Are you storing your email like Hillary?

March 12, 2015 at 9:56 am 2 comments

Its great having the Clinton’s back in the spotlight.

Their penchant for going right up to the line of propriety and wallowing in the gray area of the law (e.g. how do you define “is” anyway?)  provides so many entertaining blog worthy teaching moments that I’m sure Hillary’s relentless drive for the Presidency will be of great benefit to blogger and reader alike.

In case you missed it, earlier this week the former First Lady held a press conference to dispel any notions that she was knowingly   doing something inappropriate when she had a personal server installed at her private residence so she could store her State Department email on her personal account.  (Can you imagine Putin responding to an email from Secretaryofstatechick at

Anyway, shame on those of you who thought that she was trying to pull a fast one.  The prestigious   law school graduate, and  former high-powered lawyer with  the most experience in and around government of any presidential candidate since John Quincy Adams didn’t realize that it might be wrong to put government email on her personal server and decide for herself what emails should be saved, destroyed and parceled out.

In fairness to the Lady Who Would be Queen, the question of how much email to retain and for how long is one that vexes businesses of all shapes and sizes including credit unions every day.  Compliance people hate it because there are few bright line rules about how long email should be retained. Instead   one of the best guides to use in crafting your credit union’s email retention procedures  are   the factors considered by the courts  overseeing lawsuits.  Why? Because unless you plan on never getting sued by a former employee or ending up in a contract dispute with a vendor the courts are going to expect you to be able to provide basic information that the party suing you needs to prove its  case. The more reasonably you maintain your email today the more  slack a court may be willing to cut you tomorrow when determining whether you or the disgruntled plaintiff should bear the cost of discovery. There are also specific recordkeeping requirements for specific regulations but basing your record retention exclusively on these requirements doesn’t do enough to provide your credit union with an appropriate record retention framework.

As a general rule a party being sued bares the cost of complying with discovery requests-as those of you who have ever tried to get an attorney to reimburse your credit union for the cost of complying with an information subpoena are well aware.  However with the explosion of electronic storage courts have become sensitive to the fact that, depending on a corporation’s size, electronic record retention  and retrieval of email and other documents can become prohibitive.  Furthermore, it isn’t reasonable to impose the same retention requirements on a $50 million credit union and Bank of America.  As a result in weighing discovery requests and apportioning retrieval costs federal courts and, increasingly, New York’s state’s courts have examined the following criteria:

“1. [t]he extent to which the request is specifically tailored to discover relevant information;

“2. [t]he availability of such information from other sources;

“3. [t]he total cost of production, compared to the amount in controversy;

“4. [t]he total cost of production, compared to the resources available to each party;

“5. [t]he relative ability of each party to control costs and its incentive to do so;

“6. [t]he importance of the issues at stake in the litigation; and

“7. [t]he relative benefits to the parties of obtaining the information”

U.S. Bank Nat. Ass’n v. GreenPoint Mortgage Funding, Inc., 94 A.D.3d 58, 63-64, 939 N.Y.S.2d 395 (2012)


I underlined 4  5  and 6 because,  as you update  your email retention or broader record retention policy a key point to keep in mind is that the courts expect you to have a reasonable policy reflecting the characteristics of your credit union.  In this day and age you won’t avoid the cost of retrieving email because your policy is to save money by not archiving email on any of your servers for more than one day.  Conversely it’s perfectly acceptable to delete email where the cost of storing it becomes prohibitive and the likelihood that the information will ever need to be retrieved is slight.

One more thing to really make things more entertaining.  Hillary’s mistake also underscores the reality that, in the age of the smartphone, drawing a neat line between an employee’s “work” and “personal email”   is all but impossible.  It is likely to be the source of many a contentious legal battle.  Your policy should put employees on notice that “their” email may not be “theirs” if they are using a company smartphone or using their smartphone to conduct personal business

I wanted to scare you a little with this blog.  Your record retention policy is one of the most important policies your credit union can have and deciding how to manage all that email is a crucial component of that policy.  This is not an area where you should cut and paste another credit union’s policy and go onto more important work.  Instead you should involve your IT staff, your HR person your compliance officer and yes even a lawyer in devising a record retention policy that reflect your credit union’s unique attributes.

Entry filed under: Compliance, General. Tags: .

Three Things You Should Know On A Tuesday Morning Will CFPB Make handling delinquent loans even more difficult?

2 Comments Add your own

  • 1. shuutech  |  March 15, 2015 at 3:21 am

    I don’t see how companies will be able to claim ownership over personal emails, even if they were conducted using a company smartphone. Personal emails should never be used to conduct business matters but employees should retain the right to hold a private email account, no matter what device they use.

  • 2. Henry Meier  |  March 16, 2015 at 4:44 pm

    I would be in favor of an absolute right to privacy for private communication but no such right exists The question isn’t who “owns” the email. The relevant question is:: is a discovery request relevant to the issue that is the subject of litigation. The best way to keep your email private is not to conduct business with your smartphone.

    Thanks for commenting.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed

Authored By:

Henry Meier, Esq., General Counsel, New York Credit Union Association.

The views Henry expresses are Henry’s alone and do not necessarily reflect the views of the Association.

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 503 other followers