Forgot your password?
typodupeerror
The Courts Government Businesses Communications Data Storage News Apple

Psystar Case Reveals Poor Email Archiving At Apple 123

Posted by timothy
from the let-me-check-the-round-file dept.
Ian Lamont writes "Buried in the court filings of the recently concluded Psystar antitrust suit against Apple is a document that discussed Apple's corporate policy regarding employee email. Apparently, Apple has no company-wide policy for archiving, saving, or deleting email. This could potentially run afoul of e-discovery requirements, which have tripped up other companies that have been unable to produce emails and other electronic files in court. A lawyer quoted in the article (but not involved in the case) called Apple's retention policy 'negligent.' However, the issue did not help Psystar's lawsuit against Apple — a judge dismissed the case earlier this week."
This discussion has been archived. No new comments can be posted.

Psystar Case Reveals Poor Email Archiving At Apple

Comments Filter:
  • From TFA:

    ...the basic legal requirements surrounding email and document retention to The Standard. "If litigation is anticipated, the party has a duty to preserve potentially relevant documents"

    The thing here is that litigation is always anticipated at Apple - if they're not currently suing someone, its because they're getting ready to sue. (or the legal team are on holiday [hawaiishar...unters.com] [legal team pictured on the right hand side of that photo])

    The other point worth noting here is that an electronic document retention policy is only a good thing to have if you're confident your employees are acting ethically (or at least unaware of any breaches).

    • by aliquis (678370) <dospam@gmail.com> on Sunday November 23, 2008 @10:19PM (#25869285) Homepage

      It's probably more to say "if you think you will get busted you're not allowed to start removing things", not "you can't remove anything because some day in a time far far away someone may want to look you up."

      • It's probably more to say "if you think you will get busted you're not allowed to start removing things", not "you can't remove anything because some day in a time far far away someone may want to look you up."

        You assume noble intent at your own risk. I give you credit for paraphrasing in a manner that would be fairly reasonable, but the statute under discussion should be written at least that well. I will not be a lawyer, but I believe that in law school, students are taught that good statutes are written to be minimally subject to interpretation. Besides, the statue imposes a burden of proof of one's innocence, no matter how innocuously one tries to phrase any legal mandate to have any evidence of anything.

        • by ReedYoung (1282222) on Monday November 24, 2008 @01:13AM (#25870107) Homepage Journal
          It was not a statute at all, it was just Anonymous Coward's (TM) sales pitch in the guise of legal counsel. From the first article:

          An e-discovery lawyer, who asked not to be named because his employer (a firm you probably have heard of) doesn't want him speaking to the press, explained the basic legal requirements surrounding email and document retention to The Standard. "If litigation is anticipated, the party has a duty to preserve potentially relevant documents," he said.

          Playing safe does indeed indicate good record-keeping. I'm still not a lawyer, but that seems like reasonable enough legal advice. However, he has more to say.

          "An employee retention program with no organization or coordination is effectively incapable of compliance," he continued, "barring an act of God, or luck akin to picking every game right in an NCAA pool. Apple's retention policy is negligent."

          Do you mean "negligent" in the legal sense, or the colloquial? Because, you know, now that you're being cited as an e-discovery lawyer, the inclination will be to assume that everything you say is your legal opinion or best counsel based on the sum of relevant statute and precedent.

          Consider this scenario: Employees could have emails from five years ago that become "potentially relevant", but because there was no policy in place regarding e-documents, those records could easily become destroyed -- making it potentially impossible for a plaintiff to make a case from internal documents.

          That could only be a problem under an ex post facto law, in my opinion. I am still not a lawyer, so if I'm right [meaning his advice is not so hot], we now have a good idea why "his employer (a firm you probably have heard of) doesn't want him speaking to the press."

          However, Apple claims in the Psystar document that its policy is fine because once the company anticipated litigation:

          [Apple] identified a group of employees who could potentially have documents relevant to the issues reasonably evident in this action. Apple then provided those individuals with a document retention notice which included a request for the retention of any relevant documents.

          Psystar's antitrust claim has been dismissed, but Apple is currently involved in many other cases. Apple's weak e-discovery practices could very well come back to haunt the company.

