Sarbanes-Oxley (SOX) as well as SEC, FDIC, and other regulatory rules require not just retention of email for 7 years, but retrieval. Companies are getting fined in the billions for mismanagement of email rules. The Biz Journal reports:
A jury in 2005 awarded $1.45 billion in damages against Morgan Stanley, partly in response to Morgan Stanley's failure to preserve and turn over subpoenaed e-mail messages and attachments to the court.
That same year, securities giant UBS Warburg paid $29.3 million for its failure to preserve e-mail evidence in company salesperson Laura Zubulake's well publicized employment discrimination trial.
Shortly before that, a federal court fined Philip Morris $2.75 million for spoliation, or the improper destruction of e-mail evidence.
Examples of costly cases involving the misuse or mishandling of company e-mail messages are rampant, yet surprisingly only 34% of American companies have written e-mail retention and deletion policies, said Nancy Flynn, executive director of Columbus' ePolicy Institute.
Equally alarming, Flynn said, is 34% of employees in 2006 said that they do not know the difference between business-critical e-mail that must be retained, such as business records, versus insignificant messages that in many cases should be purged. The survey showed many employees are learning e-mail etiquette the hard way - 26% of employers said they terminated employees for e-mail misuse. Another 2% have dismissed workers for inappropriate instant messenger chat, and nearly 2% have fired workers for offensive blog content, including posts on employees' personal home-based blogs.
Each company should define a business record, said Flynn. A business record is a document in which business-related matters, transactions, activities and events are discussed. It is the content of the message, not how it is transmitted that's important. Once a business record is defined, Flynn recommends each company develop a retention and deletion schedule which documents how long business records must be kept and when to purge them.
This is an opportunity to provide businesses with not only the technology of data storage and retrieval, but to provide them with policy and training. You want high ARPU? There it is. Instead of providing email and backup, you are increasing productivity and partnering with the business owner to insure compliance. Work with a SOX Consultant and you can make some bigger money.
No comments:
Post a Comment