Weekly Update

What can we learn from the Sony mess?

It was a week in which Sony’s hacking by you-know-who dominated the tech news, and raised the question — once again — about email hygiene. The question is, how much email should companies hold on to?

In a perfect world — and this ain’t it — where storage is free and there is no chance that email could be used against you, why wouldn’t you hold onto everything? Then you could search for that gingersnap recipe from your Aunt Mildred every time you wanted to instead of copying it into Epicurious.

But as the Sony episode has shown, anything sitting in your corporate hard drives can be spread to the world, given a reasonably determined hacker.

And, from a different angle, maybe we would be better served if email were treated in general as ephemeral, impermanent, and likely to be shredded 15 days after being sent. And not just because of the possibility of a hacker attack, but for other reasons.

There is no doubt a benefit of having critical information — operational data, financial records, customer data, etc. — maintained somewhere, but few would suggest that email is the appropriate place for that. No, in general we use systems of record for those purposes.

Email falls into a different category — systems of communication — which we use to coordinate our activities and ask questions. While some of that give-and-take might represent knowledge that should be retained, the overwhelming majority is contextual and likely to be of little value in the future, aside from the possibility of facepalm horrors when our indiscretions are exposed.

My bet is that people would treat email quite differently if everyone operated under the premise that email would self-destruct after 15 days.

First of all, we’d pull information that was important out of email and place it in some more permanent system of record.

Second, if we sent an email and got no response in a week or so, we’d know it had been shredded, and take action accordingly: we’d either resend, or give up, depending.

Third, we’d think of email as more like text messages — fire and forget — and less like contractual obligations.

Of course, systems of record aren’t safe from hackers, either, so changing the way we think of email won’t decrease the threat of a hacker stealing vital information and posting it online, using it for personal advantage, or exploiting it to damage a company. However, shredding email will shrink the window of vulnerability, and also shift the way we think about communications. And maybe protect us from ourselves, and definitely for Hollywood execs.