the dept. to verify the legal issues. They will then send you a letter stating that the new policy is ok or not. If it is not then you, they (lawyers), or both send a letter to the person requesting the policy change that the policy cannot be administered.

        Your butt is not on the line since you were not the one that said you can’t do it.

    • #3233109

      high time you try something else than becoming a scapegoat .. for others

      by buddana ·

      In reply to E-mail retention policy – ethical dilemma

      any idea why your managaement .. want to delete the backup .. when maintaining a backup vth surplus hard disk space and mailboxes available… is damn affordable and easy task to do……

      unless you have something to do vth this issue…. why do you want to … become a spacegoat for others foolish decissions… it migh look ok for now.. but in the long run .. for a company …. you need to refer to many things .. that may not be just 30 days old…

      hmmmm poor situation you are in .. reminds me of only one thin g.. quit the job and save you neck and your prestige…

    • #3233106

      Ulterior Motive?

      by spadata ·

      In reply to E-mail retention policy – ethical dilemma

      I read quickly through your letters on this subject — you appear to be more of a vindictive employee with political goals contrary to your company’s ??

      Especially the comments that you have been reading all their private email and you now have admitted to have commited a FEDERAL CRIME!

      • #3233005

        Reply To: E-mail retention policy – ethical dilemma

        by angry_white_male ·

        In reply to Ulterior Motive?

        Company mail = company property – everyone signed an internet/e-mail use agreement where they consent to their mailboxes can be inspected at any time. I’m also the IT security guy here. I suspect a problem – I look into it and report my findings, even if it was just a random audit. No laws broken here.

        Don’t want to get in trouble? Then don’t speak of your malfeasance on the company mail system.

      • #3232992

        AWM – See it’s starting already

        by mikercol ·

        In reply to Ulterior Motive?

        Start talking to a lawyer, a PAID lawyer, if you are using a lawyer “buddy” and they have not told you to hire your own, they are giving you bad advice.

        You should NOT post anything else here because TechRepublic will DEFINTELY respond to a subpoena by coughing up their backups.

        Angry White Male – why did you pick that alias? It’s perfect for your bosses lawyer. “We didn’t know that he was a disgruntled employee. How could we have know that he was SECRETLY destroying company records. We have always been able to trust our IT pros……..”

        • #3232987

          Exactly

          by wildmarjoram ·

          In reply to AWM – See it’s starting already

          See my post of a few minutes ago (titled, “don’t forget this is public” or something like that.) Talk to a lawyer. Delete your last few posts.

        • #3232907

          Posting here is GOOD

          by donaldjj ·

          In reply to AWM – See it’s starting already

          Since there are lots of us who read this series of posts it is PROOF you were not trying to hide anything. And be glad that these poswts are here as when they are grabbed by court order they will back up you NOT your boss.
          1) get it in writing.
          2) back up everything at least 3 times and spread the sealed copies around to those that can hold them wiyhout problem.
          3) regestered mail and not opening them is good since it proves the custodian did not read anything.

      • #3232879

        Fed crime -NO!

        by zzyp ·

        In reply to Ulterior Motive?

        It has been well established that it is not a federal crime for a company employee to read e-mail sent on company computers.

        Spadata is wrong.

      • #3234557

        I have to agree

        by mross01 ·

        In reply to Ulterior Motive?

        You have painted yourself into a corner and now are starting to sound vindictive and looking for a easy road. Things only seem to be getting worse for you here.

        By the way, I’m not sure you mentioned it, but govenment agencies don’t have CEOs.

    • #3233105

      CYA

      by jdriehm ·

      In reply to E-mail retention policy – ethical dilemma

      First, discuss the matter with your supervisor and ensure that he has made the powers-that-be aware of the effects of this mandate on business process, compliance, liability, etc.

      Second, even if your boss did not get this directive in writing, make sure that you get it on company stationary, signed and dated.

      Third, you might even want to consult with an attorney.

    • #3233104

      This is not hard to fix

      by kwilliams30 ·

      In reply to E-mail retention policy – ethical dilemma

      If your state law (Open Records Act) requires that you keep emails for a specific period of time, then you WILL violate the law by deleting them. Fixing this is easier than you think. Just send a copy of the memo/order (anonomously of course) to the local news media, both print and television. Let them take the agency on.

      If you don’t want to cause a stink, then talk your agency’s legal advisor and pose the question to him/her and them deal with the top brass. If you don’t have a legal advisor in-house, then your govening body will have a legal department — contact them with your question. They don’t want lawsuits if they can avoid them.

      Good Lucj

      • #3233081

        That’s good advice

        by oregonnative ·

        In reply to This is not hard to fix

        I agree with kwilliams that you should take a strong stand on this. I don’t think I would go straight to the media; I would presume first that this mandate is coming from an idiot rather than a felon. But I would CYA.

        One other thought; it was not mentioned if the mandate came down orally or in writing. My bet is that this is an oral instruction. If that is the case, you are under no obligation to comply. However, everything you do must be in writing from this point forward.

        Finally, start lookiing for another job. I’m sure this is not the first moral dilema you’ve been in at this agency, and it won’t be the last. Unless there is new leadership committed to cleaning things up, you’ve got to protect your career and get out!!!

    • #3233103

      law comes first

      by lholder ·

      In reply to E-mail retention policy – ethical dilemma

      Obeying the law comes first. Explain to the powers-that-be that the requested action would violate the law. If they will not listen, take it up the chain of command.

    • #3233097

      Other ways

      by digi-tal ·

      In reply to E-mail retention policy – ethical dilemma

      My advice is to store the email in a different way, Archival storage on say a DVD to cover yourself. Here is the probable cause… Email clutter and requirements for storage are growing at a phenomenal rate. I have users who refuse to delete ANY email whatsoever. The only way to manage it is to archive it, save it as a DVD (since this takes less space than tape) and label the DVD with the date of archive – I make the powers that be happy because I am not using as much storage and tape space on the servers. I also shop around for quality DVD media at a decent price and I use a workstation in the server room (no one knows about it but I.S.) to store/backup from. No matter what the scenario, I am pretty well covered.

    • #3233095

      Get it in writing!

      by bob.wasson ·

      In reply to E-mail retention policy – ethical dilemma

      We are each responsible to someone. I suggest you inform those above you of your concern in writing and if their decision does not change get the request from them in writing – always in writing! They may reconsider enforcing this if they have to put their signature on it.

    • #3233093

      Tweet tweet…

      by jsmith2 ·

      In reply to E-mail retention policy – ethical dilemma

      I’m Canadian, so I apologise for not knowing the American terms, but if that happened to me up here, then I would call the Auditor General. Here in Canada, the Auditor General is the government watchdog. She’s the person who digs through government emails to find out who is doing what to whom, and who is pocketing the loose change, so if anyone would know of a legal reason to disobey your boss’s boss, she would be the one. Is there an American equivalent to this person?

      Either way, I highly recommend that you talk to your personal lawyer before you put your head on the chopping block. If you’re being forced to break the law, even an obscure or ambiguous law, then you need protection.

    • #3233092

      Reply To: E-mail retention policy – ethical dilemma

      by johnri60626 ·

      In reply to E-mail retention policy – ethical dilemma

      Knowing that you will be in violation of federal law if you follow this instruction you have been given, your choices are fairly clear.

      You cannot violate the law, but to be in compliance with yout order, simply squirrel the current backup tapes away to CYA and continue using a new set of backup tapes. You should have these available through your department anyway, and having a second backup kept in secure vault off site is what I advice my clients to do as disaster, such as flood, fire, etc. If you do this, you are not only smart, but covered and compliant.

      • #3233071

        Reply To: E-mail retention policy – ethical dilemma

        by johnri60626 ·

        In reply to Reply To: E-mail retention policy – ethical dilemma

        Knowing that you will be in violation of federal law if you follow this instruction you have been given, your choices are fairly clear.

        You cannot violate the law, but to be in compliance with yout order, simply squirrel the current backup tapes away to CYA and continue using a new set of backup tapes. You should have these available through your department anyway, and having a second backup kept in secure vault off site is what I advise my clients to do as disaster recovery measure against flood, fire, etc.

        If you do this, you are not only smart, but covered and compliant.

      • #3234545

        Fed Retention Law?

        by drew.mashburn ·

        In reply to Reply To: E-mail retention policy – ethical dilemma

        other than health records and some financial records, the Feds have very little records statutes governing state government general records. It’s primarily STATE records law that determine “what” and “how long” records be kept.
        I don’t know of any Federal General Records Retention Laws you seem to be inferring exist.

        • #3234265

          Retention for Federal purposes

          by slurpee ·

          In reply to Fed Retention Law?

