The cost of killing e-mail

Failure to retain valuable electronic information such as e-mail could result in court proceedings or heavy fines, warn industry experts.

Addressing an e-mail management seminar at Microsoft`s Bryanston offices yesterday, the experts focused on issues such as e-mail retention, legal obligations in the e-mail environment, as well as e-mail challenges and solutions.

Buys Inc attorney, Helaine Leggat, said there are three major reasons a company should retain e-mails: legal compliance, case use for evidence and operational requirements.

However, Leggat added that there is no specific law in SA that compels companies to retain e-mails for a certain period of time.

"There are 23 different laws that require the retaining of certain records for certain time periods.

"If a business deletes e-mails early, the business may not have evidence should it later face legal proceedings," said Leggat.

She said a 2004 survey showed that 20% of US businesses had to discover e-mail messages in disciplinary hearings or litigation, and that in March 2005 global financial firm, JP Morgan, was fined $2.1 million for failing to retain an e-mail message that was required for an investigation.

Leggat said an e-mail deleted by a sender or recipient or destroyed by a virus could create problems for a business, and that many e-mail archiving solutions do not satisfy the requirements of the new Electronic Communications and Transactions Act.

She said failure to retain all e-mail messages for at least three years could mean evidence needed in a disciplinary hearing or court proceedings is lost, and this could result in a company facing a fine of up to R10 million.

"If a business cannot retrieve a defamatory e-mail that was sent from company A to company B by an employee, then no evidence can be used to dismiss an employee who misused or abused e-mail."

Shaan Watkins, CIO of Sage Financial Services, said one of the many challenges in retaining e-mail is that a lot of people do not even understand what e-mail archiving entails.

He said challenges include issues around compliance and retention, lack of knowledge of the law, lack of visibility and importance, as well as out of date policies and policies that are not maintained.

"If you do not define and stick to the policies and procedures, this could later cause problems for an organisation facing court hearings or litigation."

Alex Perkiss, message solutions specialist for EMC UK, said managers could be held liable for deleted e-mails that could later be requested as evidence in a court of law.

Asked about private versus corporate e-mail retention periods, Perkiss said the safest route is to archive all e-mails - both internal and external - for up to five years.

Perkiss said policies and procedures should address the use and abuse of e-mail, business record retention, access and retrieval, as well as storage.

"To avoid risks in an organisation, managers need to have policies and procedures that not only educate employees about e-mail risks, but also make sure all employees know the consequences e-mails can have for an organisation."

Companies should make employees aware of the dangers a single e-mail can pose and it is advisable to constantly re-enforce the message, said Perkiss.