Ignorance is no defence--implications of email retention and best practice.How long should we keep our email for'? Should we ever delete To remove an item of data from a file or to remove a file from the disk. See file wipe, trash and undelete. 1. (operating system) delete - (Or "erase") To make a file inaccessible. anything? And how can we tell what to keep and what to delete? Recent research, such as the Radicati Group's report Email Archiving See e-mail archiving. Market Trends, 2003-2007, reveals that senior management place great emphasis on the importance of corporate email archiving. However, there is also considerable discrepancy DISCREPANCY. A difference between one thing and another, between one writing and another; a variance. (q.v.) 2. Discrepancies are material and immaterial. between the noted importance of email archiving and the lack of actual implemented email archiving policies. Radicati also predict that the number of worldwide corporate email mailboxes will reach 421 billion by the end of 2003 and believes the market for email archiving vendors to reach over $126 million by year-end 2003. The one strong lessons lesson our customers companies say they have learned over the over the past eighteen months is that reputational risk is every bit as important as the actual credit risk of being caught out on data retention. The very nature of email is transient, and lawyers view emails as electronic moving targets? What does this mean?.. Senior management and directors are considered to have a duty to recognise and manage risks to ensure that their organisations are compliant. What many people don't realise is that they can be held liable for both lack of, and excessive monitoring of email use, as well as failure to retain documents and records. Faced with the volume and complexity of current legislation and fiduciary fiduciary (fĭd  `shēĕ'rē), in law, a person who is obliged to discharge faithfully a responsibility of trust toward another. requirements, corporate customers are increasingly asking KVS KVS Koninklijke Vlaamse Schouwburg (Dutch: Royal Flemish Theatre, Brussels, Belgium)KVS Kendriya Vidyalaya Sangathan (Hindi: Indian Central Schools) KVS Kenny Vs Spenny (TV show) to provide guidelines guidelines, n.pl a set of standards, criteria, or specifications to be used or followed in the performance of certain tasks. on setting email policy. These include: KVS' Top Ten Best Practice Guidelines practice guidelines Medical practice A set of recommendations for Pt management that identifies a specific or range of range of management strategies. See Peer review organization, Practice standards. Cf 'Cookbook' medicine. For Corporate Governance Corporate Governance The relationship between all the stakeholders in a company. This includes the shareholders, directors, and management of a company, as defined by the corporate charter, bylaws, formal policy, and rule of law. of Email: 1. Retention and deletion deletion /de·le·tion/ (de-le´shun) in genetics, loss of genetic material from a chromosome. de·le·tion n. Loss, as from mutation, of one or more nucleotides from a chromosome. decisions should be made at the management level. Not at the individual user level. (Although users can delete mail from their personal inbox, the organisation should define its overall policy for email retention, for example, what to keep, where to keep it, how long to keep it and what to delete). Ensure that policies are enforced centrally rather than relying on user discretion. 2. Responsibility for policy enforcement should be at a management level, but everyone needs to play a part.. 3. Bring together usage and retention policies for email and other documents (* e.g. letters, faxes, non-email documents held in filing systems and other stores). 4. Policies should address external and internal email. 5. Email policy should be driven by corporate governance goals and, where applicable, regulatory requirements Regulatory requirements are part of the process of drug discovery and drug development. Regulatory requirements describe what is necessary for a new drug to be approved for marketing in any particular country. , and not simply by IT goals. 6. Use technology to facilitate rapid discovery of email content. Ensure the IT infrastructure can deliver on the business policy. If an organisation uses a system that it knows is not-compliant then it can be held liable, even though it may be 'best of breed'. 7. Data Protection is all pervasive in the EU. Records containing personal data must be deleted Deleted A security that is no longer included on a specified market. Sometimes referred to as "delisted". Notes: Reasons for delisting include violating regulations, failing to meet financial specifications set out by the stock exchange and going bankrupt. once their retention periods come to an end. Whilst those records are held, individuals have a right to see their content. 8. If the organisation is subject to email usage regulation, including routine internal/external audit processes, then put email review in place as part of the management process. 9. Ensure that policy implementation can be audited and is visible to management and, if appropriate, to external regulatory bodies. 10. Ensure that all users are fully aware of email retention policies being upheld within the organisation. Provide comprehensive staff training if appropriate. 11. Ensure that technology solutions are transparent to users and can scale to cope with the organisation's email volumes. Regardless of the size of your organisation, if you're using email for any sort of business correspondence you need to understand the legal implications of both retaining these emails for the period required in an easily retrievable and searchable manner, as well as deleting them after the legal retention period passes. Failure to property appreciate the implications of corporate governance on email can be a costly mistake both commercially and legally. Andrew Barnes, KVS www.kvsinc.com |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion