For compliance sake, how can users best manage their organization's peripheral storage? (Instant Messenger, Blackberries, 2-way pagers, etc.)
The recordkeeping requirements depend on the regulatory environment so companies need to assess the external and internal requirements and forge agreement among all their stakeholders on data capture and retention for these forms of electronic messages.
The requirements for broker-dealers under SEC Rule 17a-4 are well defined and company policies may restrict the use of such devices by specifying approved service providers or by employing special IM management and compliance software. For example, Bloomberg and Reuters instant messaging services provide a secure IM environment intended to meet SEC compliance requirements.
For most other companies, the current regulations do not yet address messaging very explicitly. However, as we learned from the SEC's enforcement actions in the securities industry, it's likely that regulators will take the position that companies "should have known" that these were business communications. And since it's feasible to capture and save them, companies should recognize their duty to do so as part of their business records.
Certainly lawyers and courts recognize e-mails as business records that are subject to discovery, and it won't be long before IM records are covered by the same logic. Stakeholders will continue to raise the bar and expectations will be set by society's perceptions of what is possible and feasible in terms of message capture and retention. Companies can go the extra mile and take steps now to enhance their credibility with their auditors, regulators and litigators -- or they can wait until events force their hand on these issues. These are policy choices and should be made explicitly after assessing the requirements, risks and costs.
Ed note: If you would like to read additional compliance articles, opinions and expert advice, make sure to sign-up for our ALERTS on compliance. Click here to sign up. SearchStorage.com also offers alerts on low-cost storage.
Do you agree with this expert's response? If you have more to share, post it in one of our
Dig Deeper on Data storage compliance and regulations