Gartner last year published a set of guidelines* aimed at assisting corporates, battling under a deluge of compliance and regulatory requirements, to formulate an e-mail retention strategy.
The report says companies should keep records for three reasons:
* Records of the corporation: This small, closely defined category includes original articles of incorporation, minutes of board meetings and financial statements.
* Business continuity: Companies must retain the data that will keep the business running. That is, the data they would absolutely need to reconstitute the business after a catastrophic loss or disaster. This category includes special needs, such as e-mail, that might be relevant in an HR dispute.
* Legal and regulatory requirements: To determine which records to keep, companies need detailed and specific advice from a lawyer, which should result in a retention schedule that specifies which records are to be kept, for how long and what legislation or regulation pertains to them. These requirements will cover fewer records than you might imagine.
Retention policies
Further, the report says, a company`s legal position regarding e-mail and other electronic data depends on its document retention policy.
"If it doesn`t have such a policy, then it`s at considerable risk of judicial or regulatory sanctions, in addition to being highly inefficient. Also, failure to uniformly apply the policy puts the company at risk - it needs ironclad consistency," it says.
Gartner offers the following recommendations: * Archive everything for specific roles. For example, the US Securities and Exchange Commission`s (SEC`s) rule 17a-3 and rule 17a-4 require archiving messages from brokers or dealers. The e-mail directory typically segments users by role.
* Publish folders in the mail client that link to an archive system (which may have an archival period of approximately five years). Then educate users on what they should drag into the folder. Don`t underestimate user education. It can work, but it takes a concerted effort - with management buy-in and enforcement, continuous education and auditing.
* Evaluate tools from enterprise content management and archive vendors that scan e-mail content and take action automatically, such as finding a keyword string and routing the message in which it occurs to an archive. Companies can also train users to put relevant metadata in the e-mail`s subject line, which the document management system can then detect.
Gartner strongly advises companies not to archive all the e-mail on users` hard drives.
"Companies with 30- or 90-day retention policies often worry about all the e-mail stored on users` PCs. However, perhaps they should allow and even encourage users to store data on their hard drives. E-mail is largely a personal archive, so users should be responsible for moving it to a personal store and organising it themselves," the report notes.
Electronic discovery
Users must take responsibility for their own e-mail.
Gartner
"Other users usually won`t get much value from looking through a colleague`s e-mail for business information. Any information that`s valuable to others should be copied into a system of record and not kept on a personal e-mail server, which wasn`t designed for the function. Regardless, most interesting content is probably discoverable elsewhere, so it makes little difference whether you have it in your company," Gartner says.
"In any case, there`s little you can do about it, short of mandating that users clean up their hard drives, then conducting spot checks to ensure their compliance. People who want to save e-mail will find a way to do so. Electronic discovery for legal or regulatory purposes can target e-mail that`s stored on individuals` PCs. However, turning over a user`s machine or an image of the hard drive is usually easier and less expensive than restoring archived e-mail.
"Lawyers and regulators usually ask questions about specific individuals at specific times. Their jobs are that much easier if the individual in question actually remains in possession of the information. Still, the lawyers will probably ask for the hard drives anyway. During the initial phase of discovery, courts rarely allow lawyers to ask for e-mail or files from more than a handful of individuals. Although a proper e-mail archiving system facilitates any mass search of e-mail, this isn`t generally permitted.
"Users must take responsibility for their own e-mail. In formulating and communicating an e-mail retention strategy, companies should remind employees of the proper use of e-mail - it`s a medium of business communication and can become evidence in court.
"Casual remarks can come back to haunt employees and the company if an individual`s e-mail is read aloud in court before a judge, jury, spectators and members of the press. Companies should also remind users that their local e-mail stores can be corrupted and lost, for which there`s no backup unless users archive messages themselves."
* Source: Gartner, How to Formulate an E-Mail Retention Strategy, Debra Logan, Matthew W Cain, 15 May 2006.
* Article first published on brainstorm.itweb.co.za
Share