An e-mail retention policy and archival solution helps protect against legal, regulatory and business risks.
Email is a great business tool because it is fast, easy and inexpensive. However, so much business communication now occurs by email that it has become a potential liability for some organizations, often leading to costly and embarrassing mistakes.
With one in 10 workers reporting in a recent survey that they have more than 10,000 mails in their inbox, managing all those digital messages has become an overwhelming task — so much so that 62 percent of reported a significant mishap as a result of sending an email to the wrong person or with improper or unauthorized content. Additionally, the survey conducted by data governance software provider Varonis found that one in 20 companies reported compliance issues as a result of a wrongly sent email.
“Every data disaster now seems to involve an email,” said David Gibson, VP of Strategy, Varonis. “It’s clear that organizations shouldn’t take it for granted that employees intuitively know how to manage their massive inboxes, nor should they underestimate the consequences of email mismanagement.”
With 78 percent of respondents receiving up to 100 emails per day and nearly a quarter receiving 100 to 500 daily emails, the sheer number of messages create mounting pressure on employees. Nearly 85 percent of those surveyed spend 30 minutes or more every workday organizing their mail.
Largely left to their own devices, workers tend to develop one of three different styles of personal email management. Thirty-four percent are “filers” who empty their inboxes on a daily basis and file messages into folders, 17 percent are hoarders who never delete but tag and keep emails in just a few folders, and 44 percent combine both practices. However, another 6 percent admit to completely giving up on maintaining control over their email, choosing to just delete everything periodically.
A comprehensive email retention policy coupled with an effective email archival solution can help relieve this pressure and reduce risk. By establishing best practices and implementing the right technology tools, organizations can ensure the successful management of email business records, reduce e-discovery costs, improve productivity and enhance security.
An effective email management strategy begins with the development of an email retention policy. The first step is to define, from a legal and regulatory perspective, what constitutes an electronic business record. This clearly written definition helps the organization distinguish messages involving business-related activities from insignificant and purely personal emails.
Once this definition is in place, the organization should make sure that every employee knows what kinds of messages must be retained, and understands his or her role in the organization’s overall email retention strategy. Because email is generated throughout the organization, email retention practices cannot focus on the IT department. All employees must take part in the archival of business-related emails and the purging of extraneous messages.
Processes, Training and Automation
Next, organizations should establish the policies and procedures necessary to ensure compliance with legal and regulatory email retention rules. The email retention policy should also address business requirements and risks, and be updated regularly as laws change and new technologies are adopted. In addition to establishing email retention processes, organizations should define electronic business record lifecycles and delete messages as they become outdated.
Employees throughout the organization should receive training on how to comply with the formal email retention policy. This training should stress that policy compliance is mandatory. Enforcement through disciplinary action and technology tools not only helps ensure effective email management but illustrates to courts and regulators that the organization is serious about its email retention obligations. Demonstrated consistency increases the odds of a favorable ruling should the organization become embroiled in an e-discovery dispute.
Email archival solutions play two key roles. First, these technology tools reduce e-discovery costs and help ensure policy compliance by automating email archival processes. Email business records are preserved in a way that enables structured searches for rapid compliance with e-discovery and regulatory requests as well as day-to-day business operations.
Second, email archival tools help ensure that email business records meet evidentiary requirements. Because email must be authentic, trustworthy and tamperproof to be considered legally valid, email archival solutions should encrypt messages and protect against the deletion or alteration of archived email.
E-discovery is touted as the primary reason for establishing an email retention policy and archival solution. Without effective email management, organizations face incredibly expensive and time-consuming e-discovery challenges as well as the potential for costly court sanctions if they fail to meet e-discovery deadlines.
Regulatory requirements also compel organizations to get a handle on email. Sarbanes-Oxley, HIPAA and the Gramm-Leach-Bliley Act all require the preservation, protection and control of business records, with the potential for huge fines and civil and criminal liability for noncompliance. Other government and industry regulations may also come into play.
However, effective email management can provide organizations with a number of other benefits. Email is not always a “smoking gun” — in fact, email often can be used to protect the organization from legal liability. The ability to produce the right email records at the right time helps win lawsuits, and may even compel an opponent to settle out of court. Email business records also help document transactions and personnel matters and aid in decision-making.
Given today’s litigious environment and increased regulatory scrutiny, organizations face significant email-related risks. Organizations of all sizes need an email retention policy and automated email archival solution to help speed the retrieval of email records related to a legal claim. Effective email management also helps ensure compliance with government and industry regulations and facilitates day-to-day business activities. Email is not a simple communication tool but rather a key component of any organization’s business records.