          That is of course possible, but "could very well" normally implies high probability, and that is not supported by the facts given in this article. Obviously, he has a product to sell, but I would have come away with a more favorable impression of e-discovery software if he had said something more like, "if the evidence against you is as weak as the evidence against Apple in this case, you don't need a data retention policy any better than Apple's. However," I would continue if I was trying to sell some e-discovery software, "in case of better-organized litigation against you than this case, a more comprehensive data retention policy might be in your best interest." See, instead of making my sales pitch on a case that, taken on its own, indicates that my product is unimportant, I would acknowledge that my product was not important in this case, but suggest that it is not wise to assume that every case will be so easy. I think my approach appeals less to the customer's fear, and more to the careful consideration that will need to be evident in an approved purchase request.

        • by aliquis (678370)

          Ah, I missed that it was Apples standard, I thought it was a legal standard :D / the law.

          Yeah, if it's Apples documents for how to handle it it probably means "we don't try to save anything except if we are forced to."

    • by tlhIngan (30335)

      The thing here is that litigation is always anticipated at Apple - if they're not currently suing someone, its because they're getting ready to sue. (or the legal team are on holiday [legal team pictured on the right hand side of that photo])

      Or... they're being sued. It's practically a rare day these days when Apple isn't being sued by someone.

      It's a wonder Apple can release product considering how much the probably spend on legal...

      • Re: (Score:3, Funny)

        by TheRaven64 (641858)
        See? Another example of Apple not innovating. Spending vast amounts on lawsuits was a strategy first pioneered by IBM and later adopted by Microsoft.
  • by negRo_slim (636783) <mils_oRgen@hotmail.com> on Sunday November 23, 2008 @10:05PM (#25869189)
    email? apple is to hip for that. its social networking [web-strategist.com], far as the eye can see...
    • by lysergic.acid (845423) on Sunday November 23, 2008 @11:35PM (#25869693) Homepage
      ::HackintoshDood signs in to Myspace::
      MySpace: you received a friend request from AplLawyrBabe81
      ::looks at profile pic::
      HackintoshDood: sweet, she looks pretty hot.
      ::approves friend request::
      MySpace: you have a chat request from AplLawyrBabe81.
      HackintoshDood: awesome!
      ::clicks::
      AplLawyrBabe81: a/s/l?
      HackintoshDood: 21/m/san jose, u?
      AplLawyrBabe81: kekeke
      HackintoshDood: i rly like ur pics. you're hot. ;-)
      AplLawyrBabe81: kekeke, thanks. ;-)
      AplLawyrBabe81: ur profile says u r Matt Anderson. is that rly ur name?
      HackintoshDood: yep, that's me =P
      AplLawyrBabe81: oh, good. then consider yourself served.
      AplLawyrBabe81: ur being sued by Apple for copyright infringement.
      AplLawyrBabe81: c u in court. k bye!
      • Re: (Score:1, Funny)

        by Anonymous Coward
        Crap, you know the same thing happened to me from AplLawyrBabe80? I thought it was just spam, wait, someones knocking on my do#^%$&[NO CARRIER]
  • This may be very bad for Intel in the intel vs amd case. As Intel may of give apple a unfair deal to keep amd off of apple systems.

  • e-dicovery? (Score:5, Interesting)

    by Dutch Gun (899105) on Sunday November 23, 2008 @10:15PM (#25869263)

    The fear of fines and other legal sanctions has resulted in many companies instituting strict "e-discovery" retention policies, and has helped give rise to a new class of enterprise-class storage and indexing tools.

    I think "iDiscovery" is a much catchier name...

    Joking aside, I kind of wonder about the practicality of requiring companies to retain their own documents in case of possible litigation against them. Won't this simply encourage people to use alternate means for any sort of confidential communications? Also, what proof is there of a lack of tampering? I'm not saying Apple is guilty of this, but it does cross my mind in a general sense. It seems only natural that executives will be more cautious of saying anything even remotely incriminating via e-mail. More face-to-face meetings in the future, I guess.

    • I think it could get a greater sliding scale effect. Require Emails for endless archives, then IM's then further recording and archiving all phone calls... It is out of hand, and worse almost every politician in power use to be a lawyer. So you can't even cry for them for some reasoning that sometimes the Lawyers jobs will need to be tougher and you can't always have the company share all its information to everybody. And shouldn't be required to.

