What Drives Electronic Records Retention?
For many organizations, fear of litigation is the driving force behind rules, policies, and procedures governing IM and e-mail retention. The ‘‘2001 Electronic Policies and Practices Survey’’ reveals that, when it comes to monitoring employees’ electronic communication, legal liability (68 percent) and legal compliance (50 percent) motivate the majority of employers to act.  There’s no doubt that a fear of workplace lawsuits and a growing understanding of the critical role IM and e-mail business records play in litigation has led some organizations to address, establish, and enforce electronic business records policies that—ideally—mirror the policies governing the retention and deletion of traditional paper documents.
Other organizations’ retention rules are governed by the need to comply with regulatory requirements such as Sarbanes-Oxley and HIPAA, among a long list of government and industry rules covering IM and e-mail retention and deletion.
Regardless of the motivation, one fact is clear: A thorough understanding of electronic document retention risks, rules, and regulations is essential for all organizations, regardless of size, industry, or their status as a public or private entity.
Unsurpassed Growth for Unmanaged Instant Messaging.
Research firm Jupitermedia reports that the use of workplace IM doubled between 2001 and 2002.
According to Nielson/NetRatings, 18.1 million office workers used free IM downloads to transmit messages across public networks in July 2003—a 50 percent increase over July 2002. Survey findings also reveal that the average workplace IM user spends more than five hours a month communicating via free IM clients. 
For organizations that have not implemented IM rules or installed gateway technology to manage employees’ use of consumer-grade instant messaging tools, those figures translate into a frightening number of unmonitored, unretained, and potentially damaging instant messages flying through cyberspace and putting the organization at risk—month in and month out.
‘‘2001 AMA, US News, ePolicy Institute Survey: Electronic Policies and Practices,’’ conducted by American Management Association, US News& World Report, and The ePolicy Institute. Survey findings available online at www.epolicyinstitute.com.
Mark Henricks, ‘‘Instant Mess,’’ Entrepreneur (January 2003).
Valerie Shead, ‘‘Troubleshooting theMessenger,’’ Independent Banker (November 2003).
How Long Should You Hold onto Old Messages?
Unless your organization’s IM and e-mail are governed by law or regulation—such as the SEC’s dictate that brokerage firms be prepared to produce three years’ worth of electronic records immediately upon request, or the Employee Retirement Income Security Act’s rule that e-mail and other correspondence related to employee benefit plans be kept indefinitely—then you are free to determine the retention period that is most appropriate for your organization.
Mindful of Sarbanes-Oxley, HIPAA, the eSignature Act, and other widely publicized laws and regulations, and thanks to the declining cost of storage, many unregulated companies are now opting to hold onto e-mail for increasingly long periods of time. 
If your organization’s IM and e-mail retention periods are not specified by law or regulation, then—as a rule—you should keep electronic business records for the same length of time as paper records. If, for example, you store employee personnel records for three years, then retain e-mail and instant messaging personnel records for three years as well. Consistency is key. 
Michael Osterman, ‘‘A Legal Guide to E-Mail Retention,’’ Network World Messaging Newsletter (February 4, 2002), www.nwfusion.com/newsletters/gwm/2002/01209344.html.
Steve Ulfelder, ‘‘CSI: Lost E-Mails,’’ Network World ( September 8, 2003), www.nwfusion.com/research/2003/0908csi.html.
Excerpted from Nancy Flynn and Randolph Kahn, Esq., E-Mail Rules, New York, AMACOM, 2003.