E-mail and document retention issues tend to have more questions than answers. One of the more interesting questions is how to deal with Digital Rights Management (DRM).
In simple terms, DRM is the author's ability to control the use of electronic documents through various means that limit the receiver's ability to read, copy or forward an electronic document. In some cases, it is possible to limit the amount of time a document can be read even by the intended recipient.
While different methods exist to limit the existence of a readable copy of a document or e-mail. Let's assume a method that relies on a third party set of public/private encryption keys which must be retrieved from the third party every time the document is opened. These keys are only kept available for a pre-defined period of time. Outside the pre-defined window, the keys can not be retrieved and the document can not be read.
How will you read this document after the time period has expired? Will the original keys and valid date ranges need to be saved with each document so the discovery system can mimic the original environment? Will a untimed master key be necessary in order to read the documents in the event of a discovery order? Should your business revert to making a hard copy of every e-mail document?
Another possible DRM scheme is to have your e-mail deliver the information via a link to a normally inaccessible web page that is only available for retrieval for
Now imagine your business routinely uses one of these methodologies to secure your e-mail and business documents. As an administrator, how will you deal with archival storage of documents you may not be authorized to read? How will you properly file unreadable documents under some document content management scheme? Even using tape, will anyone ever have enough storage capacity to keep multiple copies of these type of files.
Lot of hard questions; no easy answers.
Send me your comments or your answers to these questions at firstname.lastname@example.org
About John Weinhoeft:
For the past 30-plus years John Weinhoeft has had his hand in the computer industry. He recently retired from designing and managing the State of Illinois' centralized computer systems that served 100 agencies. John has authored and edited a number of analytical books published by Computer Technology Research Corporation. He is, or has been, a member of several computer organizations including the Computer Measurement Group and Central Illinois Personal Computer Users Group. This was first published in July 2003
This was first published in July 2003