The Wonderful World of E-mails
When it comes to e-mails, thereís lots of wonder out there . . .
Wondering what should go into an e-mail retention/destruction policy?
Here are a few things to consider, as suggested in an August 2004 client memorandum from Dechert (the list is not intended be exhaustive):
Designate an individual responsible for supervising the policy;
Prohibit firm employees from conducting business through any communications network not maintained by the adviser, such as e-mail, instant messaging, or text messaging;
Require that electronic communications that fall within applicable recordkeeping requirements by identified and preserved in the appropriate manner;
Describe the system or method that will be used to identify e-mails that fall within applicable recordkeeping requirements (these may include a software tracking system that searches e-mails for key words and/or a method for random sampling of deleted e-mails);
Require that e-mails are disposed of in a way that protects confidentiality;
Implement education and training programs; and
Conduct an annual review of the policy.
Wondering what can go wrong when the SEC asks for your e-mails?
On August 26, the SEC announced that Deutsche Bank agreed to pay a $7.5 million penalty for failing to timely produce e-mails requested by the SEC during an investigation of the firmís research analyst conflicts of interest. Section VI of the SECís complaint, "Deutsche Bank Failed to Promptly Produce All Electronic Mail," is worth a read. Among other things, the SEC alleged that the bank "relied upon the statements of low level supervisory and information technology personnel that all available e-mail had been produced, without confirming that such assurances were accurate." Moreover, the IT folks in charge of retrieving e-mails from backup tapes and other media "did not have sufficient guidance and had not been adequately trained on how to respond to regulatory or other requests for e-mail." Deutsche Bank also failed to consult with "internal or external third parties with forensic data retrieval expertise" to confirm that backup tapes were corrupted and that there was no way to retrieve e-mails using different technology.
Wondering what will happen if you instruct your employees to delete e-mails after the SEC asks for them?
Last week, the SEC announced that Schield Management Company and its president agreed to pay civil penalties of $100,000 and $75,000, respectively, to settle charges that the firm destroyed and altered documents it was required to produce during an SEC exam. In its July 2003 complaint, the SEC alleged that the president directed two employees to delete e-mails after SEC examiners asked for them.