Do you have an Email Archiving system that will stand up when put to the test?

Peter Sweeney- Waterford Technologies

This scenario asks the real questions that a comprehensive email archiving solution should have all the answers to:

You suspect one of your employees has just sent out your client list to all the competition by email but, they deleted all their email before they went, and emptied the trash folder before walking out of the building. Worse still, they are suing you in the Industrial Tribunal for unfair dismissal, and want copies of specific emails from 3 years ago.  This is an imaginary scenario but it does expose the critical need to manage, archive and audit all of the vast volume of email within a modern organisation.

The employee in this scenario has lodged a Subject Access Request under the Data Protection Act 1998 as part of their claim. Do you have easy instant access to the last 3 years emails between this employee and their supervisor?  Who else was sent the client list? How do we prove it?  How long do we keep emails anyway?  Some of the emails are archived on a PST file on the laptop that the employee still has in their possession and may well have deleted too. What about those?

Anyone from a legal background will no doubt be rubbing their heads and mulling over the implications of “Well they shouldn’t have done that and we did tell them not to do that but how do we prove it?” Should we settle?  How much would it cost to get the information? Is it cheaper to pay off the claim than risk a £70,000+ award if we can’t access the information we need in a cost effective manner. Can the IT team do it with a month or two months or are the emails gone for good?

Email ArchivingThis scenario identifies the key importance of email archiving software within any private or public organisation.  This highlights a number of questions for the modern company:
  • Can your organisation easily and accurately respond to requests relating to emails under the Data Protection and Freedom of Information Acts?  Going back 6 years or more?
  • Could you easily identify and report on a chain of emails internally amounting to harassment. Who else was a recipient or a sender in that chain?
  • Can you prove the email has not been altered and the time it was sent?
  • Can you show, for the purposes of evidence in a legal action that your email is archived in a separate system that is encrypted, secure and contains a clearly defined audit trail and has digital signatures on emails to prove the integrity of the email?
  • Do you allow employees to archive emails to PST files that may be insecure and outside the control of your IT department?
  • Do you have a clearly defined policy on retention of emails that is automatically enforced?

Any doubt in answering the above could expose an organisation to being unable to defend itself or put its best case forward in any employment or contractual dispute requiring unequivocal proof of the validity of an email.   As emails freely cross borders at the speed of light, there are implications for all companies large and small. Firms in Europe and the UK with US parents are exposed to other legislative obligations such as the Sarbanes-Oxley Act. If you can’t answer the above question in the affirmative, it is unlikely that you have an adequate internal control structure to satisfy the Act.

Further legislation such as the Freedom of Information Act impacts heavily on public bodies and it becomes apparent fairly quickly that the arguments for having automated email archiving are hard to resist especially as this article discusses only one aspect of email archiving.  Giving users their own personal search engine, allowing HR access to reporting on inappropriate email usage, reducing the size of the email store and therefore the nightly backup are just a few of the others. If you weren’t able to answer yes to the questions in the list above, then it may be time to talk to us.