• United States

Challenges abound archiving company e-mail

Nov 03, 20036 mins
Enterprise ApplicationsMessaging Apps

The art of compliance.

Pressured by fines and threats of imprisonment for noncompliance with federal and state regulations, IT executives slowly are deploying systems that archive their e-mail and instant-messaging communications.

The incentive to comply is high:

• Last year, five Wall Street brokerages agreed to pay $8.25 million in fines for discarding e-mail related to customer transactions.

• In July, a court found that UBS Warburg was responsible for paying as much as $300,000 to restore e-mails required for a gender discrimination case.

• A 2003 study by the ePolicy Institute, American Management Association and Clearswift of 1,100 U.S. companies showed that 14% of respondents had been ordered by a court or regulatory body to produce employee e-mail.

• Specific language in the Sarbanes-Oxley Act of 2002 says “whoever knowingly alters, destroys, mutilates, conceals, covers up, falsifies or makes a false entry in any record, document . . . with intent to impede . . . shall be fined under this title, imprisoned not more than 20 years, or both.”

While the compulsion for companies to archive e-mails is overwhelming, the Radicati Group found that only 37% of organizations have an e-mail archiving policy.

“Sixty percent of the critical information a typical user needs to do his job on a daily basis is somehow stored in the messaging system,” says Michael Osterman, president of Osterman Research. The ePolicy Institute study estimates that the average employee spends 25% of the workday on e-mail.

For example, experts say a number of steps need to be followed in setting up an e-mail archiving system.

Every company should form a committee to look at its e-mail system and determine an e-mail retention policy.

“You need to understand the user base, the architecture and make a decision from there,” says Priscilla Emery, president of e-Nterprise Advisors in Altamonte Springs, Fla. “No. 1, you need to have your e-mail administrators involved because they are the ones who are going to have to live with the system. It also helps to have your records manager, legal counsel and compliance involved, especially if you are dealing with legal [or regulatory] issues.”

Linda Glover, records management coordinator for Caterpillar Financial Services in Nashville says her company is using the Six Sigma methodology to iron out the company’s e-mail strategy. Six Sigma uses data and statistical analysis to measure and improve a company’s operational performance by identifying and eliminating defects in business processes.

“The team consists of me, the records management coordinator, an e-mail IT person and a communications person,” Glover says. “We have flow-charted the process and are now looking at [a step in Six Sigma’s plan called] ‘voice of the customer’ – we are interviewing and using a survey about how many e-mails they get each day, how many e-mails they get with attachments or Web addresses, and what their problems are.”

A variety of regulations are causing organizations to look at e-mail archiving. Among the regulations that affect public companies are Sarbanes-Oxley, the Heath Information Portability and Accountability Act of 1996 (HIPAA) and the Uniform Electronic Transactions Act, which says e-mail can be used to form contracts. In addition, the threat of a lawsuit for offensive comments or behavior or for corporate wrongdoing is a concern.

“We first went to IT to ask for a [$500,000] e-mail archiving system, but they wanted to do a cost-benefit analysis,” says Greg Long, an electronics records analyst for UnumProvident in Chattanooga, Tenn. “Then we went to legal, which asked us how much putting in KVS’ Enterprise Vault was going to cost. Legal said if we were to go to trial on any cases we would blow through a million in two weeks, so let’s just buy KVS and install it now.”

Meanwhile, deciding which e-mail needs to be archived is no easy task. It involves assessing the different business units in the company and deciding not only which departments’ but also which employees’ e-mails need to be retained. Although some companies fearing litigation elect to archive all e-mails, Osterman says most companies fall into three categories of archiving.

“They delete everything on a regular basis and eliminate incriminating evidence that might arise during a legal action; they keep everything long-term, including all the nonessential information; or, they keep only the most important type of information,” Osterman says.

Long’s company has a different plan.

“We divide our company up into certain areas and say everyone that is an officer or higher, we’re going to keep their e-mail for two years,” Long says. “Everyone in a couple of areas like finance, we are going to keep their e-mail one year. And then everyone else, we’ll keep for six months.”

Regulations often make the retention decision easy for some companies. For instance, the Securities and Exchange Commission requires brokerage firms to keep all electronic communications relating to the business of the firm for three years.

“The Toxic Substances Control Act requires that, for example, if an employee sends you an e-mail about disposing of a chemical, that e-mail has to be kept for 30 years,” Osterman says.

Lawrence Buckler, global head of internal technology for Celerent Consulting in Richmond, England, archives e-mail for one of the most compelling reasons.

“We decided to archive our e-mail primarily to increase productivity,” Buckler says. “We had saved 60% to 70% on outsourcing our e-mail communications [to FivePoints], and we found over time that users were filling up their quotas and deleting important e-mails. They were losing productivity searching through [personal archives].” FivePoints provides e-mail compliance software for SEC-regulated businesses.

Even when customers decide what to save, other issues can arise. For example, setting size quotas on user mailboxes often causes unintended problems. When Microsoft Outlook users bump up against a size quota IT has set, they have a tendency to delete messages willy-nilly or save messages to personal folders, Osterman says.

“It’s always at 4 o’clock on Friday afternoon that people bump up against that quota and start to throw away important information from the message store,” he says. “Eighty-two percent of e-mail users use personal archives.”

If users are going to use personal archive files, make sure they are part of the information archived or risk losing critical information, experts say.

“Only 61% of those directories are backed up anywhere. That means that a large amount of the information simply disappears from the view of the centralized IT staff,” Osterman says.