E-mail archiving a whole-of-company issue

In this issue of Industry Insider, David Thompson, managing director at records compliance management software maker AXS-One, explains why e-mail archiving is a must for both business and legal reasons.

Enron, Morgan Stanley and the Australian Wheat Board are familiar names that may send shivers down the spine of senior management. All these organisations have been involved in controversy over e-mails that have cost the company's reputation and/or resulted in large fines.

E-mails are usually regarded as being primarily an IT issue which is handled by way of backups. IT departments have backup systems under control, but most IT managers haven't prioritised corporate governance, regulatory compliance and the risks associated with actions such as legal discovery.

I believe there is a mismatch between what an organisation requires and what the IT department is currently delivering.

Those in IT management need to be aware of the protection required when it comes to electronic documents; having no protection carries risks that the business may not be able to sustain.

While Australia doesn't have a Sarbanes-Oxley Act as in the United States, there are a number of legal obligations for the retention, and destruction of e-mails and other electronic records. For example, the Corporations Act (which requires items to be retained for seven years) and applications for employment (six months). In addition, records created by the HR department and Occupational Health and Safety may be covered by a number of statutes all with varying retention periods from six months to 25 years or more.

Interestingly, the Sarbanes-Oxley legislation and other compliance regulations have not been the instigators of most e-mail archiving installations here, although companies do acknowledge the by-product of being compliant will be of benefit in the future.

Operational archiving and legal discovery
By far the biggest incentive for implementing e-mail archiving is operational reasons. Many organisations are choosing to reduce their storage and other operational costs by implementing an archiving solution.

Another reason is fear of the enormous costs involved in litigation and court discovery orders -- not to mention the adverse effect on reputation and brand. Even the threat of a legal discovery order, which can cost millions to complete, often sees companies settle out of court rather than pay to have it undertaken.

There are other motivators for companies to implement an e-mail retention and archiving solution that will see the rapid uptake of this technology.

While records retention is the first thought for most senior managers, securing the destruction of records is equally as important. There are risks associated with retaining records for longer than is legally required or retaining records in conflict with the privacy laws.

Organisations should ensure they have a central repository where every record is protected with stored copies of any incoming and outgoing e-mails and their attachments, and instant messages. Using WORM (an acronym for "write once, read many", a form of optical storage for discs) technology, the documents can be accessed but can't be modified and are only deleted at the end of their retention period. This single archive solution also needs to have a powerful search facility that enables e-mails to be found in minutes. This means they are always "dispute ready" and evidence can be found quickly.

New law on document destruction
A new law in Victoria, passed by the lower house on February 28, will see individuals or corporations convicted of intentionally destroying documents to prevent evidence being used in court facing up to five years imprisonment. Companies in other states may find that if they have a Victorian office or deal with a Victorian company, they will come under that legislation. And in due course, other states may follow Victoria's lead and instigate the same legislation.

Australia needs a federal policy on document retention and monitoring around electronic documents, particularly e-mail as this is the worst offender. If each state introduces their own legislation, it could become a nightmare for national companies to operate compliantly.

The most intelligent, long-term strategic approach is to have a corporate-wide archiving capability that handles all data types consistently and automatically. This not only removes the onus from the individual but also gives the organisation water-tight records retention.

The ability to produce evidentiary documents is a key part of corporate responsibility in court cases. Companies therefore need to protect themselves from employees who choose to flout the law.

My advice is, IT managers should take a holistic approach to archiving; don't wait until the discovery order arrives before you implement a records compliance management solution.

David Thompson is managing director of AXS-One, a leading provider of high performance records compliance management software solutions. The company's technology includes digital capture and archiving, retention management and legal discovery at minimal cost with timely access to archived e-mails. AXS-One is publicly traded on the American Stock Exchange.