(InfoWorld) – Nearly half of the IT managers in 1,700 companies across Europe do not receive guidelines on what e-mail should be saved even as awareness of the need for careful record-keeping has increased in recent years, a new study shows.
Likewise, employees frequently have incorrect information about how their e-mail is stored and managed, said the study, done by the U.K. research company Dynamic Markets Limited and commissioned by security vendor Symantec. A majority of employees — 78 percent — thought that they, not the IT department, controlled whether e-mail was saved or deleted.
The study also identified what could be potential gaps in e-mail storage. While most IT departments make a backup copy of e-mail every night, only 4 percent back it up during intervals during the day, putting some data at risk, the study said.
A far lower percentage — 42 percent — reported they automatically backed up data from mobile devices and laptops. Of the respondents, 45 percent said users were responsible to back up that data.
E-mail’s importance has evolved from a mere convenient communication tool to an influential, often legally binding document. Legal cases could call for documentation reaching years back.
The study found the majority of IT managers, 71 percent, do not archive e-mail of employees who leave their companies.
[Via InfoWorld: Top News]
In my opinion, this is the current Big White Elephant in the IT Room. Corporations can grasp records retention when it comes to actual paper, but have a hard time dealing with it when it comes to email. Last summer, I did an evaluation of the current products on the market today, and there are a number of good ones out there. But what they all required is the one thing that most IT management can’t give them, hard and fast rules around life cycle management of emails. Should every email be treated like a business record? How long should they be kept? Who decides if it needs to be kept longer? How do you handle local archives of emails? Should users decide which emails are business related? Does the policy comply with any legal requirements (SOX, HIPPA)?
The company I was working for at the time was one that engaged in litigation quite frequently, so retention of emails was a key issue. Also, they worked on projects that lasted any where between 18 months to 10 years. The problem I was having was not finiding a tool to do the archiving, but coming up with a policy that was enforcable and didn’t rely on the end user. We decided that a “save everything” methodolgy would be employed, but determining how long to keep emails was not decided when I left the company.
It will be interesting to see how this continues to evolve in the next 5 years.
Sean—