Published: 10 May 2005
Booming interest in data archival was initially fueled by new regulations mandating that data be retained for longer periods of time. But these days, interest in archiving data--particularly e-mail--has become more mainstream, going beyond well-regulated industries.
Archiving e-mail just makes good business sense, say some companies that have taken the plunge. CODA, a U.K.-based developer of accounting software, for example, recently began archiving internal e-mail using Hewlett-Packard's Reference Information Storage System (RISS). While CODA isn't regulated per se, many of its clients are, and it wanted to set an example of good corporate governance, says Richard Hall, IT manager. "We're always helping our own customers deal with compliance, so when we started looking at our internal policies and best practices, we felt [RISS] would be a good foundation to improve how we stored and archived e-mails."
But Hall was also considering the possibility of having to defend CODA's e-mail archiving practices in court. Because RISS is "a black-box solution" and fully supported by HP, Hall felt it to be unimpeachable. "I don't want to have my lawyers trying to prove that an e-mail hasn't been tampered with," he says.
Indeed, legal concerns are the motivation for many customers of FrontBridge Technologies' Message Archive service, 40% of whom aren't regulated, says Dan Nadir, VP of product management at the company. "They come to us saying 'We just got sued' or they were asked to produce e-mail and they couldn't do it," he says, so they were fined or had to settle.
Lawyers, Nadir continues, are increasingly viewing e-mail as a company's potential Achilles' heel. "[Lawyers] are using it as a weapon," Nadir says; they know that nine times out of 10, a company won't be able to produce the requested e-mail, thereby forcing them to settle the suit.
Furthermore, Nadir adds, if a lawyer can prove that a single e-mail has been retained beyond the company's stated retention period, any claims that the e-mail can't be produced because of the company's retention policy are effectively nullified.
Legally hiding behind a retention period may no longer be an option--quite a change from just a few years ago when IT managers were getting very mixed messages from the legal and compliance sides of the house.
"The chief legal council would say 'Delete, delete, delete,'" Nadir says, "but the chief compliance officer was saying 'Keep, keep, keep.'" Since then, "what we've learned is that [the concept of] delete doesn't really exist," says Nadir, because users subvert corporate retention policies by saving e-mail locally. But don't blame them, he adds. "Their information is in e-mails; they don't want to delete it."