      • Re:e-dicovery? (Score:5, Insightful)

        by hairyfeet (841228) <bassbeast1968@gm[ ].com ['ail' in gap]> on Sunday November 23, 2008 @11:30PM (#25869665) Journal
        Yes but IMHO it should be the same as taxes, that is 7 years. If the excrement hasn't hit the bladed cooling device in that time then chunk away. But if there isn't at least SOME kind of retention policy required of corporations you'll see every Enron style ripoff artist simply switch everything to email so they won't have to worry about having any paper trails. You have to balance the needs of the public and the shareholders with the needs of the company. But since we are rapidly switching(and some could argue we already have) to a paperless society then we really should have a set number of years for electronic records like email and IM. After all, look at what has come out against MSFT over the Vista Capable scam thanks to email.
    • Bah, don't worry about the executives. They already have a entire language of obfusciation and everybody else just posts the dirt to their MySpace blog.

      • Re: (Score:3, Insightful)

        by Dutch Gun (899105)

        Bah, don't worry about the executives. They already have a entire language of obfusciation and everybody else just posts the dirt to their MySpace blog.

        It's not that I'm worried about executives. It just feels both pointless and overly intrusive to me, which is a bad sign for any government policy. From there, it seems a small step to require Internet providers or search engines to start logging the same sort of data. It doesn't really seem all that far-fetched. [npr.org]

        • well, corporations shouldn't even have rights as an individual. however, if corporate entities are going to be given rights, and in fact more rights/power than regular citizens, then they should be held to higher legal & moral standards and also subjected to greater scrutiny (i feel the same should be applied to politicians, law enforcement, and others in positions of power).

          ordinary individuals have to file & report all of their financial earnings, and the court can issue warrants to search and sei

          • by c_forq (924234)

            corporations shouldn't even have rights as an individual

            Yes and no. Should they have the right to free speech? Yes, with the same limits as an individual. The right to bear arms? No, I don't think Omnicorp needs guns. The right deny boarding of government troops? Yes, I sure don't want weekend warriors taking over my cubicle.

            • Re: (Score:2, Insightful)

              by lysergic.acid (845423)

              why should a corporation have the right to free speech? or perhaps a better question might be, why would a corporation need the right to free speech?

              a person's right to free speech may be encroached if they, say, create a film that offends some special interest groups or portrays a powerful corporation in a negative light. a lawsuit might be filed against the filmmaker in an attempt to silence him. in this case it would be a matter of free speech.

              now, how would the issue of free speech ever arise regarding

          • by Dutch Gun (899105)

            so if people are subjected to all of these encroachments of privacy and civil liberties, then why shouldn't corporations be forced to keep records that can assist legal investigations? if anything people should have more of a right to privacy than a corporation, since a corporation is just a commercial entity, not a human-being with natural rights.

            I'm not arguing against it on the basis of civil liberties. I'm arguing on the basis that its counter-productive and unnecessary. If someone is doing something illicit, don't you think they'll be just as likely to try to cover their tracks? That leaves the burden of compliance on those companies that *are* doing the right thing.

            Keep in mind that not all "corporations" are giant conglomerates. Many smallish businesses are also "corporations", just not publicly traded. What do you feel would be the size

            • i see your point. i guess i just feel that we live in a society where corporate industries have much more political power than normal individuals, and yet there seems to be much less accountability in the corporate world than the world of ordinary individuals who, meanwhile, are being subjected to increasingly draconian laws. so if the NSA can spy on private citizens using wiretaps without obtaining warrants, then i feel no sympathy for corporations having to archive their e-mails.

              but you're right; this cou

              • by Dutch Gun (899105)

                i see your point. i guess i just feel that we live in a society where corporate industries have much more political power than normal individuals, and yet there seems to be much less accountability in the corporate world than the world of ordinary individuals who, meanwhile, are being subjected to increasingly draconian laws. so if the NSA can spy on private citizens using wiretaps without obtaining warrants, then i feel no sympathy for corporations having to archive their e-mails.

