Personally, and with full acknowledgement that I am not a lawyer, I am glad to see the Sedona Conference commentary taking a balanced approach to this.
“Although courts and attorneys are wary that the use of an ephemeral messaging application allows a party to conceal misconduct and may protect a party in a litigation setting, the authors of the Commentary opine that with the proper application, the benefits of ephemeral messaging are substantial. For example, there is significant business value attendant to ephemeral messaging, including the elimination of costly storage and retention of data that lacks any business value.”
The question I have had about ephemeral messaging apps has always kind of been, why do we treat this so differently than other data. Let me explain.
Absent the requirement to hold on to records, organizations are allowed to determine their own policies around defensible deletion. For example, we often see that companies will have a retention around email for 3 years, or create a policy on shared document repositories of 5-7 years, etc.
Again, so long as you’re consistent in applying the policy, and you have a plan to retain any data as it becomes necessary, there’s no one telling you what that time frame should be.
Why does the legal system feel OK with 7 years, or 18 months, but not 7 days, or 7 hours?
There are plenty of records that you’d want to hang on to longer than that, because it makes business sense. Some records, never need to be kept at all. So why should we keep them? Don’t we have enough junk data laying around? Do we really need to keep personal messages between coworkers for 7 years? Do you have any idea how much data that is? How many Teams or Slack messages that really is?
Are we getting a realistic evaluation of the risks of keeping those messages versus the risk of letting them expire when that is coming from a legal department that doesn’t use any of these tools?