Meeting compliance needs

The IT department often gets very little guidance from 'the business' with respect to managing email from a 'compliance' perspective. Some legal teams even advise emails are deleted as a matter of policy. Here's just 3 reasons why any organisation should take email records management seriously:

FACT: Every country in the world has corporate legislation that specifies the length of time for which business records (such as financial and HR records) must be retained. Most of this legislation pre-dates the Internet and email, and doesn’t differentiate between paper-based communications and records, and electronic ones.

FACT: Boards of directors are expected to identify critical business risks and ensure that adequate and appropriate steps have been taken to minimise them. This should include measures to protect the staff from harassment in the workplace (including via email), or protect corporate interests by being able to investigate suspected misconduct involving email. Perpetrators of email misuse do not folder offending emails, so finding vital evidence could be difficult. Plus it's almost certain that a claimant will have copies of the offending emails, putting your organisation at a disadvantage in the event of a legal case.

FACT: A key piece of legislation affecting both private and public sector entities in the UK is the Data Protection Act (DPA). DPA obligations includes the secure retention of personal data for an appropriate length of time, combined with the disclosure of information to members of the public (or employees) following a formal subject access request (SAR). The organisation receiving the SAR legally has to give up all data requested, within 40 days. Failure to comply breaks the law, seriously affecting the organisations ability to defend its self against any legal actions. Just imagine the time and costs involved in trying to find relevant emails between different parties from backups or personal archive files.