For many organizations, email messaging serves as the primary means of communication and dissemination of corporate records, both internally and externally. With ever-expanding volumes of email content coupled with the clear and present danger of electronic mail abuse, the challenges that corporate and IT executives face with their current email messaging infrastructures are daunting. Although email governance now has raised visibility in all competitive corporations, the focus is often myopic and fails to properly set forth authoritative archiving rules for corporate records. While corporate diligence on improper email etiquette is high (via quarantines and restricted content lists), the risks of weak email retention policies may not be properly addressed or understood. Well-founded email archiving and retention policies will lend more credibility and robustness to numerous corporate governance and compliance initiatives. In addition to the most visible regulatory mandates such as Sarbanes-Oxley and HIPAA, recent state-level legislation may require the retention of email for prescribed periods of time, serving up a host of new compliance challenges, with laws differing by state and industry. Because of the complicated regulatory climate, there is a high level of variance inherent in email governance best practices from company to company.

All IT managers would very much like to reduce the resources used to archive and retrieve corporate email; however, until knowledge workers are able to better prioritize and classify their emails by various predefined dimensions (such as user, topic, size, number and types of attachments, etc.), such resource reduction will be nearly impossible. Exacerbating common classification problems, many departmental email servers are configured to forever keep copies of all mail that proceeds through the system, creating storage and versioning problems, as emails may begin to reside in different native formats over time. A common counter-reaction to email overload is placing a dedicated delete policy on employee inboxes, thus relying on the user to properly back up and archive their emails and attached records on a "safe and secure" networked storage area. However, this "managed folders approach" can put too much responsibility in the hands of the individual email user (who is already overloaded with email content) and allows for mission-critical and sensitive emails (and their attachments) to get deleted and lost before they can be archived. Other problems may arise when electronic mail users choose to use their email account as a virtual file server, never properly storing mail-attached documents in a safe place because they think they can always access them from their account on a mail server. Retention concerns become more complicated when employees or consultants use personal computers or mobile devices that cannot be easily monitored and controlled by IT administrators. As enterprise messaging expands to include things such as instant messaging and other forms of mobile communication and collaboration, retention policies start to quickly break down. It is very difficult to know what is leaving organizational boundaries (possibly valuable intellectual property) by electronic messaging means, let alone save it in accordance with an archiving schedule.

Often the need for expertise in retention and electronic discovery does not arise until an unexpected audit or legal action occurs and it becomes apparent that the infrastructure does not provide easy and targeted retrieval of the documents that are sought. Emergency requests driven by a firm's legal department will invariably cause a good deal of scrambling by both IT and compliance managers in order to discover or reconstruct information that has often been buried within backup tapes, or worse yet, destroyed. Make no mistake about it, assisting counsel with litigation discovery and developing models that detail the period of exposure (i.e., turnaround time and operational costs) for satisfying these discovery requests is something IT managers are asked to do more and more frequently.

The best technology solutions will automatically categorize and lucidly organize email in physical/logical folders or classes of compartments, taking advantage of recent advancements in data and network virtualization where possible. Technological side benefits of such a solution will allow companies to shrink the size of their email archives and eliminate redundancies in message content; storage management costs will also be summarily reduced. At the solution's core will be a distributed Web-based application that will allow for intuitive keyword searching, quick discovery and indexed retrieval to solve the most vexing of compliance and regulatory inquiries and dynamic audit events.

Like all governance efforts, IT and the business must work in tandem to identify responsibilities as they pertain to content vulnerabilities. Just as executive management and legal personnel need IT's help in realistically understanding retention technology capabilities, IT will require clear guidance on what system controls to implement per corporate document retention policy. Companies must have the collective will to discuss and prioritize email governance issues and be proactive in addressing retention policies before a legal action or unauthorized dissemination of classified information puts the enterprise at a competitive disadvantage. Most importantly, employees company-wide must be familiar and comfortable with general email and document retention policies if such directives are to achieve uniform success across the enterprise. 

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access