                Well, I think we'd agree that's a separate battle we have to fight - that is, ensuring personal liberty.

                as long as the regulatory requirements are reasonable, it should be alright no matter what size a company is. as long as companies aren't being asked to keep e-mails indefinitely or record and transcribe every single phone call, it should not present too big a problem. also, the amount of regulation a corporation is subjected to should be directly proportional to their size and power. so by limiting the power of corporations through unobtrusive regulations there'd be less of a need for this sorta thing.

                for example, things like telecommunications, internet access, water, electricity, etc. are vital public utilities. such utilities are natural monopolies where they either, must be operated as a monopoly or operate most efficiently as one. additionally, being vital components of public infrastructure like roads and the sewage system, these utilities also exhibit inelastic demand. these two things combine to give telecoms, ISPs, and other utility companies a lot of power, which also create tremendous potential for abuse. so either these industries have to be nationalized, or they have to be tightly regulated.

                This seems reasonable. My only fear is that government oversight and regulation can corrupt just as easily as a private corporate. Take a look at the current banking mess. It seems to be a combination of bad judgment in public sector combined with outright fraud in the private sector. For the government's part, they're the ones actually pushing banks to make those sub-prime loans in the first place -

    • Re:e-dicovery? (Score:5, Interesting)

      by the eric conspiracy (20178) on Sunday November 23, 2008 @10:51PM (#25869461)

      I kind of wonder about the practicality of requiring companies to retain their own documents in case of possible litigation against them.

      There is no general requirement. Many companies have document destruction policies - for my company we automatically delete all email older than 90 days.

      Some records have to be kept - financial records, taxation, etc. Invention records for patents, and so on. If you are in the financial industry the SEC requires 5 years for everything. If you are in a lawsuit the judge might order you to stop destroying stuff - I think Prudential got hit with a fine because nobody told their IT department to turn off their automating pruning process.

      • Re:e-dicovery? (Score:4, Interesting)

        by Degrees (220395) <degrees@@@sbcglobal...net> on Monday November 24, 2008 @02:31AM (#25870475) Homepage Journal

        Actually, there is a general requirement - although it's a special case, kind of. It's called FRCP [cornell.edu] - Federal Rules of Civil Procedure. So, it's a special case in that it only applies when you show up in Federal court. But it's a general requirement in that any case that gets ruled against can be appealed, and after enough appeals, you end up in Federal court. The Cornell link also points out that a lot of state courts are accepting the FRCP rules as reasonable for their proceedings.

        I've been told by our legal counsel the same thing mentioned in TFA: "If litigation is anticipated, the party has a duty to preserve potentially relevant documents". The obvious case is when someone's death (due to negligence) is involved. The less obvious case is when the boss starts an affair with one of the administrative assistants. Do you keep the love letters? Is litigation anticipated? What if the boss has authority over job promotions?

        Problem 1 is that the automated "we delete after 90 days" system may not have a provision for "well, delete all except foo and bar". (And, BTW, foo might take five years to get to court, and bar might never). Problem 2 is that it's probably not reasonable to expect end users to be able to classify keepers from trash. If they weren't love letters, but rather evidence of sexual harassment, should the victim have been allowed to keep them? If corporate policy says no....

        I don't know if this was the same case you were thinking of, but Morgan Stanley agreed to pay $15 million [computerworld.com] in fines for its failure to retain e-mail messages.

    • It's generally in the best interest of a company to just give up everything and follow the rules procedure in the USA.

      If a judge finds out that a company is taking evasive action or has put in a policy in place to deliberately hide information from the court, then that company is going to get banged and banged hard. And if a you are judge, you can bang a company for a long, long time.

      There are just some judges who will just look at a company, sigh, and say "what are you guys in trouble for now?" The lawye

    • iANAL would be a good name for a design obsessed company that sues its fans.

    • Re:e-dicovery? (Score:5, Interesting)

      by Lord Kano (13027) on Monday November 24, 2008 @03:36AM (#25870673) Homepage Journal

      Won't this simply encourage people to use alternate means for any sort of confidential communications?

      YES.

      Two weeks ago, where I work, there was a new training module that we had to complete. One of the topics was email and discovery. We are specifically prohibited from speculating about anything in email because it can be a part of discovery. If we have concerns, we are to walk to the person's office and discuss it with them in person.

      LK

      • We are specifically prohibited from speculating about anything in email because it can be a part of discovery

        was that policy given to you in writing? I merely ask because they had better have pretty plausible deniability on that one...

        • Why? There is no law that says a company HAS to put potentially incriminating information into email format. It's certainly legal to establish a policy that any information or speculation that could be used against a company not be put in email.

