Email Fidelity: Ignore it at your own risk
- November 13, 2015
Over the years, thousands of organizations have purchased email archiving solutions. Many of these email archives have grown to gigantic proportions housing terabytes of email messages, attachments, appointments, notes, contacts etc. As these legacy email archives have aged and newer solutions have appeared, many have decided to throw in the towel and migrate their legacy email archives to newer systems. But beware…email archive migrations can pose levels of risk that many don’t consider. For example, legal considerations would dictate the following questions be answered:
For eDiscovery and regulatory information requests, email archives are no different than any other data repository – all are subject to review. Knowing what you have and what your responsibilities are is key to reducing your risk.
When responding to an eDiscovery order, the fidelity or faithfulness of the collected email, as compared to the original email, is extremely important. Unless there is an agreement to do otherwise, the duty of the responding party is to find and produce all relevant data in the format and state in which it was retained at the time of notification or awareness of pending litigation - including all metadata.
Email carries information (metadata) about its author, creation date, attachments, recipients - CC or BCC, and whether it was a reply (conversation thread – figure 1) or was forwarded to someone else.
Figure 1: Email conversation threads generate important metadata
Email metadata also includes information about any attachments associated with the email message. When an email message is a vehicle for transmitting other documents, such as word processing documents, spreadsheets, or presentations, links to those attachments are part of the email's metadata. Preserving these links enables a reviewer to tell what document, and which version of it, was attached to a particular email message.
Because of this fidelity requirement, organizations responding to an eDiscovery request must be especially careful how they handle email and other data during the collection process because metadata can be inadvertently changed by simply opening the email to review it.
Email archives complicate the eDiscovery process further. Some email archives, for example the Mimosa Systems NearPoint solution, are able to capture and archive a great deal more email metadata than other email archiving solutions. This includes metadata such as individual message movements from folder to folder, whether it was opened and when, and if it was deleted and when (and whether it was deleted without being opened).
For those of you not legally inclined, this metadata can be extremely important in litigation. Just the fact that an employee received a specific email but never opened it can show lack of culpability in a case. Another legal example occurs during intellectual property theft cases; an employee claims to have never received an email message with an attachment from a competitor with design specs for a yet to-be-released technology. The Mimosa Systems NearPoint email archiving solution would capture the fact the email/attachment was received by the employee, when it was received, and also the additional metadata showing the employee immediately opened it and an hour later deleted it (figure 2). Some email archiving systems that rely on basic MAPI crawls or Journaling to capture email would not capture the email delivery or subsequent actions around it.
Figure 2: Potential email metadata creation
An important point many overlook is that metadata could, in some cases, be the very evidence that enables you to successfully defend against an unfounded lawsuit. Access to metadata can also be instrumental in enabling early case assessment activities – the process of quickly gathering potentially relevant data to gain insight into the “go forward” strategy for the case.
The above examples highlight the need for owners of email archiving solutions to be very careful when collecting data from their email archives based on an eDiscovery request. Copying the relevant email messages but not the associated metadata can open you up to incomplete eDiscovery penalties or charges of hiding evidence.
Another risky situation arises when organizations migrate email from a legacy email archive to a newer system such as GMAIL or Exchange/Office 365. Many email migration vendors will by necessity, convert the archived email from the standard MAPI format to another format, such as EML, losing message body detail such as text highlights and all associated metadata. This converted (and stripped) email can then be migrated into another email system like GMAIL for later use and reference. For those organizations migrating legacy email archives into Exchange Online/Office 365, they need to go through two format conversions: first from MAPI to EML, and then back to MAPI before being moved into Office 365. Both conversion cycles strip all metadata from the archived emails. Think of the conversion process as Xeroxing a full hard copy color diagram on a black and white copier – much of the visual detail and meaning is irrevocably lost in the conversion. The same effect holds true for the migration of archived calendar appointments – data such as when was the appointment made, by whom, who responded, and what did they accept/reject the appointment request or suggest another time – all lost.
As was mentioned earlier, this metadata can be important to a future legal case so care should be taken to 1) fully understand what data (and metadata) your email archive holds, and 2) confirm your migration vendor doesn’t convert messages from the original archived format. This will ensure the migration will be done in a complete and legally defensible manner.
Archive360 has an in-depth understanding of the most popular email archiving solutions – including the Mimosa Systems NearPoint and has successfully migrated hundreds of legacy archives. The Archive 2-Anywhere email archive migration solution is designed to migrate all email archive data, including all metadata, in a legally defensible manner.
Your legal, compliance and security teams rely on having an immutable copy of all of your emails. Office 365 archiving does not support journaling. So what should we do?
This eBook provides actionable tips to empower IT to solve the problem.