Corporate governance remains problematic
Corporate governance remains problematic
While businesses continue to fall foul of corporate governance regulations, concerns are mounting among companies over data retention, legal disclosure and reputational risk with email mismanagement.
To help business properly address the situation, content archiving and email management vendor KVS has issued its best practice guidelines on retention of email and their associated attachments, as companies continue to fall foul of corporate governance regulations.
Recent research, such as the Radicati Group's report 'Email Archiving Market Trends, 2003 – 2007', reveals that senior management place great emphasis on the importance of corporate email archiving. However, there is also considerable discrepancy between the noted importance of email archiving and the lack of actual implemented email archiving policies. With Radicati predicting that the number of worldwide corporate email mailboxes will reach 421 billion by the end of 2003 and the market for email archiving vendors to reach over US$126 million by the end of 2003, it is a problem that will only worsen if it is not tackled head-on.
"The one strong lessons our customers say they have learned over the past eighteen months is that reputational risk is every bit as important as the actual credit risk of being caught out on data retention," said Andrew Barnes, Marketing Director for KVS. "Senior management and directors are considered to have a duty to recognise and manage risks to ensure that their organisations are compliant. What many people don't realise is that they can be held liable for both lack of, and excessive monitoring of email use, as well as failure to retain documents and records."
Among the guidelines issued by KVS on email policy to companies that are faced with the volume and complexity of current legislation and fiduciary requirements are:
1) Retention and deletion decisions should be made at the management level. Not at the individual user level. (Although users can delete mail from their personal inbox, the organisation should define its overall policy for email retention, for example, what to keep, where to keep it, how long to keep it and what to delete). Ensure that policies are enforced centrally rather than relying on user discretion.
2) Responsibility for policy enforcement should be at a management level.
3) Bring together usage and retention policies for email and other documents (*e.g. letters, faxes, non-email documents held in filing systems and other stores).
4) Policies should address external and internal email.
5) Email policy should be driven by corporate governance goals and, where applicable, regulatory requirements, and not simply by IT goals.
6) Use technology to facilitate rapid discovery of email content. Ensure the IT infrastructure can deliver on the business policy. If an organisation uses a system that it knows is not-compliant then it can be held liable, even though it may be ‘best of breed’.
7) If the organisation is subject to email usage regulation, including routine internal/external audit processes, then put email review in place as part of the management process.
8) Ensure that policy implementation can be audited and is visible to management and, if appropriate, to external regulatory bodies.
9) Ensure that all users are fully aware of email retention policies being upheld within the organisation. Provide comprehensive staff training if appropriate.
10) Ensure that technology solutions are transparent to users and can scale to cope with the organisation’s email volumes.
Related Article: