The topic of email preservation and retention within city government has
been raised repeatedly for several years. Some time ago, a judgment was
entered against the BRA in a lawsuit because the BRA could not produce
electronic documents in discovery. The BRA subsequently invested a
couple hundred thousand dollars in software and infrastructure for SOX
compliance and e-discovery. That was more than a year ago.
The other dozen email administrators at city hall have been conferring
and waiting for the city Law Department to say something establishing
the city's policy for retaining and preserving electronic records. But
as is the norm, the law department drags their feet unless the city is
actively being sued. And without a letter from the law department,
nothing happened at the IT department. This left the city no data
retention-expiration policy for several years.
In the case of Michael Kineavy, the user was not simply keeping a tidy
inbox. He was actively purging the deleted item retention from the
mailserver. This extra recycle bin is a feature in Microsoft Exchange
Server few users are aware of. Users and administrators who are aware
of it do not frequently access it, except in emergencies. The retention
exposes routinely deleted items to backup. Purging it daily shows a
deliberateness in wiping data.
It should also be noted that the city CIO is not by trade a computer
professional but is a member of the bar:
In short, the user acted in bad faith, the city lawyers were negligent,
the CIO should know better, and the IT staff should have shown more
respect for their profession. We are witnessing a systematic breakdown
across city hall.