Email retention.

Data management and retention has never received a high profile within organisations until recently, particularly now in the UK we are beginning to look more closely at how we maintain our records and the ability to recall the information we need quickly.

Some organisations feel that the US has given us a sneak preview sneak preview
n.
A single public showing of a movie before its general release.

Noun 1. sneak preview - a preview to test audience reactions of the effects of not keeping accurate records with the highly publicised Adj. 1. publicised - made known; especially made widely known
publicized demise of Enron/Anderson. Others feel that the introduction of the freedom of Information Act is enough to warrant introducing new technology or simply gaining protection against Civil or Criminal claims disgruntled dis·grun·tle
tr.v. dis·grun·tled, dis·grun·tling, dis·grun·tles
To make discontented.

[dis- + gruntle, to grumble (from Middle English gruntelen; see employees may make.

Whatever the drivers for improving the way a company shares and retains data, we have the ability to create, capture, transmit and store e-records in a trust worthy and accurate fashion.

At the present time there is little concern regarding the legality le·gal·i·ty
n. pl. le·gal·i·ties
1. The state or quality of being legal; lawfulness.

2. Adherence to or observance of the law.

3. A requirement enjoined by law. Often used in the plural. of e-records and whether they can provide evidential ev·i·den·tial
adj. Law
Of, providing, or constituting evidence: evidential material.

ev weight. In fact, a number of regulations introduced or updated both here and in the US over the past few years have made clear, that in more instances than ever before, e-records will satisfy the legal requirements of the courts and regulators.

In order for emails to be considered valid evidence in court however, they must be considered to have 'evidential weight' so that the information presented may be considered to be an accurate and true record that has not been tampered with during its lifecycle.

To give guidance as to how electronic records should be stored to provide admissibility ad·mis·si·ble
adj.
1. That can be accepted; allowable: admissible evidence.

2. Worthy of admission.

ad·mis in court and to have due evidential weight, the British Standards Institute (body, standard) British Standards Institute - (BSI) The British member of ISO. created the Code of Practice for Legal Admissibility of Information Stored Electronically--BSI-DISC PD 0008 which has been renamed BIP BIP - An incorrect singular of BIPS. One billion instructions per second is 1 BIPS, not 1 BIP. 0008 in its 2004 third edition. The Code describes the means by which it may be demonstrated in a manner acceptable to a court of law that:

"The contents of a specific data file created or existing within a computer system have not changed since the time of storage; and where such a data file contains a digitised image of a physical source document, the digitised image is a true facsimile of that source document."

To achieve admissibility and evidential weight, the code suggests users adopt five guiding principles, which are briefly summarised below:

Principle 1: Recognise and understand Senior management should adopt an Information Management Policy Document and review it regularly. This document should specify what information is covered, how each type will be stored, relevant security classifications; define retention/destruction periods and state management ownership responsibilities for the information.

Principle 2: Legal issues and duty of care It is recommended that organisations adopt an Information Security Policy with certain minimum requirements. A Disaster Recovery Plan is also recommended. Consultation with regulators, government bodies, auditors, legal advisors etc is also recommended regarding external implications of using electronic information management systems.

Principle 3: Processes and procedures Organisations should maintain a Procedures Manual for each information management system covered by the Code. Examples of relevant procedures are information capture, indexing, backup and system recovery, version control, security and protection.

Principle 4: Enabling technologies A Systems Description Manual is recommended, it should describe how hardware, software and network elements interact. The manual should detail systems configurations, detail changes made such that the details of the system may be determined for any point during its lifecycle.

Principle 5: Monitor and audit The code requires sufficient audit trail information to be kept to enable authenticity The correct attribution of origin such as the authorship of an e-mail message or the correct description of information such as a data field that is properly named. Authenticity is one of the six fundamental components of information security (see Parkerian Hexad). of stored information to be proved in court. This should include both audit trail information of the stored information and the system used. This might include the date of storage and details of movement from one storage medium to another.

Conclusion:

There is no legal obligation to retain email records unless their particular nature would render them relevant to the requirements of legislation or regulatory bodies. However, the potential requirement to prosecute To follow through; to commence and continue an action or judicial proceeding to its ultimate conclusion. To proceed against a defendant by charging that person with a crime and bringing him or her to trial. or defend civil and criminal actions makes email retention a sensible precaution.

If it is impractical im·prac·ti·cal
adj.
1. Unwise to implement or maintain in practice: Refloating the sunken ship proved impractical because of the great expense.

2. to classify clas·si·fy
tr.v. clas·si·fied, clas·si·fy·ing, clas·si·fies
1. To arrange or organize according to class or category.

2. To designate (a document, for example) as confidential, secret, or top secret. email records for the purposes of assigning separate retention periods, it may be sensible to set a default retention period for all email that will be determined by the longest retention period appropriate to the organisation.

www.storage-expo.com

COPYRIGHT 2005 A.P. Publications Ltd.
No portion of this article can be reproduced without the express written permission from the copyright holder.

Reader Opinion

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:	STORAGE
Author:	Buxton, Tom
Publication:	Database and Network Journal
Date:	Aug 1, 2005
Words:	702
Previous Article:	CIO survey reveals poor relationships limit outsourcing success.
Next Article:	Data management for compliance.(STORAGE)
Topics:	Electronic mail systems Email Gas transmission industry

Related Articles
Changing Technology Requires A New Look At Enterprise Email Management.(Industry Trend or Event)
Corporate asset protection of email overlooked. (Internet Focus).
Killer App: new email requirements are driving significant technology purchases. (Enterprise Applications).(Industry Overview)
Controlling the flood: a look at email storage and management challenges. (Automated Storage Management).
New ROI analysis service.(Security News & Products)(return on investment)(Orchestria offers analysis service)(Brief Article)
Ignorance is no defence--implications of email retention and best practice.(STORAGE)
UK email retention periods.(STORAGE)
Data protection and email retention policies.(Security)(Brief Article)
CIO survey reveals companies open to huge financial loss.(SOFTWARE SECURITY)
IT news and products; Open Text Integrates LegalKEY Records Management with Symantec Enterprise Vault.(SOFTWARE WORLD DIGEST)