Creating an email records management system from scratch is not an easy proposition. However, the complexity is magnified when you are faced with the amended Federal Rules of Civil Procedure (FRCP), industry and state-specific regulations, and also the increasing volumes of data arriving every day.No heavy user of email can possibly keep up with the management of their mailbox and folders, not without wasting valuable working hours at least. It is doubtful that even a medium user can maintain their load. The volumes are too great, and the need to retain certain email is high.In the last couple of years, we have seen a rise in the interest of email retention management, often call email records management. In the past, records management was usually applied to documents created within an organization and stored on paper or electronically. The volume of electronic records was relatively low in most companies.The risks associated with email are high and have lead to well-documented landmark court cases, rulings and fines. This has caused many companies to rethink their strategies and policies related to email. IT executives realize they must take control of the data, and they cannot rely on users to manage it themselves. Implementing a self-management system is not practical for two reasons:
- The volume of email to many users is simply overwhelming; and
- Written procedures on what to keep, what to file and how long to keep it are open to interpretation at best, and at worst slowly forgotten and then disregarded entirely.
To address this, IT projects may target the implementation records management systems to incorporate email records. Are emails records or just data? They certainly don’t look like Word or Excel documents, yet a single line email commenting about a work colleague may be a potential time bomb and could cost the organization tens of thousands of dollars in investigation, settlement or both - not to mention a damaged corporate reputation.In putting together such an IT project, the support of executive management is vital to its success, and it is especially advantageous to have the CIO and your company’s legal counsel’s office onboard. This way, the CIO can prepare to work with the IT department to facilitate the processes and implementation of the new system while the legal department develops and evaluates the information retention policies – preventing lengthy delays later in the project. Equally important is creating a project team with members from all the key departments and stakeholders. Ideally, this team will be comprised of a core technical group supported by in-house IT teams, the project managers and an outside systems integrator responsible for installing and configuring the software solution. The project steering committee should include representatives from IT, legal and human resources departments as well as the operational business units. The first step is to understand the variety of documents that can exist across all applicable departments and to review and validate any existing records retention policies. This phase of the project includes defining the records classification parameters based on input from, and customized for, each department involved. The classification and metadata search parameters are then built into the policy manager component of the solution, which enables the team to create content-specific search and retention criteria to meet the particular needs of each department. A number of objectives could be the target of the project, including some or all of the following:
- Capacity management: to reduce the storage demands of the email system on IT resources, including servers and disk storage.
- Compliance management: the requirements for compliance to a variety of laws in regulated industries. These laws may require emails to/from certain people, executives or departments to be copied and stored for safe keeping for specific periods of time. Compliance is about meeting regulations, such as Sarbanes-Oxley, HIPAA and Securities Exchange Commission requirements, acts which dictate what must be kept and for how long.
- Legal discovery: the need to search for data on demand and to retain it for inspection. In short, if it exists, you must produce it when required. If required, this data may need to be marked in some form or other and retained in a tamper-proof environment until cleared to be expired and deleted. Legal Discovery covers the amended FRCP, Freedom of Information Act and similar laws. (The FRCP rules require that companies involved in U.S. civil litigation must meet within 30 days of the filing of the lawsuit and agree on how to handle electronic data, including emails, and decide which records are to be shared, as well as on a definition for accessible data.)
- Retention management: the ability to define when email can or must be permanently deleted from the system. Most importantly, this has to be agreed with the legal counsel.
Your records management system should have the ability to interrogate the contents of the live email stores, search amongst deleted items, support delegated supervisor searches and help to meet the latest e-disclosure legislation and associated legislative rules. Once proven that certain data exists, you are almost certainly required to retain it until the case is closed.But beware of vendors who argue that to control email records one needs to archive them and index them. Writing into an archive adds a level of complexity to the problem and may well cause your legal counsel more headaches when investigating an action or defending a suit.According to the Enterprise Strategy Group, even though much corporate email is mission-critical, an excessive amount of IT resources can be wasted on uncritical data. The group’s research indicates that organizations will archive an estimated 30,000 petabytes of email over the next five years, mandating the need to automate some of the processes before and after retention policies are set. Some good terms cover this, such as integrated content archiving and information retention management. It is not essential to archive everything in order to make a decision on whether to keep it. A solid understanding of record retention is probably the key foundation to any project. Being able to dispose of data as early as possible will reduce demands on storage. IT administrators also know that archiving is just one of a number of chores in effective data management. Make sure your solution allows you to do more than just archive email because you need a systematic and efficient approach to managing email in this context, resulting in far more effective use of IT resources. IT administrators require full control and unbounded flexibility over not just archived email but live email and discovered PST files. This can be likened to cleaning out your closets or your garage before you pack up and move to a new house. It saves time, effort and space to edit and purge first. Unnecessary data can be removed instead of placing it into the archives. This saves valuable time, conserves storage space, and may reduce corporate liability while ensuring that email data is managed in a consistent and cost-effective manner. A good solution will provide a rule set for management of email records. It might be just age or size that gives you a decision criteria on which to archive, but to/from, subject, attachment type and specific word content may lead you to delete the record prearchive. Automation, in this case, should stand for the ability to create a process for analyzing email by your criteria, and, upon obtaining a match, to take the action you require. That action might be delete, copy, archive or even pass to another application for further analysis. Once you have proven your automated test meets all your criteria, it can be set to run hourly, daily, weekly or at whatever time suits you to administer the process required by your organization. This automation can apply to all or selected users to meet your management requirements. Providing IT administrators with the ability to flag all MP3 files in messages and moving them out of the system automatically or notifying individual users with items suspected of falling outside of HR guidelines will help run your email system more smoothly.So long as you conform to your legal counsel's interpretation of FRCP regulations, then you can opt to remove this email and ensure that no trace of them exists, including references to them in an index, offering another reduction in storage demand.Test the implementation of the records management system, and once proven, your company should have a successful proof of concept that decreases operating costs by reducing the time and resources needed to manage and retrieve information. You should also be able to measure success by setting (and achieving) its ROI objectives and proving the business case for the records management implementation.
Register or login for access to this item and much more
All Information Management content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access