          Check here: http://www.archives.gov/about_us/regulations/part_1234.html
          It specifically states: “Agencies shall establish policies and procedures to ensure that electronic records and their documentation are retained as long as needed by the Government.” This includes e-mails.
          Or more bluntly: “(d) Electronic mail records may not be deleted or otherwise disposed of without prior disposition authority from NARA (44 U.S.C. 3303a). This applies to the original version of the record that is sent or received on the electronic mail system and any copies that have been transferred to a recordkeeping system. See 36 CFR part 1228 for records disposition requirements.”
          I would talk to one of your agency lawyers, if you have any; otherwise I would be prepared to quit/be fired and contact the Feds prior to the actual destruction of the e-mails.

        • #3234221

          There are MANY Federal Retention Laws

          by rimman.larry ·

          In reply to Fed Retention Law?

          The fact that you don’t know of them underscores that you’re in IT/IS and NOT in RIM!

          Take a look at 36CFR, Subchapter B, Part 1220 for the lead-in requirements and 1220.30 specifically for requirements. After you’ve gotten your feet wet here, go to Part 1234, 1234.24 specifically to find out about E-mail.

          There are the General Retention Schedules, which are managed by NARA, that all Federal Government Agencies utilize to develop their Agency specific schedules from, and if items are not include in the GRS, the Agency must submit an SF-115 form to NARA for the assignment of a retention period. Until that time, these records are considered “Unscheduled” and the retention period for unscheduled records is PERMANENET until they have been evaluated and assigned a retention period.

          The GRS is based on the function a record serves and the series it’s assigned to to determine the retention period and a HEADS UP HERE FOLKS, the requirements in the GRS apply not only to all Federal Agencies, but they apply to their CONTRACTORS and SUBCONTRACTORS as well.

          In addition, the rule with the Feds on records is the retention period is determined by the CONTENT of the record, not the SUBJECT and once something has been determined to rise to the level of a record, the retention requirement is the same “irrespective of media, form or format” of the record.

          E-mail is a CONTAINER, the retention period is applied to the CONTENT, not the container. There is NO ASSIGNED RETENTION PERIOD FOR E-MAIL as an object, and E-mail is NOT A RECORD SERIES.

          Recently, there was a document in the Federal Register for comment regarding “Transitory E-mail” and the ability to delete copies of E-mail messages in 30, 90, 180 days once they were determined to be transitory in nature, but the final rule on this has yet to be issued.

          My recommendation to the original poster of this thread is to consider the fact that BECAUSE YOU ARE AWARE that there are guidelines that are to be followed, if you KNOWINGLY DESTROY FEDERAL RECORDS, there ARE PENALTIES. Take a look at 44USC, Section 3301 and follow the bouncing ball to the balance of the requirements….

        • #3233423

          State agency, not Fed.

          by barbedwire ·

          In reply to Fed Retention Law?

          Drew said “the Feds have very little records statutes governing state government general records”, if you read it again. Both replies talked about Fed agencies…
          So what about state agencies.
          I still think the original poster works for a private company anyway. Among other things, he said he went and talked to the CEO – doesn’t exist in government.

        • #3233355

          Government Agency

          by it cowgirl ·

          In reply to State agency, not Fed.

          The original poster clearly states he works for a government agency, with both state and federal laws which apply to the retension of their emails.

        • #3233314

          Reply To: E-mail retention policy – ethical dilemma

          by angry_white_male ·

          In reply to State agency, not Fed.

          I can’t get into too many details as not to give away who I am or who I work for, but we are public/gov’t sector… we have a board of commissioners appointed by the state governor that oversees us. The vast majority of our funding comes from local/state/federal sources with the remainder from user fees. Generally speaking we’re a who’s who of local politics… lose an election – come work for us… want a job with us – better be related to a congressman, state lawmaker, etc. We’re very intertwined with local and state government. It’s a little complex… the usual rules of gov’t don’t exactly apply to us (although that may change in the future) – and if I really explained it I’d be giving myself away (hey – never know who’s reading this and who may know someone, etc…).

        • #3234035

          The originator said…

          by rimman.larry ·

          In reply to State agency, not Fed.

          “The twist is that we’re a government agency that falls under a number of state and federal regulations, requirements and obligations”

          Based on this comment it seemed as if he identified himself as a “Govt Agency” and said he falls under Federal Regualtions”, the advice provided and citations of laws were correct. Many State agencies are also bound be Federal Law as the over-arching authority that controls how they manage records, or the State regs are crafted in the same language as the Feds

    • #3233089

      It’s quite easy to solve this and keep your job.

      by steve.simpson ·

      In reply to E-mail retention policy – ethical dilemma

      If keeping copies of the data is all that is required to satisfy the law. Than make one before you delete everything. Give it to your boss and ask for confirmation that he’s looking after the only backup. That way it’s up him what he does with it.

      I think I’d be very tempted to make a copy for my self though, just as insurance.

      • #3233073

        New Mantra….Backup & document …. repeat

        by scott.sorensen ·

        In reply to It’s quite easy to solve this and keep your job.

        If in your shoes I’d backup and document everything first for myself then I’d pass another copy up the chain of command. I also find it helpful to talk to someone above the guy wanting to delete everything. You dont know when the shi*t may hit the fan or if it even will. Maybe things have change in the corp and you now have a dept that will back eveything up for you. There may be a bright side to it, just dont look for it so hard you forget to cya.

    • #3233065

      What to do?

      by stampout ·

      In reply to E-mail retention policy – ethical dilemma

      Of course, don’t break any laws. You might try getting the order signed and in writing before taking any action.(optional) Then either backup or copy the email destined to be deleted to tape, another server, or perhaps an external hard drive if one can be located that’s large enough. Either way, save and store it. Then follow the request that came down from the top. It would probably be best not to announce that the email is stored elsewhere, just in case the deletion is intended to eliminate culpable evidence.

      • #3233052

        Best of both worlds?

        by kmiller ·

        In reply to What to do?

        How about making 2 backups (to tape, DVD, whatever you’ve got) and giving one to your boss? Stash that second backup somewhere safe and don’t let anybody know it exists. Good luck, it’s tough to be put into that position, I was there once and this is exactly what I did. Luckily, I never needed that 2nd backup and I left that company for another position a few months later.

    • #3233056

      3 words – See a Lawyer

      by bootp ·

      In reply to E-mail retention policy – ethical dilemma

      If necessary, pay for one yourself.

      When the soft brown stuff hits the fan, you can bet your last paycheck that the mountain won’t be pointing at itself.

      Depending upon how delicate the situation – meaning how many years your boss could serve if whatever it is managements wants deep-sixed – you may or may not be able to seek out the advice of organizational legal staff. If it is too delicate, then their advice will have been compromised. Also likely, the internal legal staff will ignore client confidentially oaths and will instead pass up your “insubordination” to management – probably not what you had in mind.

      If time is short – then draft a written document to YOUR supervisor that you believe the destruction activities are illegal and ask HIM/HER for clarification IN WRITING. …. this is called passing the buck and trying to pre-empt a defense when the bullets start flying.

      Welcome to the world of hardball politics.

      Ethical issues aside, it is easier to secure employment when you are OUTSIDE jail than when you are inside jail. Or in the middle of legal difficulties. So, get clear on LEGAL vs ETHICAL.

      Finally – yet another example of why so few really good (honest ??) people wind up in the political arena.

      BTW – Been there and done it. I stayed honest and ethical – but it did cost me my career. Now in another field and still breathing the air of my choosing.

    • #3233055

      Duality

      by oscaro ·

      In reply to E-mail retention policy – ethical dilemma

      Having worked with International companies I would have a IT director in one place and a business director at the local office. As such one provides technical direction and the other business direction. Sometimes one would get into the others territory and it was my job to be diplomatic and clear in these issues. When all is said the choice is what is best for the organization as a whole and not us as individuals.
      Hope this helps.

    • #3233046

      Ethics are Clear, You keep them

      by raclapp ·

      In reply to E-mail retention policy – ethical dilemma

      Unfortunately, you are being put in the position of WhistleBlower. Here in Ohio, an action like this COULD be considered ILLEGAL. Get the order in writing (if anyone is dumb enough to do so). Then, it is time for a “leak” to local media. The order will reversed along with the careers of some idiots who are way to high in the chain of command.

    • #3233043

      Records Management problem as well

      by consultanttrish ·

      In reply to E-mail retention policy – ethical dilemma

      As a government agency, you should have a Records Manager and a records management schedule. Handling of the e-mails that are records should be covered in the records management schedule. Get the records manager involved and talking with the IG office about this matter.

      At the least, better education on the records management policies and practices needs to be done; at the worse, a records management decision and change in policy and procedures needs to happen to make sure that records that exist only on the e-mail server are considered and handled by the records management policy and practices. I know because I have done this as a consultant for government agencies.

    • #3233022

      SOX or HIPPA may have protection as well

      by raclapp ·

      In reply to E-mail retention policy – ethical dilemma

      I wonder if there is also any protection from HIPPA or SOX law. There are records clauses in both, dealing with retention. May be some good reasons to convince the CEO to stop. You may be able to tell him the company won’t pass their next SOX audit if they do it.

    • #3233018

      Listen to all

      by jeremyhoughton ·

      In reply to E-mail retention policy – ethical dilemma

      I’d listen to the advice of almost everyone here especially those of us that have been in similar situations or ones that work for gov’t agencies or gov’t contractors.

      You need to remember that it is you on the line initially so definitly CYA, if your relationship is a positive one with your superior then talk to them, but don’t do that until you make a back up of everything first. One thing that can be learned the hard way is those you think you can trust in a company may have to cover themselves as well and that means letting it fall on you.

      If you can, make backups and keep them in a secure location. Before you take them offsite you will need to find out the policy of your org. You don’t want to be the one trying to do right but end up getting arrested because you have “stolen” company property by taking it offsite. There are usually places with in the company you can hide things.

      Also depending on where you work take a micro casette recorder or a voice recorder of some kind when you talk to your upper management. Try to get in recorded in some way. And know what questions you are wanting to ask before you go in but don’t act scripted just concerned.

      If you can’t record it then follow up with an email confirming what you spoke about, get a read reciept of some kind and keep that. You will want to be able to verify later that it was sent, recieved and read.

      These are just some thoughts, hope it works out.

    • #3233001

      E-mail Retention

      by d.warwick ·

      In reply to E-mail retention policy – ethical dilemma

      It is prudent to notify all E-mail users that the action to destroy the E-mail records is going to take place and the time and date of the intended action. This is also a way of notifing the legal counsel specifically of the inpending action. As a dept. manager of a public agency it is important to communicate any such request, regardless of the source, to the general counsel of the agency and seek advice on the “legal procedure to affect the action”.

      Depending on the applicable juristdiction, the enacting manager (you) could be held personally liable for the action. This does not ensure the action will not be a problem in the future, but you have taken the appropriate action to defend your legal liability. Be sure to keep a copy of the legal dept’s response. If it is a violation of the laws, then the legal dept becomes responsible for the decision once provided notification.

      By notifing the E-mail users you will also protect your trust with them.

      Having served for 13 years in a similar position of a public agency, the decision may not have been made to cover someone but rather at the suggestion of an uninformed administrator. Let the Legal Dept. take the “heat”, but protect yourself.

    • #3232990

      Reply To: E-mail retention policy – ethical dilemma

      by angry_white_male ·

      In reply to E-mail retention policy – ethical dilemma

      Thanks for the advice everyone.

      The plan of action is to make a last attempt to scuttle these plans and ensure we as a company is excersizing due dilligence and following the law.

      If that doesn’t work – I’ll document everything, hide a backup tape, make a call to the state Inspector General’s office, update my resume and pray.

      We’re set to be audited sometime starting next month which may explain the timeline they’re imposing.

      Red flags and alarms.

      Wish me luck.

      • #3232974

        Oh, so that’s why he’s worried …

        by consultant davea ·

        In reply to Reply To: E-mail retention policy – ethical dilemma

        >> We’re set to be audited sometime starting next month which may explain the timeline they’re imposing.

        Oh, so now we all know what the problem is. Your boss (CEO) is no doubt expecting something serious to show up in the audit, and wants the emails banished to perdition instead of him.

        Congratulations are in order to you. Because of your tougher moral fiber, you will no doubt be the first step to putting this guy (and probably others) where he belongs.

        BTW, please make sure in the meantime you try to get this verbal order either in writing or electronically, to provide evidence of his desires. When the auditors come to your group, and ask if there has been anything of note they should be aware of, you can innocently present them with your evidence and your back-seat quarterback suspicions. ‘Nuf said.

        Dave A.

      • #3232957

        Send a per your request confirmation email

        by chi_girl ·

        In reply to Reply To: E-mail retention policy – ethical dilemma

        Business is done via email constantly, it is the equivelant of a handshake, seals the deal. So if your CEO thinks emails are not a form of legal documentation he might have gone to the great school of “Enron”. I’d send the CEO a per your request (or directive) the following measures have been taken, instituted ect. email confirming and outlining the steps. Save it and his reply as well.

      • #3232917

        Reply To: E-mail retention policy – ethical dilemma

        by scott.geiger ·

        In reply to Reply To: E-mail retention policy – ethical dilemma

        Hmmm, good idea, the only thing I see as a problem is that if you do go ahead and “destroy” the emails, even with a backup copy, you could still be considered an accomplice and get in trouble for “attempting to destroy data”. Not quite a serious as actually destroying it, but still… Also, what if something happens to the backup? I would say stand firm and refuse. It’s not about CYA, it’s about not doing something illegal. An employer CANNOT compel an employee to participate in an illegal activity.

        Good Luck whatever you decide.

        Scott Geiger

      • #3232894

        What you COULD do.

        by tonythetiger ·

        In reply to Reply To: E-mail retention policy – ethical dilemma

        Is, after you make your backup copy, get everything ready to the last step, then ask your supervisor to actually click OK to delete the files. Shouldn’t be a problem for him, right? 🙂

      • #3234538

        Good plan but don’t hide backup tape

        by schmidtd ·

        In reply to Reply To: E-mail retention policy – ethical dilemma

        Contacting the AG office is the best first step. Legal and procedural advice is a great idea. So is documentation of your actions. But in the process make it clear you are doing this to “understand” your legal requirements, not because you think something is being “covered up”. This is pure speculation on your part (I am not saying your wrong, merely that legally you don’t want to take a stand on this issue.)

        BUT whatever you do, don’t start archiving and hiding organization data!!! Under no circumstances should you allow yourself to become the arbitrator of what data should be archived or how long it will be archived for. You make yourself liable both to outside parties and your organization.

        It is becoming standard pratice for many organizations to delete non essential data. In fact a policy of this kind is often designed to protect an organization from the retention laws, let me explain.

        You need to read the regulations very closely. If you have no policy on data retention, you potentially become liable for any and all data, after all why did you delete A but not B? A defined data retention policy will answer this question and in fact is one thing audit often looks for.

        You may be pressed for time, but hiding data is a dangerous option. I should hope it won’t come to this and you have time to get advice from the AG office, but if you still decide you need to keep the tapes, you should turn them over to a legal authority of some kind, like the AG office.

      • #3234624

        Post your resume

        by john ·

        In reply to Reply To: E-mail retention policy – ethical dilemma

        After reading more of this thread and thinking a little more about it, I think if I were you I would go ahead and look for another job, or at least request a transfer.

        I can’t envision a scenario where this would occur except for one: there must be some damning stuff in that email for someone, and that someone wants you to assist them in a coverup. There is no other logical explanation. If the concern had to do with the efficiency of email systems, then it would have had to have been preceeded by an incident where the email systems did not perform up to spec, probably an ongoing issue where management felt they had to step in and ask for a fix. Since you state that this is not the case, then the only remaining conclusion is that there is some information in that email archive that someone wants erased. Personally, I would not work for such an organization. Post your resume and get out!

        • #3233313

          Reply To: E-mail retention policy – ethical dilemma

          by angry_white_male ·

          In reply to Post your resume

          Been job hunting since January, mostly fishing… a couple of interviews, lunch meetings with recruiters, etc… – seeing if something better comes along… but the IT job market is still a bit slow in these parts. But the search has shifted into a higher gear now that I’ve been tasked to do something that I object to for a multitude of reasons.

          I have a feeling that your hunch is right and it’s the same thing that I’m thinking – something ain’t right. If the mail server was “inefficient” – I’d be the first to know since it’s part of my job (and my phone would be ringing off the hook if an e-mail or calendar appointment took more than a second to come up).

    • #3232986

      Do what CEO says and keep backups

      by ogils ·

      In reply to E-mail retention policy – ethical dilemma

      Do as CEO say but before each deletion archive the month’s emails with a unique name – pertinent to date – and place archive in a location that you know will be backed up.

    • #3232980

      Refuse, get fired, sue the pants off of them

      by breadtrk ·

      In reply to E-mail retention policy – ethical dilemma

      in a public lawsuit. After you are fired, turn over all of your evidence to all of the local news stations, govt agency’s.

      Let this clown make you a millionaire.

    • #3232976

      Something’s rotten in Denmark as they say..

      by blueknight ·

      In reply to E-mail retention policy – ethical dilemma

      Usually there is a reason provided with a directive such as you’ve received. It seems to me that the “top of the mountain” is attempting to cover something up.

      If I were you, there are several things I would do before I carried out “Mr. Mountain’s” order:

      1) Research laws and legal requirements that regulate your particular business. If you find that it would be illegal, inform your direct supervisor of your finding, tell him that since it is illegal, he will have to find someone else to carry it out if he still wants to be part of the activity.

      2) Check with the users you said need documents available for extended periods. Inform your boss of your findings and set up a meeting with those users and “Mr. Mountain” so he is made aware of the need. If it’s a legitimate business need the users have, he’d be stupid to destroy documents they need to accomplish business objectives.

      3) Once you find it is NOT illegal, and assuming the users can be satisfied regarding retention periods, then, and only then carry our “Mr. Mountain’s” directive.

      If you happen to find that “Mr. Mountain” has done something illegal during your “research” phase, report it and stop — do not carry out his directive lest you implicate yourself in the “crime.”

      We in IT need to do what’s best for the company and what’s best for the users. We need to do what is right and ethical. If we don’t, we’re no better than the hackers and others we all despise.

      If it comes down to it, look for a new place to work. Your integrity is worth much more than the job.

      Jim

    • #3232960

      Yes. GET A LAWYER NOW!

      by dc_guy ·

      In reply to E-mail retention policy – ethical dilemma

      If time is of the essence, you’ll have to pay more to get one right now, but it will be worth it. We all make jokes about lawyers, but there are times when you just flat need one. This is one of those times.

      Most, if not all, of the options you have available are dicey. You really could be prosecuted, and it’s not clear which option will eliminate that risk. Don’t take chances with your future!

    • #3232941

      really stuck

      by donaldjj ·

      In reply to E-mail retention policy – ethical dilemma

      Well I would follow government policy and retain the E-mails. Should you be fired you then can say you were fired illegally because you followed Government policy. This will then work back up the chain of command until top person is found who gave the order. He/She then should be sued/fired for giving an illegal order.

    • #3232923

      The email destruction dilemma

      by jattas9 ·

      In reply to E-mail retention policy – ethical dilemma

      I too was given a new electronic retension policy in my company which happens to be a newspaper. Whether or not there are regulatory issues, I found the policy highly problematical with the executives of the corporation (A newspaper group). Although never stated in writing, the reason for the policy was to eliminate any audit tracks that could be used in the future for a lawsuit.
      For the most part, most managers and executives, found the policy incredible. They as I used the system to maintain our communications records, and reference past contracts, etc. This is exactly what the parent corporation wanted broken.
      The crumb supplied as a solution, was that if you have something that important, print it out and file it. I believe that would have been addressed later, and dealed with in a similar situation. Alternatively, save the file some where else in your “My Documents” for future reference. I believe that was going to be the next issue. I being the IT Director, found the need to keep many records, since they related to our 1000 employees, as well as a hundred or so vendors. Since there are only 4 or 5 secretaries in the entire corporation, everyone is responsible for their own documents. This creates a tremendous labor intense activity for most managers.
      I frankly believe that all corporations should be legal required to keep all communications for several years, written or electronic. I would not be surprised to find that there is a law somewhere that supports that position. My opinion only.

    • #3232918

      SOX

      by jharney ·

      In reply to E-mail retention policy – ethical dilemma

      Take a look at SOX (Sarbanes Oxley), then remind
      your management about their (not yours)
      resposibility to be accountable. This may be the
      answer to your audit question. We also are
      assisting our customer with becoming compliant.
      Good luck to you.
      JGH

    • #3232884

      If you are aware then you are Guilty

      by xrogers ·

      In reply to E-mail retention policy – ethical dilemma

      Ignorance is bliss but you are no longer Ignorant. The LAW is th LAW. They are not guidelines they are LAWS. And the law is less tolerant of gov?t and public agency?s trying to get around it. Ask for the directive in writing, signed by your superior. The Top Dogs will declare that they didn?t know what you were doing. Remember the email belongs to the corporation and who is that. Public agency equals the public. Simple what are they hiding? Maybe that the Boss wants to hide something personal. No matter, take a long look before you leap off that ledge.

    • #3232878

      QUILTY

      by xrogers ·

      In reply to E-mail retention policy – ethical dilemma

      http://www.usbr.gov/recman/rcd/rcd07-01.htm

      Directives and Standards RCD 07-01

      read paragraph B

      PENALTIES MAY BE IMPOSED ON EMPLOYEES WHO ENGAGE IN THE UNAUTHORIZED DESTRUCTION OF FEDERAL RECORDS.

      • #3232826

        But he is Authorized

        by Anonymous ·

        In reply to QUILTY

        Getting the CEO to approve the directive in writing, by email or otherwise, would therefore authorize our poor Network guy to delete the emails. The person who does NOT have the authority to call for the destruction of the emails, is the CEO. Therefore he would be guilty and not the IT person.
        This really sounds like a story out of WWII. The front line grunt is ordered to kill another human. He doesn’t want to, but he has his orders!

        He should really get his manager to do it. If they won’t do it, then he should decline to do it as well. No matter what happens, it will probably cost someone their job.

        Damned if you do, damned if you don’t

        • #3234534

          Reply To: E-mail retention policy – ethical dilemma

          by johnri60626 ·

          In reply to But he is Authorized

          Actually, the CIO ought to be having the final say on this. A CEO is not knowledgable enough on the topic to competently give such an order without consulting the CIO first.

          Where is the CIO’s sign-off on this? IS the CIO even cognizant that this order has been given?

        • #3234904

          CIO? Not necessarily…

          by rimman.larry ·

          In reply to Reply To: E-mail retention policy – ethical dilemma

          Even in the Federal Arena, the CIO isn’t always the one who makes the decision on how things are done when it comes to records.

          It’s common for an Agency’s policy on RIM to be under the CIO, but not EVERY Agency follows this organizational structure. Also, keep in mind that E-mail is considered (incorrectly by many) as a business application, and therefore, the manner in which it’s managed may be determined by business rules rather than Records Management rules.

          The requirement in 36CFR is that if E-mail is determined to be a record (based on appraisal of the content) then it must be managed in an ERMS OUTSIDE of the E-mail application for it’s assigned retention period (which is determined by the record series it falls into).

          Most of this should be in a RIM Policy document, and carried out at a much lower level than the “C-Anything” when it comes to day-to-day decisions.

          Where the primary problem seems to exist in both the Public and Private sector is the turf battle over who is in control of, and who makes the decisions about, the management of the actual “information”. The user group/originator needs to be involved, RIM (who typically manages the organizational retention schedule) needs to be involved and IT (who maintains the repository) needs to understand the business needs of the users and the requirements in the retention schedule.

          A properly designed retention schedule takes into account a number of factors:

          1) Legal, Statutory and Regulatory requirements for retaining information
          2) Business needs (determined by the end users) that may exceed these required periods
          3) Historic, Intrinsic or Research value of the information beyond the required and business needs
          4) Risks associated with retaining the information beyond required and business needs

          The retention period is based on all of the above and should be approved by a committee including members from the user community, legal, audit, research, records management and archives (if they all exist) and approved by Senior Management (CEO, CIO or whomever).

          Once this process is completed, IT should be informed what the requirements are for retention of the information and needs to design systems that accommodate this… and prior to disposition of ANY INFORMATION, approval needs to be obtained, to ensure there are no pending legal actions related to the information.

          IT needs to better understand the perspective of the information managers that they are only responsible for providing the tools necessary for enabling storage and access to the information, it’s the originators of the information that determine what’s to be done with it.

    • #3232852

      Reply To: E-mail retention policy – ethical dilemma

      by tmalandro ·

      In reply to E-mail retention policy – ethical dilemma

      Send out a blank email to the entire email address community of what is about to occur and make note that everyone must print hardcopies of what they wish to keep for future reference. Not only will the cost of using all that paper get noticed, but also someone of importance outside of IT will complain about to the right people.

      • #3234330

        Don’t do it!

        by dc_guy ·

        In reply to Reply To: E-mail retention policy – ethical dilemma

        Oh sure!

        The guy is looking for a way to resolve this with minimum fallout, so that he just might barely still have his job when it’s over. Blabbing it to everyone in the company is NOT the way to accomplish that.

        He has to decide:

        1. Do you want to do what you think is ethical and avoid prosecution?
        2. Do you want to keep the job?
        3. Do you want the organization to magically change overnight so this will go away?

        Number one is fairly easy although I still advise talking to a lawyer before doing ANYTHING.

        Number two is not easy but it’s possible. But only if you don’t care about number one. The two goals are almost mutually exclusive.

        Number three is of course everyone’s choice. The big problem with it is that it’s impossible. Forget number three. It will never happen in the real universe.

        Deal with reality, but at least try to avoid making it worse. Which I guarantee is what’s going to happen if you send out that broadcast. DON’T DO IT!

    • #3232821

      Go ahead and do it!!!

      by schmidtd ·

      In reply to E-mail retention policy – ethical dilemma

      Public disclosure laws don’t necisarrily apply to every email on your system, just as they don’t apply to every telephone coversation (otherwise you would have to tape and keep everything you say.) They only apply to genuine public records as determined by the agency or courts.

      You as an email admin have no way of knowing what documents on the server are public records or not or even if any are. The end user ought be responbible for determining which documents need to be kept and storing them. Indeed, having a set policy for email deletion schedules will save you and your organization a lot of headaches later.

      That said, involentarily deleting email used by customers seems like a little overboard, but your not making that call.

    • #3232805

      Only One Thing To Do

      by logos-systems ·

      In reply to E-mail retention policy – ethical dilemma

      The first thing I would do is get a paper copy of this order. Second I would letter, which I would keep a copy of, to the person who issued the order and let them know that this violates federal laws and regulations. And finally I would send a copy of this order to the approprate Federal Agency to let them know that this is going on. Of course you would want to keep a copy of this.

      Just remember all of those accountants and IT personell, at a major brokage firm that were indited for failing to save manitory E-Mails and documents.

    • #3234525

      Shouldn’t be a problem…

      by govtcio ·

      In reply to E-mail retention policy – ethical dilemma

      Shouldn’t be a problem as long as your organization/agency got the policy reviewed and approved by legal and/or senior management.

      IT is not tasked with enforcing or dictating records retention policy – you don’t want that responsiblity. Most government agencies give that to the holders of the information. Where it should be. IT is responsible for backing it up and making sure what you do have is available.

      We keep email for 60 days. The user is responsible for backing it up or printing it out if they need to keep it longer. Not IT.

      Good luck.

      Govt CIO

      • #3234899

        “IT not responsible” ??

        by rimman.larry ·

        In reply to Shouldn’t be a problem…

        Beg to differ, and if you truly ARE A Govt. CIO, you should know better than to say this.

        IF there is a pending legal action, and the Agency has been informed to not destroy any information related to a specific subject, this means ANY INFORMATION… which includes backup tapes.

        Unless all backup tapes are segregated to the level of the user, or information is indexed at a fine level before servers are backed up, the backup tapes contain a compendium of information that is only sequential and chronological in nature. There’s really no way to tell if the data on the backup tape may be related to any pending litigation, so if the practice is to rotate and write over tapes every 30 days, you could be found guilty of “spoliation by practice”.

        There have been recent cases where this has occurred, when the court asked for policies and procedures related to the management of backup tapes, even though it was asserted that the backups are used only to re-initiate systems in the event of a disaster for recovery of information, they DO EXIST, and they DO INCLUDE information that is impacted by the order to preserve.

        The fact that IT doesn’t need to dictate or enforce retention policies doesn’t relieve them of the responsibility for following them either. Ignorance may be bliss, but if it were me, I think I’d ask to be “put in the loop” on decisions related to records retention.

    • #3234524

      The buck stops here….

      by bilbobybath ·

      In reply to E-mail retention policy – ethical dilemma

      We all get ethical dilemmas, and none of us asks for them. It’s a test of manhood – or personhood’, if you must!

      So, you either believe in US law, your Constitution, and the Freedom of Information Act, or you don’t. ‘Just following orders’ was what the Nurnberg Trials was all about.

      If you’re worried enough about it to ask the question here, then there *is* something to be worried about. It’s the 21st century. Do what you will be comfortable telling your grandchildren about.

      Leak it to the press…..

      Cleverly.

      BB

    • #3234523

      The buck stops here….

      by bilbobybath ·

      In reply to E-mail retention policy – ethical dilemma

      We all get ethical dilemmas, and none of us asks for them. It’s a test of manhood – or ‘personhood’, if you must!

      So, you either believe in US law, your Constitution, and the Freedom of Information Act, or you don’t. ‘Just following orders’ was what the Nurnberg Trials was all about.

      If you’re worried enough about it to ask the question here, then there *is* something to be worried about. It’s the 21st century. Do what you will be comfortable telling your grandchildren about.

      Leak it to the press…..

      Cleverly.

      BB

    • #3234521

      Everybody take a deeeep breath and relax

      by govtcio ·

      In reply to E-mail retention policy – ethical dilemma

      I replied to your original post with what you need to know – I don’t know how many other posts gave you the same info because I can’t take the time to read them all.

      BUT, your job is not to be the records manager for your organization. Unless you have been given the responsiblity to enforce your agencies records retention policy you have done the right thing by raising the issue but there is nothing, I repeat nothing, wrong with deleting email after 30 days. Happens all the time at good companies and other well run government agencies.

      govt CIO

      • #3234490

        Tail-wagging dog

        by tenderfoot ·

        In reply to Everybody take a deeeep breath and relax

        We fought the retention (destruction) policy when it first came out. I can’t speak about your organization, but there seems to be a legal option (at least in corporate America) to implement one, especially when moving forward i.e. everything from this date forward will only be retained on server for x number of days. “Expectations” concerning legacy archives may be different and undertake different legal implications. The tail-wagging dog I’m talking about is the need to train employees on record retention policies before implementing the destruction plan. You need to establish the required awareness and new habits before you take away the existing structure.

      • #3234888

        ” Happens all the time at good companies..”

        by rimman.larry ·

        In reply to Everybody take a deeeep breath and relax

        Sure…

        Like Tyco, Arthur Andersen, ENRON, WorldCom, Morgan Stanley, UBS Warburg… the list goes on. All of these companies had policies, some of them even followed them… which in some cases, is what got them in trouble.

        Retention is not a time-based function and the period for retention is not based on the “vessel” the information is delivered in. It’s based on the CONTENT in the information object. E-mail is just the manner in which the information is delivered, organizations do not establish their retention periods for records based on the manner in which they receive it.

        Some of the work being done by the SEDONA Conference and the recent comments requested to the Federal Rules of Civil Procedure (FRCP) indicate there is a DEFINITE SHIFT in the courts opinion on how they view the manner in which information (especially electronic forms of information) are managed by organizations.

        It would do many posting in this thread a world of good to familiarize themselves with these changes.

    • #3234483

      E-mail retention policy – ethical dilemma

      by unixmandt ·

      In reply to E-mail retention policy – ethical dilemma

      I work for a Government Agency too. If an order from the top came down like that, we would be in some pretty hot water and out of compliance with the courts of we implemented it. If you delete e-mails older than 30 days, you would be taking the heat (and possibily your job) if any percussions came down the pipe later. I would get the new policy in writing from the policy makers before implementing it, that deleting the e-mails is now the standard operation and you would then be following orders.

    • #3234482

      keep the tapes

      by jquade ·

      In reply to E-mail retention policy – ethical dilemma

      My advice? Bury the actual backups and destroy BLANK tape backups………my thought is there is something in there that is sensitive. These things do not happen “just like that”……..

    • #3234465

      Sticky Situation

      by jcbrooks_bs9 ·

      In reply to E-mail retention policy – ethical dilemma

      Don’t know what agency you are working for but you are in a very sticky situation. Try what the poster siad about the wistle blower act but don’t bet on it to cover your butt. It sounds like there is something in the e-mails they don’t want out whoever they is somewhere up the feeding change probably to do with some current policalt axe. Delt with a similar situation at HUD HQ in DC a long time ago but it wasn’t me but friend who had to do it. It was over illegial campainge contributions. The person who requested the data destroied was found dead from a “mugging” in the parkinglot a couple months later. It involved dirty tricks at a high level. Was heard to tell how much was BS and how much true. So do be careful whatever you choose.

    • #3234446

      Always watch your back

      by mandrake64 ·

      In reply to E-mail retention policy – ethical dilemma

      Company law does not override state and federal law. But if you must follow orders, get someone else to hold the accountability for the action of deleting the records and sign off the action.
      In there is still some doubt then cut an encrypted copy yourself and shelve it at the back of a filing cabinet for safe keeping.

    • #3234430

      Good Luck?!

      by free_lo2002 ·

      In reply to E-mail retention policy – ethical dilemma

      Well …consider yourself lucky in the first place , for being in the U.S. where laws and regulations some how influence the company decision- making and help you personally solve this issue.
      Because for me the solution BFilmFan gave in the fist place is the right one.
      In Europe we are not that lucky, particularly in small countries where the State is still finding it’s own way and doesn’t have time to “teach” companies.
      Just hold to the law and be careful with locking company’s data because even if you do it for a greater purpose it still is illegal.

    • #3234429

      CYA

      by amtek ·

      In reply to E-mail retention policy – ethical dilemma

      The first thing I learned was cya or cover your a__.
      Have your boss get it in writing and give all It\
      personnel a copy before destroying anything. Then
      all IT personnel have their a__es covered.

    • #3234287

      Reply – Email Retention Policy – Ehtical Dilemma

      by lavetta ·

      In reply to E-mail retention policy – ethical dilemma

      I too work for a government agency and am an IT specialist. However, after working on systems for 15 years, my focus now is on Records Mgmt and Electronic Archives. Part of my duties are to construct policy for those areas, including a directive for the management of e-mail. You are correct in that email cannot be managed with either defacto mailbox size limitations, nor by deleting everything after a certain period of time. E-mail, in and of itself, is NOT a record type, it’s the content (not the format) that determines if the email communication is record. WE have just begun to roll out training for all State employees on the management of email. In our particular policy, each employee needs to manage their e-mail. Either delete it if it’s a non-record, or file it if it is a record . . . based on the content. If filed, they can do so electronically on a network drive, (saving it as text within the file tree structure where like program / subject files are maintained), or by printing it out and filing it with other paper-based communication. The email records are then maintained according to the records retention schedules that apply to that particular program / subject. This is our keep it simple policy, yet it manages records, including all email as a record, appropriately.

    • #3234220

      E-Mails are not only business documents…

      by rimman.larry ·

      In reply to E-mail retention policy – ethical dilemma

      They’re potentially RECORDS under the Federal Arena. See 44USC 3301 or 36CFR 1220.14 for the definition of a Federal Record

      Take a close look at 36CFR Subchapter B, Part 1220 and Part 1234. to find out more about the requirements for managing records and specifically E-mail as records.

      If you work for a Federal Agency, your Agency’s CIO website should have information on their Records Management Policy, and if it doesn’t you may want to find out who the liaison to your agency is at NARA to discuss this a bit further.

    • #3234799

      Nixon Tapes to ENRON

      by it-guy ·

      In reply to E-mail retention policy – ethical dilemma

      If your management is so dense as to decree the distruction and erasure of email records then they could use a reminder of the recent public issues around erasing data. You may not serve time for the crime (if there is one) but don’t expect to get off without some flack. The old maxium P…Y…A…! Make a copy.

    • #3234675

      Take it all home…then call someone….& a lawyer

      by art66 ·

      In reply to E-mail retention policy – ethical dilemma

      As an IT manager, NO WAY would I do this. I have had to go back and give years past of e-mail to lawyers for law suits. Nothing is more humiliating than having a certain week NOT backed up because of tape jam, or something silly, and then having the lawyers NEEDING that week. Imagine not having ANY of it? You would be the scapegoat.
      My thoughts, make copies of EVERYTHING, and put it all in a lock box somewhere. Government? I wouldn’t even take it home, I’d get a box at a bank or something. THEN call the FBI, or someone to see if they would like copies of it all JUST IN CASE.
      Even then, I would submit a written response in e-mail and snailmail, saying “no”, and your ethical reasons. I would send that response to your boss, his boss, and your state Senator.
      It is VERY scarry when it comes to e-mail. I wouldn’t lose a single one if I were you. Let the Manager do it.

    • #3234595

      Got a dime

      by knot_mine ·

      In reply to E-mail retention policy – ethical dilemma

      The fastest and most effective way to stop this proposal is to call the biggest media outlet in your community. After getting their agreement to keep your identity confidential, tell them your story. Be prepared to provide proof. Newspeople don’t go out on a limb unless they have thoughly checked it for cracks first.

      This is the nuclear option. Chances are that you will not be able to outrun the resulting blast. If you really don’t trust those around you to do the right thing and strongly suspect that you will be the fall guy, this may be the only choice open to you.

      A better solution is to find the private ear of someone in authority who is likely to “get it.” A quiet end-run coached in terms of “I want to make sure nobody gets in trouble,” may very well make the problem go away without any ugly muss and fuss.

    • #3234564

      Do the right thing

      by ethical_loner ·

      In reply to E-mail retention policy – ethical dilemma

      Start your job search and turn this joker in. He/she obviously has something to hide and odds are you won’t have a job left anyway. Do the right thing.

    • #3233485

      insanity breeds insanity – take the higher road

      by dc_wabisabi ·

      In reply to E-mail retention policy – ethical dilemma

      Wow – How about this one for a completely vague and misunderstood aspect of our jobs. I’m sure some can point to specific laws governing RIM, but I’ve only seen specifics from RIMMAN… and if I read his posts correctly he’s stating that the retention policy is dependent on the *content* of the emails. This is pretty subjective, but in the end common sense must rule the day. Even as storage capacities grow by the day, we cannot be expected to retain every single piece of spam we ever received (which is implied by many of the responses here that say *everything must be kept*). I could go on – but suffice it to say that this issue is not clear to most IT folks I know.

      You have received the most common-sense and specific advice from RIMMAN and GOVCIO – I would listen to them.

      I am posting to leave my one cent here, since I have seen no one mention this specifically.

      Although CYA is tops on your list – going about it subversively doesn’t seem to be the most prudent choice. Others have mentioned retaining copies of all communications with your bosses and getting them in writing.

      Why not follow this advice and start with an email to your CEO, manager and legal. Tones of disgruntled employee acting as unwilling victim will probably push the conversation in the wrong direction. Keep it clear, concise and coming from a member of the team that wants to improve the efficiency of the organization. You’ve mentioned that your current server capacity is more than sufficient and is even being increased soon. Start by detailing your understanding of the request. Your CEO states server capacity as the reason for this policy change. Remind him that you are paid to provide your technical expertise to the org and go on to document current capacity/future growth expectations/costs & ROI for records retention/etc (execs like pictures don’t they?) – the point being to clearly show that there is no need to delete the archives. End with a concern that since you have been researching this (for the good of the company) you are unclear on the legal ramifications and feel it is in everyone’s interest to document the new policy so that no one walks away with a vague set of expectations. You might go on to explain the need for some tools and training to assist employees with the new policy (outlining some potentially unseen issues that may result e.g. – number of times sales folks have had to refer to emails from 3 months ago, etc).

      And hold off on wacking the archives until you have a copy of their response in your personal folder and printed out. Who knows – if your CEO is not acting illegally, but out of misunderstanding of the technology and laws – maybe they’ll notice your stellar attitude and how much trouble you saved them by doing the right thing. Worst case scenario, you’ve shown above and beyond diligence, documented this and saved your cya copies. You make the choice whether or not to delete on your own based on what you’ve found.

      insanity breeds insanity – take the higher road

    • #3233451

      no way

      by itgal ·

      In reply to E-mail retention policy – ethical dilemma

      For me, this is a no brainer. NO employer has the right to ask you to break the law. In fact, it is your responsibility to let him/her know that their request is against the law. If after informing your boss that it goes against gov’t regulations, they still insist on it being done, I would refuse. If they attempted to fire me, they would lose in a court case or arbitration, so I don’t think it is an issue. For me there is no question as to what I would do.

    • #3234182

      Kant’s suggestion

      by danetter ·

      In reply to E-mail retention policy – ethical dilemma

      Kant’s categorical imperative might be worth considering. It can be stated as: ‘Suppose everyone in the world were forced – with a power like that of a law of physics – to do exactly what you contemplate as a course of action. Would you want to live in such a world?’ You might be able to apply it by asking management if the wholesale destruction of all the records could destroy something that the your agency would need to defend itself against some future adverse action.

    • #3234130

      Doing the “Right Thing”

      by eyost05 ·

      In reply to E-mail retention policy – ethical dilemma

      It is going to take some guts, but buddy you need to
      BLOW THE FREAKIN WHISTLE.
      you are protected under federal law. If you feel your life would be threatened by this action, take that to the Home Land Security Offices first and explain to the proper agency…they will point you in the correct direction. We need people like you to do the right thing and keep our government strong. We are a nation of laws, you will be protected. Please do the right thing.
      If you feel there is wrong doing going on don’t jeopadize yourself by not doing anything, you can end up on the witness stand a friend of the prosecution or not…which would you choose? This could be the course you are on, if it were me I would choose “justice being served rather than serving justice in a bright orange “leisure suit”
      I have blown the whistle on a private industrial polluter and I survived quite well thank you very much and our local water resources are cleaner for it. I would do it again, no problem.
      Ed Yost

    • #3233941

      Low in heirarchy != low voice

      by saurbh1 ·

      In reply to E-mail retention policy – ethical dilemma

      Just because a person is low in the company hierarchy does’nt mean that the person can’t shout and make noise!

      If i was you i would make my point (politely) to the top. Shout politely!! And if they still don’t listen, get them to sign on legal papers saying that it was THEIR decision to do this!

    • #3340542

      Legal or not Legal

      by nenary ·

      In reply to E-mail retention policy – ethical dilemma

      This is really not an ethical dilemma. This is a legal problem. The first thing the Admin should do is consult an attorney as to the legality of destroying records. If it is against any State or Federal Law there is not question. You refuse. No job is worth jail time or monstrous fines. If it is not legal you have a moral obligatiion to the company you work for to do as they ask. As an Admin you do not have any idea what is in those emails, and as an Admin you are hired to care for the company data and respect the privacy of company employeess. In other words you don’t read their emails. One of the strictist requirements for our job field is not to snoop. If you are a snoop you shouldn’t be in the field anyway as your ethics are already in question. If you follow these guidelines then there is no ethical dilemma either as you will have no idea what it is you are destroying. My father raised me with this one basic philosophy in life if what you are asked is legal “you take the man’s moneny you give him what he asks for”. Anyone not willing to do this is in the wrong profession when it comes being an Admin. We have an obligation to our employer that supersedes all but the law. Remember these are the people who put food on your table and give you enough of a salary to make a living. If you feel like you cannot abide by these precepts it is time to find another job.

    • #3341347

      so what has happened?

      by kcalabama06 ·

      In reply to E-mail retention policy – ethical dilemma

      You are in a spot. Damned if you do or don’t. However, I am a CEO who works with the government. All emails are considered business correspondence and are legally required to be retained for a period of time. Especially if the company is involved in government work or public. We have recent evidence of this with the Arther Anderson deal and the more recent Air Force deal that put Mike Sears in jail.
      If server performance were an issue, then backing them off would be sufficient.
      I would get it in writing (or email) and send it in a registered letter to yourself at home or a lawyer so it is legally documented and don’t open it.
      I would back them off and then follow directions but use the advice in the first posting –
      make sure you document document document.
      Don’t read the emails that is not your job – but do back everything off.
      KC

      • #3166558

        Bingo

        by mtnranger ·

        In reply to so what has happened?

        Found you. I recall having a similar discussion during the ethics portion of my MBA.

    • #3341346

      Document implication to mgt, request written order & make private copy

      by irete ·

      In reply to E-mail retention policy – ethical dilemma

      Document to management through your boss, the implications of obeying the order. If management insists, ask for a written order; take a discrete private copy and implement order.
      The advantage of documentation amongst others is that management will not be able to claim ignorance or lack of full understanding of implication in the future.
      Good luck.

    • #3341330

      Good Grief Everyone!!

      by gil ·

      In reply to E-mail retention policy – ethical dilemma

      I can’t believe all the paranoid responses by a bunch of midlevel geeks who apparently have nothing better to do but second guess management directives.

      I’m not familiar with federal regulations for gov agencies, but in health care, it is common practice to have a short window for the retention of emails — read some trade journals. In general, most email has about the same content value as a post-it note.

      Smart companies — who are completely ethical and aboveboard — are simply trying to protect themselves from a long, protracted discovery process if a lawyer-shark hits them with some frivolous lawsuit.

      I am also detecting a current of resentment from these folks who feel miffed that they were “given a short timeframe to make this happen”. The implication is that management has to clear IT policy with low to mid level IT staff. Sorry, that isn’t how it works. If IT is told by senior management to change a particular policy, they (IT) should write up the policy change in standard policy format, get it signed and then do it.

      You can’t simply assume that a change of this nature is illegal — that’s just paranoia. BTW, don’t you have a server to build or something?

      • #3341252

        Reply To: E-mail retention policy – ethical dilemma

        by scott.geiger ·

        In reply to Good Grief Everyone!!

        for some reason I feel the need to be completely politically incorrect for a moment…

        Yes massa, yes massa

        Ok done.

        “I’m not familiar with federal regulations for gov agencies” Ok so then since you admit this how can you claim he [we] are being paranoid? Just because you don’t do it in health care?

        I wouldn’t work for you no matter what the pay, but then you probably wouldn’t hire me since I have a brain and can think for myself. Now I’m gonna get back to building a server or something.

      • #3341554

        Why save everything for the sake of a few legitimate emails

        by drew.mashburn ·

        In reply to Good Grief Everyone!!

        MOST email is not a record required to be retained by fed and state law (non-substantive). Also email is a method of deliverying information. It is not a KIND of record; email is like any regular mail – you get lots of junk, along w/ some legitimate correspondence from customers, even signed contracts and purchase orders. Manage email the same way you manage paper records – by subject matter, contract, and other business categories. Saving everything in one backup storage is poor records management. Get rid of them after 30 days and make the creater of the record (in this case the email) responsible for retaining that record through personal folders/3rd party records mngt. system, etc. NOT THE EMAIL Backup system! You shouldn’t save all your emails just like you wouldn’t be expected to save all your regular mail. Not only would you have considerable clutter, you would have a difficult time finding the records you really cared about. There needs to be a filing system policy and email users should be required to use it.

        • #3246522

          You shouldn’t save all your emails?

          by frodo3 ·

          In reply to Why save everything for the sake of a few legitimate emails

          Why shouldn’t we save our e-mails, I have a couple of engineers that can go back 4-5 yrs and find the email to end an argument, usually shoving it right up the other guys Patoot!

      • #3248249

        RE: Good Grief Everyone

        by robdew ·

        In reply to Good Grief Everyone!!

        You’re right, how dare ANYONE question management? They’re management, they must know what’s best for everyone and everything. I can’t imagine management ever changing a policy just to benefit them or because they read about it in a magazine.

        No one is suggesting that the CEO should ask the IT staff how long they think it will take, but being ignorant of realities creates a bad situation for everyone. Just because management “wants” something to happen faster than it can, doesn’t mean it will.

        BTW, don’t you have a meeting to go to or a budget to slash?

      • #3248188

        Management is God!

        by evil 9 ·

        In reply to Good Grief Everyone!!

        Thankyou for shining your wisdom down upon us paranoid geeks. How foolish of us to think that management would ever do anything unethical or illegal. Of course, I’ve only been in the workforce a paltry quarter-century, however, in those twenty-odd years, there are three clear and distinct incidents where I was unambiguously ordered to violate laws or regulations for the sake of expedience or the bottom line. Only one of these happenned in an IT capacity, however, the fact remains that while the great majority of management is decent and ethical, there are self-serving, back-stabbing, corporate-ladder-climbers out there. (If you don’t believe it, explain to me what happenned at Enron.) I was lucky, because the first time, I allowed myself to be lied to, and played along. Fortunately, my offense was non-felonious, and the worst result was a nominal fine and a temporary loss of income. Since then, I’ve wised-up. FACT: Most people are decent trusting and trustworthy individuals. Trust your instincts. If it does not affect you directly and personally, but it smells or feels wrong, start planning an escape route.

    • #3341257

      SOX ACT

      by maryi ·

      In reply to E-mail retention policy – ethical dilemma

      The law does not exempt you from being arrested by the many Federal and States Laws, you will probably be the escapegoat. I would use your email from your home if possible also office, documentation, and detail with dates and time
      journal on this topic to your supervisor on up the chain give them two days to reply. There is a new law to add also the Sarbane-Oxley (SOX) Act of 2002 which came in effected.
      If no results go to attorney or go now; its better to pay now then later when you are faced with jail time.

    • #3341529

      Electronics Record Retention

      by just an opinion ·

      In reply to E-mail retention policy – ethical dilemma

      There are two entities normally accountable for statutory/regulatory and risk management related to the retention of both paper and electronic records. This is the Legal and Finance/Treasury departments (or individuals) in a company. The IT department is rarely accountable for company policy creation/maintenance to assure governmental requirements are met. The IT department is accountable for the safekeeping of the data dn the integrity of the data to prevent unauthorized access or alteration.

      Larger firms have a staff to address the various global requriements in this area, smaller firms are often at risk due to a lack of visibility or funding to assure the is closely managed.

      Email management is particularly difficult unless you have the tools in place to manage the end to end behavior of your personal computer user. This is rarely the case. As a result, the PC user can put the company at risk by merely keeping a local mail archive that is in violation of company policy.

      The risk associated with long term mail retention must be balanced against the need for the facts and data contained therein to run the business as well as protect the company in the event of litigation.

