Playing the Legal Lottery
Playing the Legal Lottery
Email has become the lifeblood of business today, yet many enterprises still do not have adequate email management systems in place. Bjorn Englehardt, Asia Pacific regional director of email archiving specialists KVS, says that companies that do not address this are running a huge risk, both from a business and a legal standpoint.
It's no exaggeration to say that many companies would admit they could no longer function efficiently without email. Gone are the days when email was restricted to basic text messaging within a few forward thinking organisations who could afford expensive x400-based networks.
Some indication of how dependent companies now are on email can be seen in some startling figures issued last year by market research firm META Group, which estimated that the global daily email traffic volume has topped 15 billion, with an expectation that by 2005 that figure will be as high as 35 billion.
Moreover, the type of information contained within those emails has become increasingly corporate sensitive. META Group goes so far as to suggest that the amount of corporate knowledge currently being communicated by email is around 50 percent, adding that this figure will reach 75 percent by 2005. The practical result of this can be seen across all business sectors, as transactions and communications which would formerly have been paper-based are now conducted via email.
These figures alone should be enough to alert most savvy senior executives to the importance of having a system in place to manage and archive this mission critical information. In the past, paper-based records would be kept to ensure that accurate reporting could take place.
It makes no sense to assume that emails don't need to be handled in the same way. But apart from this basic common sense motivation, there are two main driving forces which are forcing senior business managers to realise that email management is no longer an IT issue, but one which as a business tool directly impacts on their organisation's commercial viability, namely new legislative regulations and the prospect of disclosure in cases of litigation.
It's already the case that highly-regulated industries have strict record retention requirements that go beyond simple backups. For example, the Australian Financial Services Reform Act imposes similar regulations on financial services business. It too requires secure, long-term archival and retrieval of email, including audit trails for retrieval and disposition.
In the wake of the Enron scandal, and a little closer to home, HIH, we're finding that across the globe, the focus on corporate responsibility has changed balance and this situation is only likely to get tougher.
For organisations, it's now come down to the fact that at any time, authorities could mount an investigation into a particular business deal or overall operations. Knowing exactly what was said, by whom and to whom and about what and when has become crucial, particularly as the vast majority of that communication is being conducted by email. It could be said that any company that doesn't have a rock solid email policy in place is asking for trouble.
But there is a change of wind in some quarters with organisations beginning to take a different view of how email fits with compliance strategies in the post Enron, post HIH world. Such high profile accounting scandals have inevitably spawned new legislation to deal with corporate responsibility, most notably the Sarbanes-Oxley Act in the US.
From a legal standpoint, this prohibits knowingly destroying, altering, concealing or falsifying records with the intent to obstruct or influence an investigation in a matter in federal jurisdiction or bankruptcy and imposes a penalty or a fine of not more than 20 years in prison or both. It also instructs all accountants who conduct an audit to maintain all papers for five years.
In addition to their legal responsibilities, many companies are increasingly keen to proactively show that they are on top of what is happening within their businesses. Email is an excellent indicator of events within an organisation.
Outside of such wider legislative requirements, there is also the possibility of legal action of a closer to home nature. In litigation, opposing parties may require each other to produce copies of past emails satisfying particular characteristics. For example, plaintiffs suing a pharmaceutical firm over a failed product might request all emails containing the words pharmaceutical and tests.
Responding to such "disclosure" requests is extremely expensive and time-consuming if a company has to sort through message store backups manually. A frightening statistic from US market research firm CNI is the estimate that a company with an average of 8,000 corporate email users currently spends in excess of $1.6 million a year simply to enable users to find and retrieve old email messages. To put that in perspective, that's more than the average total cost of technical support and help desk operations combined in that same company.
So would the extent of the problems at some of the scandal-ridden companies that have grabbed such negative publicity recently have been avoided if a proactive email management policy had been in place? That we'll never know for sure, but it seems certain that forward looking companies will avoid playing this 'legal lottery', recognising that proactive compliance will be a positive indicator and brand enforcer for the enterprise as they move forward.
Related Article: