SECURITY CLINIC: Archiving offers legal safety net
- 04 October, 2000 10:08
With the increasing use of e-mail for day-to-day business, organisations are recognising the compelling need to include e-mail within their overall communication policies. Sensitive information, business communications and transactions are all part of the electronic world. Soon information from mobile phones and palm pilots will join the already copious amounts of data flowing through an organisation's e-mail system.
Organisations are increasingly being held accountable for e-mail sent by their employees. Keeping proper e-mail records and tracking Internet conversations with third parties can help in assessing liability, as well as purge-damaging documents such as pornography and bandwidth-draining videos and photos. The legal issues are real, with a large UK-based Insurance company recently forced to pay over $1 million to a major competitor over libellous e-mails.
Companies are also facing the need to retain copies of e-mails due to legislative and regulatory requirements. For example, with the recent legal acceptance of digitally-signed messages as contracts in the US, it is becoming vitally important to know exactly who sent what to whom, and being able to prove it.
The impact of such a requirement is not insignificant. IDC predicts a growth in daily e-mail traffic from 2.1 billion in 1998 to 7.9 billion by 2002. Given the sheer volume of e-mail generated by large organisations, not only is the storage of information essential, but a management and retrieval process is equally vital. Maintaining an audit trail of the messages flowing across the company's Internet boundary would appear to be a simple enough requirement. However, a frighteningly large number of companies are failing to adopt this obvious risk-avoidance strategy.
Many organisations feel confident that their backup strategy will serve them well in such situations. Backup systems are well suited to recovering large quantities of e-mail after catastrophic system failure. Getting back one single e-mail is another matter. System administrators spend an increasingly large amount of their time responding to pleas to restore a "really important e-mail that's gone missing from my mailbox".
Without proper control of what goes in, the archive can grow rapidly, with a typical 3000 user system handling over one terabyte of message traffic annually. Legal research also shows that the cost of searching for information that should have been archived can run into millions of dollars.
Despite these trends, many organisations are failing to realise the legal responsibilities involved in this new business model. Those that have are struggling with privacy and management issues. Employees are failing to realise that e-mail is just as much a part of the corporate climate as the fax machine and filing cabinet, and therefore not theirs to enjoy at their leisure.
The perception of many organisations is still incongruent with the reality of managing electronic information. Therefore, from a legal and business efficiency standpoint, the channel needs to start educating the market. This involves not only explaining what is and isn't technically possible, but the issues surrounding why archiving is an essential business habit.
Selling technological capabilities is important. Companies need to feel confident that what they want to do is possible and not more complicated than systems already in place, namely systems administrators and backup procedures.
However, technology alone is not an adequate solution for an organisation and provides limited services and value-add opportunities for the channel. The channel should be educating the market on the importance of archiving and how to implement an effective and relevant archiving system.
Relevant archiving means customisation. No two companies are going to have identical archiving and security policies and requirements. The channel is able to influence companies to include what has been, up until now, a relatively obscure consideration and write archiving into their communication and security policies. They can help draft a policy and personalise the software to enforce it. This is true value-add.
Alan Schaverien is
Managing Director at AP Content Technologies. Reach him at email@example.com