    • #3246689

      Lose – lose situation

      by rbarrie ·

      In reply to E-mail retention policy – ethical dilemma

      To quote one of the great talents of our time – “Babes, your screwed.”
      Do it and you are the one who is taking an overt action to destroy records. You don’t say if you got a memo to do this or if everything has been verbal. If the communications has just been verbal be prepared for “…he must have mis-understood our intentions…” (at the best) to complete denial at the worst.

      Contact a criminal attorney. If you can’t afford an attorney (try expensing this one!) call the Justice department or the GAO or even the FBI.

      Making a secret copy for offsite storage may also be illegal. That is why it would be best to contact an attorney or another government official body that can authorize the copy or put a stop to this follishness by throwing a lot of daylight on it.

      You are going to be fired. Probably for something else down the road.

      If you think it’s fishy it probably is. If you ignore your own concerns and go ahead and do it you may not get caught and all may turn out ok but you’ll be a weasel and know it.

      I’m sorry that you have to face such a crisis. It sounds like you work in a fear driven environment. Even if it is all innocent and the whoever at the top set this in motion is just a dunderhead, it seem that none of the buffers above you has the the intelligence, integrity, or guts to speak up.

      Good luck.

    • #3246566

      C.Y.A.

      by rsanchez ·

      In reply to E-mail retention policy – ethical dilemma

      Cover Your A__! As a veteran who dealt with classified material and current database administrator I also had to follow the policies of those less knowledgable in records and data retention. I suggest that you draft a “carefully worded” email and express your concerns and offer alternative suggestions to their blanket solution; Cc: to those pertinent (especially those in your chair of command). Expect it not to get anywhere; however, retain a copy of it on CD and take it home with you. In the event that the s__t should hit the fan, you are covered.

    • #3248800

      Bank Systems & Technology Online

      by mnlindo ·

      In reply to E-mail retention policy – ethical dilemma

      There is an evolving compliance and legal liability environment that requires presentment of email documents during regulatory or legal discovery can lead to – and have resulted in fines in the million of dollars. Look at March 18, 2005 article “You’ve got (potential dangerous)Mail. Destroying documents is inappropriate and also illegal. Get articles on compliance, SEC regulations, etc. and educate your seniors.

    • #3248541

      Do what is right

      by jclulow ·

      In reply to E-mail retention policy – ethical dilemma

      When in doubt, don’t… If the law is on your side then obey the law… your nitwit manager will be the loser. Go the company lawyer with the dilema, verify the legality of your position then gently remind your manager that the law requires xxxx then recommend a visit to the company lawyer, together, to verify the legal implications. If the nitwit continues to insist, escalate to the legislating body… as an IT person you have responsibilities beyond the department and the company… PERIOD.

    • #3247937

      Take care of #1

      by evil 9 ·

      In reply to E-mail retention policy – ethical dilemma

      Ultimately you need to remember several key points (many mentioned in preivous posts). First, and most important, YOU will answer for any law you break. The Nuremburg defense never works. An offshoot of this is that it is generally easier to find a new job as a previously fired employee than it is as an ex-con. Second, you’re on your own. Don’t trust anybody! You will be surprised how fast your “best” friend will turn on you to save his own bacon. Third, ONLY copy and keep records pertaining to orders or directives you have received from your higher-ups. Get everything in writing for two reasons: (1) clarity and (2) evidence. If you have to, be subtle (e.g. send an e-mail to the effect that “I’m sorry, sir, but I wasn’t completely clear on exactly what you wanted done . . .”). Do not, under any circumstances, copy and save documentation which you have no right to privately posess, as that may put you in violation of privacy, disclosure, or other laws. Finally, if your instincts tell you this is as bad as it looks (i.e. your boss is wilfully violating the law), hire legal counsel.

    • #3245117

      Retention of records

      by user@# ·

      In reply to E-mail retention policy – ethical dilemma

      I work for a contractor who has oversite on government contracts. By regulation AND contract, the records on our projects need to be kept for several decades. When I raised the question, fur started to fly– but the contractors are scrambling to catch up.

      Bottom line– you can’t destroy the records, and the higher-ups who promulgated that policy are at legal risk if all copies are destroyed. (I wonder what they may be trying to hide?)

    • #3255597

      Policy compliance or avoidance

      by ismd3 ·

      In reply to E-mail retention policy – ethical dilemma

      The company you work for does have a little discretion but not wide latitude. Create a memorandum for the record citing policy you might be aware of. Here is a start!

      Policy. All Service employees and contractors are required by the Federal Records Act (44 U.S.C. 3301) to make and preserve records that document the organization, functions, policies, decisions, procedures, and essential transactions of the Service. You must properly store and preserve records, ensure they are available for retrieval, and schedule them for disposal in accordance with approved disposition schedules. This applies to all records–paper and electronic–including email messages and attached files.

      Sec. 4 Definitions.

      a. 44 U.S.C. 3301 defines records as all books, papers, maps, photographs, machine readable materials, or other documentary materials, regardless of physical form or characteristics that are:

      (1) made or received by an agency of the United States Government under Federal law or in connection with the transaction of public business, and

      (2) preserved or appropriate for preservation by that agency or its legitimate successors as evidence of the organization, functions, policies, decisions, procedures, operations, or other activities of the Government or because of the informational value of data in them.

    • #3255595

      Areas of latitude

      by ismd3 ·

      In reply to E-mail retention policy – ethical dilemma

      c. Each employee must determine if an email message/attachment meets the definition of a record. Email documents are records when they are created or received in the transaction of agency business, are appropriate for preservation as evidence of the Service’s or Department’s functions and activities, or are valuable because of the information they contain. See 283 FW 2 (Records Disposition) for guidance on maintenance and disposal of records. If there is uncertainty about the status of a document, treat it as a record and consult with the records management officer for guidance. Examples of email records include, but are not limited to:

      (1) Unique, valuable information developed in preparing reports, studies, and position papers that reflect actions taken while conducting agency business.

      (2) Unique, valuable information on programs, policies, decisions, directions, and essential actions.

      (3) Statement of policy or the rationale for decisions or actions.

      (4) Documentation of conversations during which policy was formulated, decisions and commitments reached, or other activities were planned.

      d. Email documents are temporary records or nonrecords when they provide no evidence of agency functions and activities or lack information of value. Examples include, but are not limited to:
      (1) Copies of memorandums or text sent for information rather than action.

      (2) Messages that have only temporary value, such as a meeting time change.

    • #3249393

      You’re Not Ollie North

      by mollenhourb9 ·

      In reply to E-mail retention policy – ethical dilemma

      Don’t liken yourself to Ollie North. This isn’t even close to the same thing.

      The accounting department (Management and Budget, in government) typically controls retention policy, not IT. If you think you are truly running afoul of regulations in place in your branch of government (state, local or federal), then you should bring that to the attention of your superiors… politely.

      If your DMB has changed their policy, then keep documentation of the decision and comply with it. You aren’t going to jail (unless you are personally working to fund a covert war. You aren’t, are you?).

      Whatever you do, DON’T walk into your boss?s office and get melodramatic. It won’t get you anywhere.

    • #3236198

      don’t do it

      by compliance dude ·

      In reply to E-mail retention policy – ethical dilemma

      If your company is under scrutiny from a regulatory body (Sarbanes Oxley, SEC, etc) someone will be going to jail when a regulator comes in and wants an audit.

      You will be out of a job anyway…seems fishy

    • #3236133

      CYA

      by pricetech ·

      In reply to E-mail retention policy – ethical dilemma

      I would archive them somewhere, then ask why I’m being told to destroy them. I would also remind my superiors that we could be out of compliance if I followed orders and destroyed them.

      Whatever the outcome, I’d keep myself an “ace in the hole”.

      Joebewan

    • #3242692

      do the right thing

      by maurice.rodgers@nordiccld ·

      In reply to E-mail retention policy – ethical dilemma

      Doomed if you do and doomed if you don’t. Think of the possible legal issues if you destroy the data. You may want to go outside your agency get the answers you need. I would say keep the data, in a hidden archive somewhere. CYOA, because there’s a cover up in the making.

      Peace and Good Luck

    • #3043967

      You screwed yourself, go manage a McD’s you Exchange jocky

      by theroyala9 ·

      In reply to E-mail retention policy – ethical dilemma

      You should never be placed in the position of
      having access or control over the immediate
      operations of business/government server
      operation or data where you you do not have the
      authority and precedence to obey the law and make
      decisions for proper operation. Computers are
      simple machines its only ever yes or no, 0 or 1.
      It never gets any more complicated then that.

Viewing 101 reply threads