To see whether something is amiss statistically, we'd have to also check whether data of no consequence goes missing at the same frequency.
If organizations are really bad at storing data, but it only gets tested with important queries, incompetence is going to look a lot like malice (I make no case for which this particular incident is).
Of course, I've painted somewhat of a false dichotomy. If you are required by policy to retain email, doing so is unlikely to give you any benefit and may well cause severe political problems.
The most logical thing to do is severely understaff and underbudget the sysadmins responsible. Then, when the backups are needed, there's a significant chance they'll be nowhere to be found, and you've saved money in the process too.
That would be malicious incompetence, so to speak.
I'm a fan of Gray's Law: "Sufficiently advanced stupidity is indistinguishable from malice"
That is to say, if you "fuck up" bad enough, why should society give a shit that you did not have malicious intent? Much like drunk driving, I think that this is a fine case for strict liability.
What is the good you hope to accomplish by this? The reason we have the idea of intent encoded in the law is not because intentional acts are more harmful, but because inflicting severe penalties on people for things they can't even have known they were doing wrong or didn't mean to do is both contrary to the idea of justice and ineffective as a deterrent. The idea of throwing out the principle of mens rea just because the results of something were bad is both anti-utilitarian and contrary to the idea of justice. (Especially since the bar for "bad enough" is apparently low enough to include "not fastidiously keeping manually generated email archives". Jaywalkers beware!)
You may as well just say "Always attribute everything to malice whenever possible." Hanlon's razor is only necessary when both stupidity and malice are plausible explanations, so your "exception" applies 100% of the time. By this philosophy, we must always attribute deeds to malice whether or not they can be adequately explained by stupidity, because even when mere stupidity is sufficient, we must still read in malice.
This discussion hearkens back to the current investigation into John Swallow, the former Attorney General of Utah who resigned less than a year into his term and is currently the subject of multiple investigations.
If organizations are really bad at storing data, but it only gets tested with important queries, incompetence is going to look a lot like malice (I make no case for which this particular incident is).
Of course, I've painted somewhat of a false dichotomy. If you are required by policy to retain email, doing so is unlikely to give you any benefit and may well cause severe political problems.
The most logical thing to do is severely understaff and underbudget the sysadmins responsible. Then, when the backups are needed, there's a significant chance they'll be nowhere to be found, and you've saved money in the process too.
That would be malicious incompetence, so to speak.