Email: Top Corporate Liability update from October 2007

More risks IT managers face when it comes to email archiving

October 4, 2007

4 Min Read
NetworkComputing logo in a gray background | NetworkComputing

This week's article on the top mistakes users make when archiving email was incomplete, according to feedback from a couple of readers with strong opinions.

One of these, Mark Diamond, president and CEO of business and technology consulting firm Contoural Inc., believes we neglected some of the most common and serious errors users make. Here, for the record, is his list:

  • Failure to perform in-house due diligence. "The single largest mistake is failure to have a policy or consensus before buying a product," Diamond says. Often, he sees IT folk purchase an email archiving product before consulting with their legal, HR, records management, or compliance departments. The result is usually a snarl at the last minute, as various in-house groups struggle to make their issues known, meantime bollixing the IT purchase.

    "You need to start engaging a committee from the beginning," Diamond maintains. The best policies for retention of email are set by IT and the legal department, jointly, in his view.

    Failure to keep it simple. Diamond thinks many organizations also make policies for email that are too long and complicated. "We see some organizations with 50- to 200-page policies," he says. "It's better to create a simpler policy that's easier to automate and execute." After all, regulators and courts are looking for evidence that a company had an automated process that was transparent and consistent. They don't expect perfection, he notes, but if you had a policy that wasn't followed because it was too intimidating or difficult to understand, that's worse than having no policy at all.Failure to establish a "litigation hold" policy. A company can create an email archiving system but fail to implement it when it's required -- that is, when the lawyers come calling. That's what happened, Diamond says, when Intel faced its suit by AMD. Though Intel had a policy for saving email, it failed to notify employees that certain messages would have to be earmarked for legal perusal. The result was that Intel spent over $3 million to go through backup tapes in order to meet court mandates for electronic evidence.

    Failure to have reasonable retention periods. Many firms, says Diamond, institute retention periods for data that are too short. "Thirty to sixty days doesn't work," he insists. When there is such a short window in which email is archived, employees may take to "underground archiving" on USB drives, laptops, Gmail, or other untrustworthy places.

Diamond also thinks we erred in suggesting that .pst files be incorporated in email archives. In his view, .pst files represent a risk for any organization because they aren't under the control of IT. It's better not to ingest them into an archive, he asserts.

Another reader, Roger Matus, CEO of InBoxer Inc., a supplier of spam filtering and email compliance products, discourages folk from archiving instant messages -- something yesterday's article suggests.

"You state that instant messages should be archived," writes Matus in an email today. "There is a strong argument that says that except for certain regulated industries, you should NEVER archive instant messages. If you look at the Federal Rules of Civil Procedure and other related rulings, the courts insist that if you have an electronic record anywhere in your organization, you must produce it. But, if you do not have a record, it does not need to be produced. Therefore, unless you are already storing IM for another reason DON’T START. What you are doing is creating new evidence [for opposing counsel to subpoena."Matus, who has a blog of his own relating to this and other topics of email legality, also disagrees with the article's assertion that so-called bacn email is a candidate for elimination from archives.

"You imply that systems should remove 'bacn.' Actually, the FRCP, state open meeting laws, the Freedom of Information Act, and others make no distinction between bacn, spam, and regular mail," Matus writes. "If it is actually delivered to the end user and it is not already deleted from the client, it must be retrieved. You could argue that bacn is never relevant to a court case. But, are you sure? Spam has been used in cases as evidence of a hostile work environment. So, vile spam needed to be produced."

So there you have it: More on the weighty issue of archiving email for compliance and legality. Do you think we missed something? Let us know. You could help to save someone's job. Hit the message board below, call us, or send us a message.

  • Advanced Micro Devices (NYSE: AMD)

  • Intel Corp.

Read more about:

2007
SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like


More Insights