          • It's in this bit

            We are specifically prohibited from speculating about anything in email because it can be a part of discovery.

            .

            If they did it, for example, "because we find it leads to unclear communication" or "because it could be unfairly used against the company, then fine. However, they are doing it deliberately to hide "from descovery" it and they said it themselves. Now that is deliberately planning a lawsuit (otherwise where would discovery come from?) and at the same time hiding evidence. That can definitely be used to help show bad faith.

        • by Lord Kano (13027)

          It's illegal to destroy evidence. It's not illegal to avoid creating it in the first place.

          LK

  • by iamhigh (1252742) on Sunday November 23, 2008 @10:16PM (#25869277)
    I tell this to users all the time. Email is for communicating... not storing documents and information. Do we require companies to record all phone conversations? What about documenting meetings and informal conversations (where the real magic happens)? Why is email different? Yes I know the laymans answer - because it is already half way retained. But that doesn't equate to legal requirements for a company to retain ALL email. That is actually quite a burdon. The intranet, CMS, ERP, $software_solution, and paper copies are all that should be REQUIRED for legal proceedings.

    Now, some IANAL (or IAAL) tell me why I am completely wrong.
    • by chill (34294) on Sunday November 23, 2008 @10:24PM (#25869315) Journal

      The financial industry requires all that. Where I work (broker/dealer and investment management firm) EVERYTHING is recorded. E-mail, phone calls, meetings, etc. IM and the like are forbidden. We even get copies of every fax sent/received and paper letter sent by investment advisers. All of it. Yes, it is a royal pain.

      • Re: (Score:3, Insightful)

        by libkarl2 (1010619)

        Typical e-mail systems treat messages as messages, and not documents. Its made evident by the email address itself: someone@domain.net -- not alot of meta-data in there. Just a person at a place.

        what blows me away is when companies that do make an effort to archive e-mail messages, insist that the operation be performed at the client, via CC or message forwarding (the cost savings technique). Sounds ripe for abuse if you ask me.

        Lets face it: e-mail is too big to fail! Therefore (Satan get behind me) we must

        • by chill (34294)

          Mmmm...then they're doing it wrong if they're forcing it on the client end.

          Postfix has a "BCC every message" at the server, where one of EVERYTHING is BCCed over to where you specify. Exchange has some decent journaling functions that handle this and you can always use a mail proxy, like Google's Postini to intercept everything at the threshold.

      • by Ihmhi (1206036)

        Yes, it is a royal pain.

        Well, a marketing company or something else like that can't exactly torpedo the economy the way financial organizations can.

        Lockheed Martin acts stupid, maybe they go bankrupt or get acquired. A financial company acts stupid, and... well, the last few weeks are evidence enough as to what happens.

    • by truesaer (135079) on Sunday November 23, 2008 @10:25PM (#25869323) Homepage

      But that doesn't equate to legal requirements for a company to retain ALL email.

      No it doesn't. But there are two issues with email. First is that if you don't have a standard policy for retention/destruction of email (or network share backups or whatever), it opens you up to allegations that you destroyed evidence after a lawsuit was filed. If people can delete things at any time, it makes it hard to show if it was coincidence that your VP just happened to delete all that relevant stuff after a suit was filed or not. With a standard policy, if everyone complies, then this matter is much more cut and dry.

      Second is Sarbanes-Oxley compliance. I know a lot of companies have banned external instant messenging because of retention concerns related to Sarbanes-Oxley (since you can't easily log AIM and other IM discussions). I'm a bit surprised that Apple hasn't got policies in place given their issues with improper options in the past. Similar laws, I guess they didn't take the scandal very seriously.

      • Re: (Score:1, Insightful)

        by mysidia (191772)

        First is that if you don't have a standard policy for retention/destruction of email (or network share backups or whatever), it opens you up to allegations that you destroyed evidence after a lawsuit was filed. If people can delete things at any time, it makes it hard to show if it was coincidence that your VP just happened to delete all that relevant stuff after a suit was filed or not.

        Seems there are two policies that should be used:

        (1) Delete when read -- e-mail messages must be deleted as soon as t

        • Re: (Score:3, Insightful)

          by truesaer (135079)

          "Should" be used? That may be the best policy for limiting discovery in lawsuits, but it would seriously damage the operation of the business. I can't immediately resolve an issue emailed to me most of the time, and I rely on saving emails with important information for later use. I'd say these are pretty common ways that people use email.

          You want to mitigate legal risk, not necessarily eliminate it.

          • by mysidia (191772)

            It just changes how you operate: instead of important information being e-mailed it should be placed in a document, and you are sent a link to the document.

            Issues should be filed using trouble tickets, not e-mail.

            • by truesaer (135079)

              And how does that help with legal liability? Your just as obligated to have a rational policy for retaining or destroying documents and trouble tickets as you are for email.

              And not every task that I have is a discrete "issue" that can be filed as a trouble ticket. It may be an aspect of a discussion that I want to learn more about, or a link to a document that I haven't fully read yet, or any of a hundred other things.

              Even if your idea was feasible for internal communication it doesn't address communicati

              • by mysidia (191772)

                The same virus issues exist with e-mail, and a virus scanner should be used. Documents are in general too large to e-mail in the first place.

                As far as e-mail you send to/receive from outside domains is concerned, it should probable be archived for a long time, for security reasons (detect employee leaking data to an outsider). BUT those archives don't have to be accessible (necessarily) to the users of e-mail, only IT and management would be able to pull those tapes.

                Your firewall administrator should b

    • Re: (Score:1, Insightful)

      by Anonymous Coward

      Archiving documents, meeting notes and phone conversations is routine at many firms. It's not uncommon for executives and employees to keep logs of all phone calls (typically who was on the call and what was discussed) and meetings. In some firms written meeting notes are kept in bound, page-numbered noteboots so it's clear if a page has been added or removed.

      Any conversations at the executive level, and anything that may end up in court should be noted on a calendar--who was in the meeting and what was d

    • by Anonymous Coward on Sunday November 23, 2008 @11:20PM (#25869611)

      Let me put it this way - I know of a largeish piece of corporate litigation that turned almost entirely on a Christmas card.

      Broadly speaking, anything that is recorded and is able to be read/interpreted/played back/whatever is a "document" for legal purposes and is discoverable if it is relevant to the issues in the case (or whatever your local rules are).

      A conversation isn't a document as there is no persistent record of it. That is why you have "pens up" meetings and why some people will never put anything more informative in an email than "come see me".

      However, if you do make any record of that conversation - be it five words on a napkin, a detailed minute of the meeting or an audio recording, then that becomes discoverable (provided it is relevant). If you are given a handout of powerpoint slides at a meeting and you make notes on it then that handout becomes a wholly distinct, individually discoverable "document" from a blank printout of the slides.

      In most places it is considered contempt of court to destroy a document that is discoverable in actual or reasonably anticipated litigation.

      And yes, IAAL.

    • Re: (Score:1, Interesting)

      by Anonymous Coward

      Now, some IANAL (or IAAL) tell me why I am completely wrong.

      IANAL, but IAARecordsProfessional.

      You're really not wrong. The fact is e-mails are capable of substituting for lunch-room gossip, post-it notes, memorandums, and corporate letterhead.

      The problem is that most users, particularly of the age and experience level to make executive business decisions that exist purely as communication, have *not* received training on how to distinguish between those degrees of what constitutes an e-mail Record. Hence, save-it-all policies. (Or with some employees, print-it-al

    • by fermion (181285) on Monday November 24, 2008 @01:05AM (#25870077) Homepage Journal
      From what I can tell, this is old news and the protocol has been set. Destroy documents every so often. Do it consistently. Do not wait until there is a budget. Continuously go through everything and destroy everything that older than a cutoff. If you are told to stop, stop, and don't start trying to catch up on the destruction. This has been SOP since the Enron mess.he legal requirement is to follow protocol and not destroy stuff after you are told not to. This is nothing new, and if Apple does not have a consistent policy, then that is bad for them. The fact is that the paper trail is there. If you don't want a paper trail, have an undocumented face to face meeting.
    • by Degrees (220395)

      What it comes down to is the definition of a "record". If you and your boss make a decision over the phone, and it's followed up with an email, then that is the record of the decision. In the Bad Old Day, a record was paper. The transition to email doesn't get rid of the need for records - it just changed the form.

      I work in government, and we have to live under 'open meeting rules'. In other words, elected officials have to be careful not to discuss items with each other (and thus be at risk for the accusat

    • by Lord Kano (13027)

      Yes I know the laymans answer - because it is already half way retained.

      Nothing half way about it. It's stored on a disk drive on a server. That server is backed up, nightly? Weekly?

      Your emails are retained. If you were involved in a successful plot to assassinate the President and the authorities thought that you might have communicated it via email six months ago, you bet your ass that every email you sent would be available to them. This kind of thing is about making it easy to search them.

      LK

    • I tell this to users all the time. Email is for communicating... not storing documents and information.

      You're so right - How often do you see people looking for an important file, or minutes of a meeting etc. via their Lotus Notes / Outlook, (where the file itself will be buried in some PST file in a sub-directory of C:\windows... and not backed up as part of the 'user' files...)

      I think it's because they find it easier to use one interface for storing & searching, so if all else fails I suggest Google Desktop Search or something (depend on platform etc)

  • by girlintraining (1395911) on Sunday November 23, 2008 @10:25PM (#25869329)
    Retention policy is simple: Delete anything that shows it's your fault. Save anything that shows it's somebody else's fault. Forward anything that makes your boss look good. If you're asked for copies of anything give them something that looks similar but isn't it. If you're called into court, you have a bad memory unless your lawyer says you don't. And under no circumstances should you ever, ever






    .
    • Re: (Score:3, Funny)

      The first rule of retention policy club is do not talk about retention policy club!
    • Re: (Score:1, Insightful)

      by Anonymous Coward
      Easier still: Delete nothing. Encrypt everything. Wanna see it but it makes me look bad? 5th amendment. Wanna see it and it exonerates me? Here ya go!
  • Just because a massive company doesn't have a "company-wide" policy on email does not mean it does not effectively archive it.
  • by xZgf6xHx2uhoAj9D (1160707) on Sunday November 23, 2008 @11:22PM (#25869619)
    Man, if only Apple had access to some sort of technology that would automatically back up their emails. Something that indexed the back-ups too. Something that Just Works.
    • Re: (Score:2, Informative)

      by GMonkeyLouie (1372035)

      That's actually hilarious that you mention that, as I am storing about a half-decade's worth of e-mails using apple products and hardware. Wouldn't call it especially secure or safe, but it's there and it's intuitive to use.

      Why wouldn't they at least use the office as a place to field test the product?

    • by leptons (891340)
      I think you mean Time Masheen. If only Apple could find it they could go back in time and undelete the e-mails they should have kept.
    • by bill_mcgonigle (4333) * on Monday November 24, 2008 @02:14AM (#25870399) Homepage Journal

      Something that Just Works.

      Perhaps you've heard of Mobile Me? It's a wonder they have any e-mail.

      • by gobbo (567674)

        + 1 funny or insightful...

        Ars Technica reported on S.Jobs eating some humble pie in august... he admitted that MobileMe wasn't up to "apple" standards and they screwed up by rushing releases of its features.

        Apple always seems to have one or two major screwups in process at any one time... keeping their product line is slim probably helps them manage that sort of thing (and protect the all-important brand rep).

        Then there's the intentional user-abusive @#!$* they pull---last night a client brought over his ne

        • No Firewire..."

          He's returning it today. The Idiots!

          Yeah, though to be fair it's not on the nVidia chipset they're using and the Macbook is all integrated. They must have some huge video play in mind that they think is worth it.

          They could have done a daughterboard, and I'd argue should have, but the Macbook is all about cheap.

  • Sarbanes-Oxley (Score:3, Interesting)

    by BitterOak (537666) on Sunday November 23, 2008 @11:32PM (#25869681)
    I thought that since Apple is a publicly traded company they are required to retain ALL corporate e-mails as a result of Sarbanes-Oxley legislation. What am I missing here? (IANAL, so I'm genuinely curious.)
    • Re: (Score:3, Interesting)

      by vvaduva (859950)

      Yes, SOX section 802 can bring criminal penalties if audit records (which can include email messages) are not maintained. It sounds like Apple may not be SOX compliant.

  • I'm kind of in the middle of developing a policy for my department (1500 employees/800 Exchange users) of a large County (105,000 employees) where we currently have zero policy.

    I've already been part of an e-discovery action for a lawsuit - which we eventually won - and can't imagine what might happen next.

    Nevertheless - I follow the GTG philosophy. If it takes less than 60 seconds to do, I delete it. I also delete my deleted files every time I close for the day.
    • by vvaduva (859950)

      The problem with what you are doing is that you are removing data and electronic memorandum which could exonerate you and your employer in case of a lawsuit. This is of course, assuming that you are doing all this in good faith.

      • Whatever happened to "innocent until proven guilty?" It's ridiculous to think that we now have to archive all of our correspondence "just in case" we have to defend ourselves in court. People need to re-read (or read for the first time) Kafka's "The Trial."
        • Actually, I've found it to be more the opposite. If I delete everything as my personal policy then there's no issue.

          If I retain stuff and something - however unlikely - is found to be damaging in a future lawsuit then "m screwed.

          Now, If I do what Oracle (IIRC) did and start deleting AFTER a discovery request is made, then I'm guilty of obstruction.

          I figure just delete before hand.
          • That seems like the sensible thing to do to me. Making things too complicated is a waste of time.
        • by vvaduva (859950)

          I said "could" exonerate you, not "will." You need to practice sound risk management principles and decide what is best in your situation, in your specific cultural context.

  • by fuzzyfuzzyfungus (1223518) on Sunday November 23, 2008 @11:48PM (#25869751) Journal
    Ok, I propose the following: We take up a collection to establish a prize pool to be paid to the (estate of) the first person to approach Steve Jobs and, with a completely straight face, suggest that he "Really ought to consider an enterprise grade hosted-Exchange Solution; since, after all, Exchange and Microsoft Workgroup Technologies(tm) are the heart of the dynamic enterprise."

    Just remember, Steve has eye lasers, and they are powered by pure disgust.
    • I think that "shooting the messenger" wouldn't really do justice to the carnage that would ensue.

      Anyway, Apple products aren't meant for that environment, really. Are they? I don't think they're going after tech support cubicle-dwellers.

      Although, Apple does like to keep a little bit of a messiah complex about itself.

    • Dude, you get me to Steve Jobs, I'll say it. I ain't afraid of no eye lasers. I've got a pair of mirrored sunglasses!

  • by blitz487 (606553) on Monday November 24, 2008 @12:41AM (#25869967)
    So many companies have been hung out to dry based on emails one wonders why officers and above in the organization are even allowed to use email. They should go back to voice only, and have someone else write a memo if it is really important.
  • by Anonymous Coward

    Our legal people won't respond to IT requests such as 'how long should we keep backups' The problem being that if they give an answer it can be used against the company.

    Not having a guideline at all is the best way to circumvent that. Of course they do have a guideline for employees to delete all emails that are no longer pertinent to their jobs, but those guidelines are there for the same reason. It's all about deniability.

    So I'd call this smart, not negligent.

    • Not having a guideline is a good way for your company to be found in contempt of court. It is also a good way for the opposing legal team to convince a court (and public opinion) that the lack of documentation represents a deliberate attempt to cover up wrong doing.
  • Why keep emails? (Score:3, Insightful)

    by Anonymous Coward on Monday November 24, 2008 @03:17AM (#25870625)

    Why would Apple bother to keep emails when they already know that the risk of the email being used against them is far worse than the penalty for not keeping them.

    • IANAL, but my understanding is that if you can not produce the evidence [because you destroyed it, your dog ate it, etc.] the judge can instruct the jury to draw a negative conclusion on why the evidence can not be produced. Saying your dog ate your homework just does not cut it.
  • They're pointless.

    Why is it that we task a company with producing information which may incriminate it? Isn't that sort of like asking a murder suspect to hold on to the weapon until his court date, just so the court can save money on evidence facilities?

    If the court wants it, then it should be notarized and stored by the court, just like other contracts we expect the court to enforce (title deeds, etc).

    If they are the private documents of a business (or of anyone), then how is it, owing to the 5th, that th

  • E-mail causes problems. If you don't archive anything, they say you were "destroying documents", but if you archive everything, all of your company's internal communication is discoverable via a supoena.

    In other words, use telephones.

    In Apple's case, I think they'd rather pay any fines in court for "forgetting" to archive everything rather than have all their internal communication available to anyone with a lawsuit/beef against them. Archiving their mail would be a strategic fuck-up of grand proportions.

"Pull the trigger and you're garbage." -- Lady Blue

Working...