Is it ever going to be possible to manage emails as records? I’m beginning to wonder. There are at least five viewpoints regarding the purpose, value, threat and burden of email, each with its own set of concerns, parameters and possible solutions. With new, cheap SaaS email offerings available from Cisco, IBM, Microsoft and Google, and with ever more mobile users, it may be time to face some hard facts about email management.
Law departments see email as a potential nightmare for e-discovery and litigation. The cost to search email archives and pay outside counsel to sift through them for relevance and attorney-client privilege is scary. Lawyers tend to see the management of email as the management of particular mailboxes. But as Daniel Garrie and Yoav Griver pointed out in their AIIM presentation, “Mobile Devices and E-Discovery,” third-party service providers like Google, AOL and Verizon have their own retention rules for messages which may be entirely different from yours. Attempting to put a litigation hold on third party files because of your litigation may not be possible.
Compliance departments want to make sure that email communications covered by regulations are kept as proscribed. The classic example is financial services, where client communications are retained according to SEC rules. What gives the compliance department dyspepsia is the idea of email as a separate silo, instant messaging as another silo, voice communications as another silo, etc. Faced with a regulatory audit, it is hard enough to show that one system is in compliance with regulations, let alone three. Compliance officers are among those who push for integrated messaging systems, with good reason.
Records managers will tell you that what determines retention is message content. True enough, but this concept assumes that there is a standard classification scheme in use by the entire enterprise; that all employees willingly classify their email messages according to it (or there is an automatic classification tool that works with more than 10 categories); and that there is actually some way to retain messages according to their assigned retention periods rather than copying them sequentially to storage media. Given the volume of email, the potential numbers of categories, and the enforcement of complex, event-driven retention periods, this solution may not be viable as a practical reality.
IT, of course, is where the buck stops. Headaches are the ongoing cost of operating email systems, backing them up and administering the storage needed for archiving. That’s why there are still plenty of organizations that assign email a single retention period in policies that stipulate “we keep all emails for 4 years, then delete them.” It’s just easier.
Meanwhile, consider the users, most of whom use email as a personal file cabinet. For many of them, email is a combination of knowledge, CYA, project history, and source information. In short, it is a productivity tool that lets them get their work done. Because email doesn’t easily integrate with their line-of-business systems, they face hybrid environments where one system contains process documents and another contains emails. In some cases, they actually print emails and scan them back in to the business system.
According to the April 26th issue of Information Week, entities as large and diverse as GlaxoSmithKline, Panasonic, and Coca-Cola are going to cloud-based email solutions and others may follow suit when the time comes to upgrade existing email systems. It remains to be seen whether a third party provider will be willing or able to provide much more than bulk retention and disposition of messages based on date.
#SaaS #ElectronicRecordsManagement #E-mail #SEC #disposition #AOL
#Google #regulations #discovery #records #Compliance #retention