Your E-Mail May Be Gone, But It’s Not Forgotten

Your E-Mail May Be Gone, But It’s Not Forgotten
For many of us, e-mail has become as important a means of business communication as the telephone. On average, I receive at least 20 business-related e-mails a day. Conversely, I send at least that many — sometimes more.

If you do the math, that’s nearly 10,500 e-mail messages a year. Strange, then, that such an important part of a business day isn’t given the respect it deserves, and I’m not the only one to blame. Chances are, you and your employees don’t treat your e-mail as carefully as you should, either.

But don’t worry, should you or your company become embroiled in litigation, undergo regulatory review, or even attempt to document workplace misconduct you’ll quickly discover the staying power of the humble electronic message.

“A good reason we’re in business is that people don’t understand the permanence of e-mail and immortalize things in it that they would never put down on paper,” says Kristin Nimsger, legal consultant for Ontrack Data International, just one of a new breed of firm that makes a business out of computer forensics — a burgeoning business that recovers deleted computer files.

Consider this: Ontrack estimates that 93 percent of all business communication in America happens in electronic form, through e-mail as well as user data such as text files, spreadsheets, PowerPoint presentations, and so forth. Most of that data never even makes it onto a piece of paper. And that’s what can cause problems.

Imagine if every telephone conversation you had was recorded and saved. In a sense, that’s what happens with e-mail. Most of us treat electronic messages is if they were individual pieces of paper — easily disposable.

When you shred (delete) a piece of paper, the resulting pile of strips is good for little more than packing material. The chance that anyone will be able to reassemble the original page is just about zero. Not so with electronic documents. Just ask Enron and Arthur Anderson executives, or anyone else whose deleted e-mails and files were dug up to become part of the public record.

The reason electronic files are so permanent has to do with the way they’re stored on a computer. When you delete a file, you aren’t actually erasing the file itself. Instead, you’re just removing a pointer that the computer uses to find the file’s data on the hard drive. The data still exists — at least until it gets overwritten by another file. Deleting a file is a little like scratching out part of a book’s table of contents in an attempt to erase a chapter; the pages are still bound into the book. E-mail messages are even harder to delete, since multiple copies of them often exist not just on the originating computer but also on servers, backup tapes and recipients’ computers.

Of course, everyone have fewer problems and concerns if we only remembered the Golden Rule of E-mail: Don’t send anything by e-mail that you wouldn’t want posted on the company bulletin board. If it’s safe enough for the bulletin board, it’s safe enough for e-mail. And if you’re debating whether or not to send something personal by e-mail, either deliver it by hand or send it by snail mail.

The problem is we forget the Golden Rule. That’s why Ontrack and other computer forensics firms like Electronic Evidence Discovery and Guidance Software are so busy. And if all of this seems a bit cloak-and-dagger, it’s because it is.

In some cases, engineers from these companies slip into their customers’ offices after-hours to do their sleuthing, like high-tech Sam Spades. They make a copy of the hard drive under investigation, and then take that version to their lab for analysis, leaving behind no evidence that might tip off a subject that he or she is under surveillance. Back at the lab, computer forensics experts analyze the data on the mirror-image hard drive, looking for “orphaned” data that was deleted but not completely erased.

The easiest way to eliminate the risk is by treating e-mail with the respect it deserves, and urging your employees to do the same. Make sure business e-mail is business-like. Personal or sensitive information should be conveyed another way. And most importantly, never forget that electronic data may be out of sight, but it’s seldom out of reach.

E-mail us.