I have a good friend – let’s call her Sarah for the purposes of protecting the innocent – who's a self-confessed, compulsive hoarder. She lives her life ‘just in case’ and, as a result, is completely incapable of throwing anything away...just in case she needs it at a later date.
Shop receipts are almost a comfort blanket for Sarah; she has hundreds of receipts stuffed away at home, and yet the irony is, if ever she does need to return something, she can’t because she can never find the receipt she’s looking for. Why? Because she’s completely disorganised and has no logical filing system for all the receipts she hoards.
I was reminded of Sarah and her receipts when I read the results of our recent research into organisations’ email policies and archiving practices. The survey, of 500 IT Managers globally, found that just 23 per cent of businesses retain archived email for three years or more, with one in four admitting that they do not have a clear policy on retaining email at all.
In short, organisations know that they *should* be keeping emails, but are unsure on *which* emails to keep, and for how long. And regulation around requirements is confusing.
With the issue of email retention now high up on the IT Director’s agenda – largely due to recent high profile cases in the media - the knee jerk reaction seems to be to just ‘keep everything’ for ‘as long as possible.’ Just in case.
But it’s nearly impossible to deploy an effective and compliant records retention strategy through the email inbox. As we all know, email is ubiquitous and the sheer volume makes it difficult to manage.
But equally, NOT managing it is just not an option.
It’s all about risk assessment or, to use layman’s terms, prevention not cure. Organisations from all sectors need to ensure they have a systematic email archive storage system that would enable them to assess their legal position immediately *before* it gets to litigation, if required.
Ideally, the implementation of this system would be automated and include an archiving and retrieval engine that enables the business to locate messages in a timely and cost-effective manner. By having a policy and implementing it effectively, organisations can theoretically reduce email eDiscovery costs, improve regulatory compliance, improve access to information, reduce the risk of litigation and improve IT performance without increasing costs.
Simply bolting on reams of complex, usually costly, IT systems which lull you into a false sense of security that you could retrieve legally binding evidence in a court of law typically just over complicates matters and only results in a huge administrative headache. Again, it’s about finding the information that will enable you to assess your risk before it gets to the point of litigation.
I mention an automated system because, typically, any solution which requires human intervention will be completely unhelpful. Where it can be shown that the archiving policy of an organisation is consistently applied because the system operates in accordance with policy rules, rather than human compliance, the weight of the evidence can be even greater. Failure to have the best possible archiving system and procedures could mean the difference between winning and losing an important case. Given the expense of fighting court actions, this is something where organisations should look to manage away the risk.
Finally, I’d stress that any solution which doesn’t involve capturing email at the gateway isn’t legally credible.
To go back to my friend Sarah, if she were to begin filing her receipts now, but decided to cut off all the dates and times printed on them to save space, the receipt would no longer be valid at the store in which she was trying to return the item. And so it is with email. If it's not captured at the gateway, you won’t have the crucial evidence pertaining to dates of transmission or receipt.
In short, evidence obtained from an insecure and unreliable system that is not governed by clearly documented and enforced rules will be open to dispute and questioning by the opponent. Where an organisation can show, by production of supporting evidence, that the system in which the email evidence was held is secure and that the policy in relation to archiving is consistently applied, that organisation has the best chance of its evidence being believed.
For my friend Sarah, I fear it’s too late to change the habit of a lifetime but for any organisations out there who need some help with their email archive storage, we’d love to talk to you!