Features - Enterprise Data Insights:
E-MAIL AND REGULATORY COMPLIANCE
By Debbie Moffat
The Information Age has prompted significant changes in the way companies do
business. Most business transactions have evolved from paper-based processes
and are now being performed electronically -- most notably, via e-mail.
Clearly, the "paperless office" is far from reality, but e-mail has quickly
conquered the previously paper-centric world of business to replace memos,
letters, faxes, and even the telephone as the predominate mode of corporate
communication. Industry analysts believe that at least 80% of all corporate
information is contained within e-mail.
As a result of the explosive growth of information in society today, a variety
of new regulatory and legislative acts have been implemented to protect the
privacy of customers, individuals and citizens. Laws relating to data
retention vary depending on your industry and your location. Some legal
retention periods stretch from seven to 15, and even up to 26 years. For
example, in Europe many manufacturing organizations need to archive their
e-mail due to an Office of Fair Trading ruling (Lloyds of London recently
issued a directive for their members to retain e-mail for seven years). In the
United States, organizations are scrambling to comply with a variety of new
legislation (the Gramm-Leach-Bliley Act and the Health Insurance Portability
and Privacy Act are two good examples).
Consequently, effective management of e-mail archives is essential in order to
comply with statutory regulations and other compulsory policies.
Non-compliance of these retention requirements exposes your organization to
the risk of fines and penalties, shareholder mistrust and diminished customer
confidence.
E-mail Retention Policies found Lacking
While most companies have clear procedures for data retention on large
corporate mainframe computers and well-established policies regarding the
retention of paper documents, fewer have working e-mail message retention
strategies. Recently, EDUCOM Ts Inc surveyed 926 [companies] concerning their
retention policies and found that while 79 percent of the organizations
interviewed were aware of legislative requirements to retain business
documents, only 57 percent had a formal policy regarding e-mail retention.
Most surprising, however, was the discovery that 100 percent of the companies
left it up to their end users to determine which messages are archived and
which are deleted.
As a result, existing e-mail archive strategies often prove inadequate to
comply with statutory and regulatory requirements. For many organizations
e-mail represents a significant liability rather than a valued corporate asset
because the bulk of corporate e-mail information is hidden or unavailable to
management and legal counsel. For executives, proving that proper record
retention is in place is often problematic if not impossible.
Rethinking Retention
The shift away from reliance on paper-based documents to e-mail has compelled
many organizations to rethink the way they perform record keeping functions.
Federal regulations and industry policies pertaining to security and
information management can in many ways govern e-mail retention. The inability
to comply with these legal requirements when put to the test could have
damaging consequences. Having an effective e-mail archive and retention system
helps demonstrate such compliance and reduces the likelihood of regulator
intervention and drawn out audits.
Federal regulated industries often fall within strict record retention
requirements that go beyond simple data backups. E-mail messages are subject
to the same legal requirements applied to any other document produced from
business-line systems. As a result, the consequences of potential litigation
can be clearly felt when e-mail is not incorporated into a formal records
management program. Additionally, government records are subject to their own
"National Archives Acts and Policies" which maintain the standards for
retention and disposal of e-mail. Financial firms and trading companies must
provide access to e-mail archives to be in compliance with SEC regulations. If
they do not comply, it can cost firms millions of dollars in penalties and
fines.
E-mail Archive Management
Retaining, securing and searching archived e-mail records are challenges with
far-reaching formidable consequences. Despite the expansive aspects of email
communication, electronic messaging systems do very little to help users
manage their vast and dynamic stores of corporate email. What is needed is a
strategic mindset concerning e-mail archive management along with new
technological tools to enable corporate e-mail archive strategies. EDUCOM's
Exchange Archive Solution (EAS) is one such tool that offers valuable
enhancements to standard corporate e-mail systems. EAS employs a centralized
message archive with centralized administration. This ensures that
administrators, executives, and attorneys can quickly understand where all of
their corporate e-mail is located, what it says, and how their retention
policies do -- or do not -- meet regulatory and legal requirements.
Author's Bio
Debbie Moffat is the Managing Director with EDUCOM TS Inc and a twenty-three
year IT veteran. Educom specializes in information technology, process
improvement and litigation risk and is an industry leader in the development
of software solutions focused on the mission-critical management of corporate
e-mail. EDUCOM products help clients establish e-mail retention policies,
protect corporate intellectual property, increase speed of information
retrieval, and reduce costly e-mail server overload. EDUCOM's flagship product
is Exchange Archive Solution (EAS), offering intelligent storage management
for Microsoft Exchange mail stores.
To learn more about EDUCOM TS Inc or the subject of e-mail management visit
www.educomts.com.
|
