Page II: Companies are under pressure to keep more data for longer periods of time due to regulatory requirements. How should IT departments cope with electronic communications archiving?
The US Securities and Exchange Commission's investigations into recent "creative" (i.e., unethical) accounting practices have led to a number of changes in the ways corporations will be required to manage their records. "In the past year or two," says Dave Simpson, editor-in-chief of InfoStor, "events such as the scandals that have hit very large companies have led to new federal regulations, which mandate how long companies have to hang on to e-mail, including attachments." Some of these regulations include:
SEC Rule 17a
National Association of Securities Dealers (NASD) Conduct Rules 3010 and 3110
The Sarbanes-Oxley Act
Specifically related to document retention, the Act states the following:
General legal discovery
Legal discovery rules require any company involved in legal proceedings, regardless of size or industry, to produce evidence contained in electronic communications. The typical process can be exhaustive and expensive.
It's true that paper trails can do a good job of protecting organisations from fraud and error by providing evidence that is acceptable in court. But what happens when interactions and records exist only in electronic format, as is more and more often the case? Many companies, unfamiliar with the concept of treating e-mail messages as business records, have been accustomed to deleting them automatically after a certain time period (usually 90 days or so). Subsequently, if any of these messages are needed as evidence in legal proceedings, these companies are often out of luck.
As regulatory and legal discovery pressures continue to increase, however, the corporate world is learning its lesson. "Most large companies," says Andrew Rathmell, CEO of the Information Assurance Advisory Council, "now recognise that they can be crippled overnight if their reputations are harmed by failure to protect their information assets." That underscores the importance of ensuring that business-critical e-mail messages and their attachments are efficiently captured, classified, archived, retrieved, and also destroyed when they've finally outlived their usefulness.
Building the foundation
The requirement: An efficient and affordable compliance solution that preserves maximum evidential weight. While regulations can be very strict about how archived messages should be treated, these rules refer only to relevant messages that have to do with client and partner communications, or contain internal sharing of important information. None of the regulations so far has required companies to archive absolutely all messages passing through the system.
13%
1%
