Corporate emails may be posing threats other than malicious viruses—those of a legal nature. A recent survey, conducted by Harris Interactive, shows that 68 per cent of US employees using email at work have sent or received email, via their work email account, that could place their company at legal risk.
Highlighting such unfavorable email behavior was the Laura Zubulake versus UBS Warburg legal battle, early last year. A jury in New York returned a verdict of nearly $29.3 million in favor of Zubulake--one of the largest awards made to an individual discrimination plaintiff ever recorded. The sexual discrimination suit by Zubulake, a former equities trader at the prosecuted financial firm, warns of unfortunate fates that may hit organizations that do not incorporate sound email policies.
Risks: Legal Discovery, Regulatory Compliance and Employee Email Practices
UBS Warburg lost its case when it failed to deliver emails requested by the court through a legal discovery order. The e-discovery experience of the financial firm has quickly become a trendsetter of sorts for corporations. It has provided a forum for email policy reform, as missing email forced the case judge to lay out rules for electronic evidence, including sanctions against destroyed email.
The court ruled that UBS had willfully done away with electronic records in an illegal attempt to thwart the plaintiff’s case. The verdict also read that the firm had failed to comply with email retention policies--which would have preserved the missing records.
But a retention policy is not the only kind of email policy that could help a company avoid legal disasters. In 2000, American Home Products (AHP) encountered a forced settlement of $3.5 billion owing to inappropriate internal email content, sent by its executives. The pharmaceutical giant failed to employ a clearly stated and properly distributed email policy with regular monitoring and supervision.
Although email has benefited the business world with improved employee communication and increased productivity, its ubiquity has also made email exchange a realm filled with risk factors that, as the cases above illustrate, have to do with both retention and content of email.
Corporate scandals, in which email played a crucial role, have led to the naissance of new regulations. Most notable of such laws is the Sarbanes-Oxley Act, the shadow of which now blankets most industries. Slapping million dollar fines and nearly 20-year prison terms in the event of non-compliance, regulations like Sarbanes-Oxley demand record retention over a predetermined period of time, and timely retrieval of those records, including email.
In addition, such new rules require companies to supervise and report on the effectiveness of their email safeguards. Indeed, businesses now face heavy demands when it comes to email retention and content, and how both of those aspects are managed.
Despite the advent of such regulations, the Harris Interactive survey revealed some startling statistics about how employees use their corporate email accounts that could put their companies at legal risk. These uses include sending and receiving sexually explicit and politically incorrect email, providing personal details to the Human Resources department, and sending or receiving passwords or log-in information. Also, an alarming number of employees, especially those making over $75,000 a year, save work-related email outside their corporate network, heightening their companies’ exposure to risk.
Eliminating Risk through Email Archiving
An email archiving solution can take care of an organization’s retention, content supervision, and reporting needs, dramatically reducing risk. A well-architected archiving solution should be capable of retaining a company’s entire email history. It should also provide an easy-to-use search function that quickly retrieves messages, especially in the event of legal discovery. Finally, the solution should possess features that allow for easy reporting.
But the key to stopping regulatory and legal problems rests within a sound email policy—a feature that can be implemented and maintained via the email archiving solution.
The Harris survey has revealed that while a majority of employees have sent or received email that could pose risks to companies, about 92 per cent of those employees do not realize the potential damage. The survey sums up by showing that many organizations do not have any email policy in place; those companies that do, cannot get the majority of their employees to actually adhere to those policies.
To have an effective email policy in place, especially with regards to content, an organization’s messaging needs to be clear on what is and what is not appropriate email content. Every employee should be educated on the policy and a signed copy of the policy document should be required of these employees. A policy that is unclear and thereby not adhered to can be deemed invalid.
Besides the use of appropriate language, the policy needs to prohibit end-users from saving work-related email outside the corporate network. Unfortunately, saving email outside the corporate network makes it difficult, if not impossible, to recover those messages easily and quickly for legal discovery. An archiving system takes care of such concerns and takes away any incentive employees may have to save their email anywhere else.
Choosing the Right Solution
There are a variety of archiving solutions available, but the first step towards making an informed decision will typically be whether to go with an in-house or an outsourced solution.
For in-house implementation, an organization needs to develop or purchase appropriate software according to business requirements, and buy the appropriate hardware. With the large amount of email data that most organizations send and receive, archiving requires a significant amount of storage hardware.
In-house email archiving solutions typically use a dedicated server-based approach that copies all email from the message store into an archive. Some solutions also require that software be installed on all PC clients to facilitate searching and retrieval. In-house solutions offer a high level of control and data security, as well as convenient integration with other systems in the organization’s existing infrastructure. However, these solutions can be costly to acquire and often require dedicated, skilled personnel to maintain.
An alternative to the in-house approach is the hosted solution. This allows a company to archive data at a third-party location, reducing the burden on internal IT resources. Outsourcing also allows a company to avoid substantial hardware and software costs and alleviates the inconvenience of maintaining an archiving system.
A disadvantage with some hosted solutions is a lack of data security. By storing confidential email data at an external location, a business may open itself to security breaches or Privacy Act concerns. In addition, without direct integration with the customer’s email server, management of archives can be an additional challenge.
Today, however, some outsourced solutions have addressed these security concerns, and can offer the same level of security that in-house solutions do, without the unpredictable expenses. Also, outsourced service providers can have the archiving system up and running in days when in-house solutions, typically, could take months to deploy.
The Fortiva Suite is an example of an outsourced solution that can provide complete data security through its DoubleBlind Encryption™ technology. Through this system, email is encrypted before it leaves the corporate network and stored permanently in its encrypted form. This guarantees the data can never be viewed by anyone outside the corporate network, including the Fortiva staff.
At the same time, the Fortiva suite provides an easy-to-use search function that retrieves messages in near real-time and guarantees search performance. Additionally, comprehensive supervision and reporting features make it simpler to highlight problem areas and take action against potential legal threats.
Conclusion
The rise of email has improved business communication. However, it has also increased exposure to risk, stringent laws and regulations, and detrimental lawsuits. Some of the most damaging verdicts and forced settlements have resulted from missing email, inappropriate email content, and insufficient or lack of email policies. A good email archiving solution should provide a company with access to end-users’ entire email histories, the ability to monitor email content, and easy-to-use policy-formation capabilities. Equipped with these tools, a company will not only easily meet its regulatory and legal discovery requirements, but eliminate the risks associated with email usage.
|
