Regulatory requirements and strategies for eMail Archiving

There is currently a debate regarding the archiving of emails and other electronic documents.

Some IT managers believe all content should be archived so corporate knowledge held in email is retained. Other managers believe email should be deleted regularly to reduce the liability that may arise in the event of a lawsuit or government inquiry.

Essentially, there are three basic views on the issue of archiving email:

Delete all email regularly.
One group believes all email should be deleted on a regular schedule, typically kept no longer than ninety days, so potentially incriminating evidence will not be available during the discovery phase of a legal action or during a government inquiry.

Those in this camp find justification for their position in cases in which archived emails have harmed the organizations that kept them, such as the several internal emails written by Microsoft's Bill Gates that were presented as evidence against Microsoft in the U.S. government's legal action against the company.

Arguing against this position, others say courts can instruct juries that if a party to a legal action destroys documents, there is a presumption that the documents were damaging to the destroying party.

Keep all email for long periods.
Another group believes all emails should, 1) be kept for long periods, 2) be made accessible via archiving and tracking tools that permit an audit trail to be maintained, 3) have access to archived content permitted to employees and others for long periods of time.

This view is held by those who are a) averse to risk and believe it is better to know about damaging evidence so its harm can be minimized through the application of appropriate legal or other strategies; and b) in support of the extraction of corporate knowledge from information stored in messaging systems.

Keep only important email.
A third group believes emails should be categorized with regard to their importance, and some of this information should be kept long-term, while unimportant information should be deleted regularly. Again, this view is held by those who are averse to risk for legal or other reasons and who want to extract corporate knowledge from the messaging system. 

Governance, Risk & Compliance as a Service

From policy to enforcement to searching for that email that someone sent two years ago, our solution makes it easy to meet your compliance obligations.

Easy, flexible and fast - that's our messaging policy.
Our solution allows you to create, maintain and enforce your corporate messaging policy, meeting all regulatory compliance regulations. Your business is protected from legal risks, without draining the financial and productivity resources of your business.

Industry-specific templates are provided and distributed to your employees. And every version of the policy is automatically retained, meeting best practices for both legal discovery and compliance. Messages will not be disposed of until directed to do so by your retention policy.

Our solution allows you to implement a systematic and flexible process for selecting and reviewing the content of all electronic messages. You'll be much more effective at identifying violations. And since most of the work is done automatically, you'll also save a lot of time.

Find every email, every time, in seconds.
Our archive automatically stores multiple copies of all your internal and external communications in multiple locations. That includes Exchange mail, instant messages, Bloomberg Mail and Instant Bloomberg.

Records cannot be deleted or altered once they have been archived, ensuring that all evidentiary standards are met. We guarantee it. And since everything is fully indexed, including attachments, it's easy and fast to find what you're looking for.

The Governance IT compliance service desk is in complete control of all compliance obligations for your company. They can easily find what they're looking for thanks to highlighted search words or phrases within the subject or body of search results, including attachments. Even setting up, maintaining and supervising the policy.

When faced with a legal situation or simply a dispute, you can get everything from the archive, including audit trails and exports, in minutes.

With our Google-like web-based user interface and comprehensive search capabilities, you can conduct a full text search across the header, message body and content of over 300 types of attachments. You can also conduct people-aware searches, so you don't have to search multiple email addresses. Exporting messages can be done with the click of a mouse. 

At Governance IT, we take care of all your compliance needs for you. We make it easy to set up, maintain and enforce policy, retrieve data, and meet your compliance regulations. And with our exclusive DoubleBlind Encryption, you can rest assured that your data can never be viewed by anyone outside your network - not even us.

All it takes is one phone call, a couple hours, and your compliance worries are over. Our all-inclusive, on-demand solution takes care of everything for you. You maintain full control. And it costs less than doing it yourself. So relax, and let us take care of everything.

What are the legal perspectives of archiving electronic communication?

Regardless of whether an industry is more or less heavily regulated with regard to its records retention requirements, there are several factors for any enterprise to consider with regard to the importance of email retention:

• During discovery all records are subject to review.
Without an appropriate archiving system from which emails and faxes can be methodically searched and extracted, a court can order that all servers and backup tapes be seized for analysis.

• Electronic documents are now valid and have legal effect. Legal and regulatory developments prevent courts from denying legal effect or validity to electronic documents simply because they are in an electronic form. The legal and regulatory controls that apply to paper documents now apply to electronic documents. Parties who rely on or use electronic documents can be liable for their actions and omissions.

• Courts no longer accept the argument of technical difficulty when dealing with the legal issues surrounding the use of electronic documents. For example, if an email server runs out of storage capacity and an administrator must delete messages from the server to make room for new content, this is not considered an acceptable defense if a company is asked by a court to provide email messages during a lawsuit.
• Legal admissibility is now irrelevant when it comes to determining the reliability of evidence. The focus is now on the evidential weight of evidence. The strength of evidential weight directly determines the reliability of that evidence and the weight the Court will place on that evidence — the better one side’s evidence, the more likely that side is to win the dispute.

• Regulatory controls on the retention of documents and information are the main driver for electronic evidential weight. Every commercial or governmental activity requires the production and retention of a record. Regulatory developments simply call for electronic versions to be retained for as long as their paper-based versions.

• Electronic archiving imposes additional demands not required in traditional record-keeping. In the paper based world, parties can easily point to a particular copy of a document as the ‘master’ document, or the original.

• Information must be tamper proof. The problem with electronic information is that it is easy to alter, delete or even lose; far easier, in fact, than with paper-based information, as any change or loss can occur without leaving any trace. The problem then is to ensure information is correctly captured and stored to minimize uncertainty over its integrity and existence.

• Evidential weight is more than document retention. Evidential weight requires all aspects of an electronic record be retained; including the existence or occurrence, the document itself, any access to the document contents, any attempt to edit or delete the document, and ensuring the document received or created is the document stored. Simply storing a backup or snapshot of a messaging system is insufficient, as is a system that only archives documents after a period of time, as there is no way to protect against user tampering.

• If a user cannot prove every document or record has been retained for the correct period, they have not satisfied the evidential weight requirements. Document and email retention requirements specify the retention period and the storage mechanism. They do not affect evidential rules which are quite separate, but apply in addition to these requirements.

• Archiving all electronic communication is the smartest course of action for any organization, even if the archived documents are damaging to the company’s defense during a legal action. An organization is better served by understanding the extent of its liability and opting to settle out-of-court rather than have another source produce archived emails or faxes that are
damaging to the organization. 

White paper on Compliance

Get in touch

Book a meeting
Download whitepaper
Governance IT A/S
Dronning Louises Vej 7
DK 2920 Charlottenlund

Tel: +45 7026 0350