Email retention is one of those topics that most small firms ignore until they have a reason not to. Then it becomes urgent.

A malpractice claim surfaces. A bar complaint is filed. A former client disputes what advice was given. A partner leaves and takes matters with them. And someone asks: where are the emails from three years ago?

Here's what small law firms need to know about keeping email records — long enough, organized enough, and in a way that's actually retrievable.

Why This Is More Complicated Than It Sounds

There is no single federal rule that tells attorneys how long to keep email. The answer depends on:

• State bar rules governing file retention
• The type of matter (estate matters, for example, may have different requirements than commercial litigation)
• Statutes of limitations for malpractice claims
• Contractual retention obligations if your client's matter involved regulatory oversight
• Practical considerations around what you'd need if anything went wrong

Most small firms operate with a vague general policy — "we keep things for seven years" or "until we hear from the client" — that hasn't been examined critically. That's usually fine until it isn't.

What the Ethics Rules Say

Model Rule 1.15 requires attorneys to safeguard client property and maintain records relating to client funds. State-specific rules vary significantly in how they address file retention.

Some states have explicit retention requirements. California, for example, requires attorneys to retain certain client papers for five years. Other states provide guidance without a hard rule. Many states simply require that attorneys provide clients with their file on request, which implies some minimum retention period.

The starting point for any firm is knowing what their specific state bar requires. This is not a complicated research task — most state bars have published guidance.

The Malpractice Limitations Problem

Here's the practical issue that drives most email retention decisions: the statute of limitations for legal malpractice.

In most states, the limitations period for malpractice is two to four years from when the client knew or should have known about the harm. Some matters have discovery rules that extend this. In estate matters, claims sometimes don't surface until years after the matter concluded.

The rule of thumb that many risk management advisors suggest: retain client files, including email, for the limitations period that applies to your jurisdiction and practice area, plus a buffer. For most general practice firms, that means a minimum of five years after matter closure, and often longer for estate work, real estate transactions, and matters with ongoing consequences.

For email specifically: if it's part of the client file — advice given, decisions documented, instructions received — it should be retained on the same schedule as your file.

What Counts as a "Client File" Email

This is where small firms get tripped up. Not every email is a client file email. But some emails that don't look like client files clearly are.

These are part of the client file:

• Advice given to the client by email
• Instructions received from the client
• Communications with opposing counsel related to the matter
• Correspondence with the court
• Emails documenting key decisions or the client's informed consent
• Emails that establish what the client was told and when

These are probably not part of the client file (but think twice):

• Internal firm administrative emails
• Scheduling logistics
• Billing discussions (though billing records are separately retained)

When in doubt, retain. The cost of over-retention is a manageable storage and organization problem. The cost of under-retention when something goes wrong is a liability problem.

Practical Organization for Retrieval

Retaining email is only half the problem. The other half is being able to find the relevant emails quickly if you ever need them.

A malpractice insurer or bar investigator asking "what did you advise the client about X on Y date" is not well-served by a response of "we retained everything but we'll need some time to find it."

Some practical approaches:

Organize by matter. Email related to a matter should be organized with that matter — either in a matter management system, a folder structure, or a dedicated matter email address that captures all correspondence.

Create a chronological record. For significant matters, a chronological summary of key communications is worth maintaining. When something goes wrong years later, you want a record you can understand quickly, not thousands of raw emails to sort through.

Archive, don't just retain. Retention means the emails exist somewhere. Archive means they're organized and findable. These are different things.

Handle departing attorney situations. When attorneys leave a firm, their email related to client matters needs to transfer with the matter, not stay in a departed employee's inbox.

End-of-Matter Procedures

Building retention into your matter closing process is more reliable than trying to apply it retroactively.

At matter closure:

1. Identify what email needs to be retained as part of the client file
2. Organize and archive it in whatever system you use for closed files
3. Send the client their file copy (many bar rules require this or recommend it)
4. Note the matter close date and the applicable retention period
5. Set a calendar reminder for file destruction review, if your system doesn't automate it

This takes less time per matter than you think, and it saves an enormous amount of time if anything ever surfaces years later.

A Reasonable Default Policy

For a small general practice firm without specific regulatory obligations:

• Active matters: Retain everything
• Closed matters, client file email: Retain for seven years from matter close date (errs on the side of caution for most malpractice limitations periods)
• Estate, real estate, and ongoing advisory matters: Retain indefinitely or for ten years
• Administrative email not part of a client file: Retain for three years

This is a starting point, not a substitute for reviewing your state bar's requirements and getting risk management advice appropriate to your practice area.

The point isn't to build a perfect policy. It's to build a policy that exists, is followed, and doesn't leave you without answers if something goes wrong.