Email: Compliance and Information Management

By | August 21, 2006

Email is fundamental to internal and external communication for many organisations, with 87% of UK businesses highly dependent on electronic information. The nature and sheer volume of information that is shared and stored on email today makes email management critical to IT and corporate governance.

To address the risk posed by email dependence, IT managers and board directors should view their email management responsibilities under three headings: Operational Issues; Regulatory Requirements; Litigation Risk

The key questions any organisation must ask (especially in the light of the current political email drama) are: once archived, what do you do with the information you have captured, and how can you prepare an organisation for disclosure requests?

Operational Issues

The persistent growth in email volume, and the decentralisation of business communication and record keeping, poses a great operational challenge.

Communication today is rarely filtered through a secretarial process where all correspondence would be reviewed, approved and stored appropriately. Instead, emails are often written and despatched without revision or formal review but, no matter how brief, each one is a corporate record and should be treated as such.

This means that all emails need to be archived securely, posing an electronic storage challenge that many organisations try to address by imposing mailbox sizes on users. Giving users the responsibility to delete or archive their own emails in this way carries two key dangers: Citical data may be deleted, or archived insecurely, when a user nears his limit, Important emails may not be received if a users’ mailbox is already full.

Regulatory Requirements

These risks not only pose operational disadvantages, but also constitute a severe weakness from a regulatory viewpoint.

Regulatory requirements in respect of email and information management are complex and fast changing. But while methods of compliance remain uncertain, penalties for failure are crystal clear – making email management vital.

Every country in the world has legislation that governs organisations’ retention, retrieval and disposal of information. Much of this pre-dates the Internet but requires that organisations retain all of their records for a specified period of time, which by default includes email. Many laws, for example the European Data Protection Directive, also require organisations to delete data when it is no longer needed for the specific purpose it was collected.

Leave a Reply