Is it a mistake to keep every email forever just to be safe, or does keeping everything actually create legal risk?
Keeping every email forever feels safe, but it usually trades a small, manageable risk for a larger, less predictable one. “Save everything just in case” is not a retention strategy. It is the absence of one, and it can create legal, financial, and privacy exposure of its own.
Why “Keep Everything” Backfires
Email is a record of your organization’s decisions, mistakes, and informal conversations. The longer you keep it, the larger the pool of material that can be discovered, requested, or breached.
- Litigation and e-discovery. In a lawsuit or investigation, you may have to search, review, and produce relevant email regardless of age. A bigger archive means higher review costs and more chances for an old, out-of-context message to be misread.
- Public records and FOIA-type requests. Government and many regulated entities must locate responsive records on demand. Endless email makes searches slower and disclosure harder to scope.
- Privacy and security. Old email holds personal and sensitive data. Data you no longer need is data that can still be stolen, exposed, or misused in a breach.
When Keeping Email Is Required
Of course, you cannot simply delete at will. You must keep email that:
- meets a legal, regulatory, tax, or contractual retention requirement;
- documents an official transaction, decision, or obligation; or
- is subject to a legal hold for actual or anticipated litigation.
Deleting records that fall into these categories, especially after a hold, is what creates real legal danger.
The Better Approach: Defensible Disposition
The goal is not “keep everything” or “delete everything.” It is keeping the right records for the right period, then disposing of the rest consistently.
- Classify email by its content and value, not by the fact that it is email.
- Apply a written retention schedule so most messages have a defined end date.
- Suspend disposition immediately and completely when a legal hold applies.
- Document that disposition follows policy and routine, not convenience, so deletion is defensible.
Done this way, routine disposal is lawful and expected. The risk lies in having no schedule at all, because then every deletion looks arbitrary and every retained message becomes potential evidence.
For related guidance, see the email and messaging topic hub.
Sources & further reading
Authoritative government and non-profit references.
- FOIA frequently asked questions — FOIA.gov / U.S. DOJ
- The Sedona Conference publications — The Sedona Conference
How to cite this page
APA
RM University Editorial. (2026). Is it a mistake to keep every email forever just to be safe, or does keeping everything actually create legal risk?. Records Management University. https://www.recordsmgmt.org/questions/is-keeping-every-email-forever-to-be-safe-a-mistake/
MLA
RM University Editorial. "Is it a mistake to keep every email forever just to be safe, or does keeping everything actually create legal risk?." Records Management University, 16 June 2026, www.recordsmgmt.org/questions/is-keeping-every-email-forever-to-be-safe-a-mistake/.
Related questions
- Are emails between teachers and parents considered education records under FERPA?
- Are emails in my Sent folder and Inbox both records, or just one copy?
- Are emails on my personal phone discoverable in a lawsuit?
- Are ephemeral or disappearing messages legal to use for work, or do they violate recordkeeping rules?
- Are text messages and chat business records?