Articles
Regulation matters
Look after your e-mails - or someone else will
`E-mail has become a vital tool for business communication. Malcolm Smith tells us how it’s also attracting increasing attention from the regulators…
That’s right. Bank of America were fined $10m for not keeping adequate archives of their e-mails.
At that price, keeping every e-mail would seem the best option. Not so: a global software company found that e-mails they inadvertently retained were used against them in court.
This confusion is driving many to ignore the problem. However, new laws will soon mean that the “ignore” approach will become illegal. Sarbanes Oxley and the upcoming EU regulations (often referred to as Euro-SOX) define mandatory rules for e-mail including minimum retention periods of 2 years or more.
So what to do about it
At first it looks easy: just allows users to work out which e-mails they should keep, make sure backups are done on time, and rotate a few into long term storage.
Unfortunately, this doesn’t satisfy the regulators. You must archive the right e-mails for the right length of time. Backing up isn’t enough; nor is keeping print-outs.
The technology vendors are of course happy with this regulation. A bonanza in storage sales may be looming.
You can of course take a pragmatic view and let the business risk drive your approach. If so, you should focus on three things:
- Keep things in proportion. The risks of your e-mail becoming a problem will reflect the risks you currently run in your business.
- Review policies, practices, processes and supporting technologies to identify the key gaps. Focus on satisfying key regulatory demands (e.g. Sarbanes Oxley) first.
- You’ll need a system that will support both archiving and search of e-mails.
Help is at hand!
Chaucer Consulting has a good understanding of the legislative and regulatory framework impacting e-mail retention.
