DLP's impact on archiving

One of our clients, a leading provider of hosted messaging archiving services, raised an interesting point in the context of helping us to frame issues for an upcoming white paper we will be publishing shortly on DLP issues (Data Loss Prevention or Data Leak Protection, whichever you prefer - Compare Data Leak Protection products). The paper will focus on the impact of DLP systems' modification of e-mails and other messaging content in the context of how that content is archived.

For example, if a company has deployed a DLP system and a user sends an e-mail to someone outside of his or her company that contains sensitive content – an employee’s medical condition, a credit card number, a list of server passwords, etc. – the DLP system is supposed to intercept that content before it leaves the organization and then do something with it. These actions might include simply blocking the message, sending a warning back to the user, routing the e-mail to a supervisor or compliance officer, etc.

The question our client raised, however, is what happens to that message in the context of archiving it for potential e-discovery, regulatory compliance or knowledge management purposes? If the message is simply blocked and the DLP system does not allow it be sent, will that message ever make it into the archive? Better yet, should that message make it into the archive? 

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

One of our clients, a leading provider of hosted messaging archiving services, raised an interesting point in the context of helping us to frame issues for an upcoming white paper we will be publishing shortly on DLP issues (Data Loss Prevention or Data Leak Protection, whichever you prefer - Compare Data Leak Protection products). The paper will focus on the impact of DLP systems' modification of e-mails and other messaging content in the context of how that content is archived.

For example, if a company has deployed a DLP system and a user sends an e-mail to someone outside of his or her company that contains sensitive content – an employee’s medical condition, a credit card number, a list of server passwords, etc. – the DLP system is supposed to intercept that content before it leaves the organization and then do something with it. These actions might include simply blocking the message, sending a warning back to the user, routing the e-mail to a supervisor or compliance officer, etc.

The question our client raised, however, is what happens to that message in the context of archiving it for potential e-discovery, regulatory compliance or knowledge management purposes? If the message is simply blocked and the DLP system does not allow it be sent, will that message ever make it into the archive? Better yet, should that message make it into the archive? 

Let’s say a senior manager sends an e-mail to outside counsel that discusses the reasons for an employee’s termination – content that might be discoverable in a wrongful termination lawsuit – and the DLP system simply blocks it and does not allow it to be sent. Should that content be archived because it constitutes a business record, or should it be discarded because it never made it outside the organization? Both the terminated employee’s counsel and the company’s counsel would find this content highly valuable.

We will be exploring this issue and would like to hear from you on this topic. Please send me an e-mail with your thoughts.

Read more about software in Network World's Software section.