Get Expert Advice on Tackling Email Risk Management and Delivering Business-Driven Email Retention Policies
Novell Cool Solutions: Feature
By Messaging Architects
Digg This -
Posted: 19 Sep 2006
Messaging Architects Presents: Email Risk Management and Business Driven Email Retention Policies - Part II
As messaging and collaboration systems become more complex and regulatory requirements grow in scope, there is frustration over the lack of clear guidance around the topic of Risk Management for Enterprise Email. To respond to this pressing need, Messaging Architects is offering a series of articles to crucial issues of email risk management and policy-based email retention. We hope to provide guidance in your goal towards legal and regulatory compliance and corporate IT governance. To review the first part, Email Record Retention 101, click here.
Best Practices for Email Record Retention
When properly retained, electronic mail records are an asset to an enterprise. Organized, searchable email records can diminish exposure to liability and help a modern enterprise respond effectively to audit, litigation, regulatory, and internal control demands.
High-profile cases teach that misplaced, poorly organized or inaccessible email records are a liability to an enterprise under investigation. The need for good records is greater for relatively recent email. As records grow older (5 years and more), their value and importance generally diminishes.
Electronic mail records have legal value that applies beyond just litigation. Those records are the memory of an enterprise. Legitimate access to them may be the prerogative of any number of authorities, including regulatory agencies.
In the age of Sarbanes-Oxley, legal authorities have little tolerance for excuses when companies are asked to produce email records. Other purposes for maintaining complete, searchable, easily accessible electronic mail records include disaster recovery and responses to freedom of information act requests.
To keep absolutely every email forever is not sensible. Certain classes of email, such as executive email, are considerably more important for retention than others. How long should email be kept? There is no perfect answer but two guideposts to consider are the seven-year approach and the technological obsolescence approach.
Both approaches suggest a bias toward keeping records longer and toward giving the enterprise a good margin for error. A written policy that documents email retention/destruction decisions is recommended. Remember that myriad federal, state and local regulations set specific time periods for the keeping of records. These obligations are more common for companies in highly-regulated industries, such as Finance and Healthcare.
With the rise of email as the enterprise?s primary source of records, corporate lawyers have a much greater responsibility to understand what is happening in IT and to give guidance in a manner that makes sense to the technically-oriented people in IT. If Legal and IT aren?t speaking a common language, records needed in cases of litigation can be lost or misplaced, which will put the company in a position of risk and compromise its reputation.
Need More Information?
For in-depth knowledge on the legal aspects on Electronic Mail Records Management and illustrations with some high-profile legal cases, consult the 4-part video series produced by Messaging Architects Media and narrated by leading technology expert Ben Wright. To order the Email Compliance Video Series:
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com