An email scandal unraveling in Boston this month should scare IT leaders a little bit. Boston Mayor Thomas Menino has found his quest for a fifth term might be thwarted due to an email retention policy, or lack thereof.

It seems a top aide to the mayor has routinely deleted emails in violation of state law that requires municipal employees to keep emails for two years, regardless of “informational or evidential value.” The aid in question claims that he deleted email but only as a matter of personal efficiency and assumed that city hall had a mechanism in place for automatically archiving email.

According to the Boston Globe, the mayor was warned last year about deleted emails when it was discovered that employees in one agency were told to delete emails because of a a lack of data storage space. The agency then bought email backup software but never developed an email retention policy. The archiving system in place does archive emails but only after they’ve been in a user’s box for 90 days.

We have two conclusions to choose from in regard to this story. Either the mayor has something to hide or his agency is all kinds of dumb. Who would not institute a formal email retention policy after having been warned by a judge?

This should be a reminder to IT leaders that data archiving is not something you take a cavalier attitude toward. And we’re not just talking about the loss of proprietary data. Any one of a company’s employees could commit a crime and present the need to have his or her email as evidence in a legal action. Would you be prepared?