|
Although e-mail has helped the
business world by improving employee communication and increasing
productivity, it is also a substantial risk factor for many organizations.
The key to mitigating these risks rests with a sound e-mail policy, which
can be implemented and maintained through an effective e-mail archiving
solution.
With more than 70% of business-critical information residing in e-mail, a
piece of evidence is now more likely to be sitting in an e-mail chain
instead of a filing cabinet. The burden of e-discovery–retrieving electronic
information to meet a legal or regulatory compliance request–on IT
organizations has increased both in frequency and demand.
With a growing number of regulations involving corporate e-mail storage and
management, organizations have been forced to retain e-mail as they would
their physical corporate records, or risk facing stern penalties. An example
of an important set of regulations is the Federal Rules of Civil Procedure (FRCP).
Recent amendments made to the FRCP (effective Dec. 31) impact the process of
e-discovery and reinforce the need for an electronic archive.
Amendments to Rule 26 state that every organization should be able to
effectively search its data and assess the costs of retrieving certain
pieces of information in order to justify that a relevant piece of evidence
cannot be “reasonably” accessed. Additionally, Rule 26 requires parties to
be fully aware of the types of records they can make available in the trial
and the location of these records, so that they are thoroughly prepared for
this pre-trial discussion.
Amendments to Rule 34 state that all parties must be able to easily search
through the e-records of the party in question and produce these records in
a form that is useable by all parties. Finally, Rule 37 provides a “safe
harbor” from sanctions arising from a party’s deliberate deletion of
electronic information that is critical to the legal case in question, as
long as it was deleted “as a result of routine, good faith operation of an
electronic information system.” Thus, organizations must have adequate
policies and practices in place to prevent the destruction of potentially
relevant electronic records, and to substantiate that any deletion of
records was done in good faith.
An effective e-mail policy should clearly state the rules for the acceptable
use of e-mail. The policy should explain the use of business e-mail for
personal reasons, the forwarding of confidential corporate documents,
acceptable e-mail language and content, and required retention periods for
certain types of e-mail. The policy should be widely circulated to all
employees, because a policy that is not clearly understood or sufficiently
conspicuous can be deemed invalid in court. Finally, adopting appropriate
technologies to enforce the policy is necessary.
To implement an in-house solution, an organization should develop or
purchase the appropriate software, according to its business requirements,
and buy the required hardware. Archiving also requires a significant amount
of storage hardware, especially with the large number of e-mails that most
organizations send and receive each day.
Alternatively, organizations can opt to outsource their e-mail archive to a
specialized service provider. By archiving the organization’s data at a
third-party location, the burden on internal IT resources will be reduced
and substantial hardware, software and maintenance costs can be avoided.
Furthermore, some outsourced solutions have addressed security concerns and
can offer the same, if not greater, levels of security as in-house
solutions.
Paul Chen is the CEO of Fortiva, Norwalk, Conn.
For more information:
www.rsleads.com/612cn-253
|