The growth of email use in business has ballooned over the past decade, and knowledge workers today send and receive more than 25,000 email messages per year, a burdensome volume in many ways. Studies show that workers spend one to two hours per day - as much as 25% of the workday - reading and responding to email messages, many of which must be retained as business records for compliance and legality.
According to some estimates, 60-70% of business-critical data is, at some point, contained in email, and email is the leading piece of evidence requested at civil trials today. More pointedly, approximately one-fi fth of companies have been ordered by courts to produce employee email.
In the public sector, according to the Minnesota State Archives, "both statute and case law make clear that government agencies have to include email in an overall records management strategy. Currently, few government agencies manage email as records. Managing email is usually left to personal preference or routine systems back-ups and administrative procedures that treat all email alike. These practices can result in serious legal, operational and public relations risks."
Houston, we have a problem. In the work era of our fathers, physical written records existed and were largely difficult to alter, and managing those records were a straightforward process. Today's electronic communication environment is much more complex.
Navigating through this new landscape begins with an email policy, but the majority of organizations do not have clear rules governing the archival of email messages as business records. Many companies struggle with defining what should be kept, and so as a catch-all, they archive all email messages with the reasoning that sometime, somewhere in those millions of messages, when they are needed, they will have them. However, archiving email messages, attachments and instant messages simply preserves these e-communications but does not, by itself, aid in the enforcement of corporate governance policies or federal regulations. That is where more sophisticated email archival and management (EAM) software comes in to play. EAM can stop wrongful e-communications from entering, exiting or being circulated through the organization; this has been termed outbound content compliance (OCC).
Due to the volume and ubiquity of email, the technical challenges are significant, especially for larger organizations. Consider the fact that most email archiving systems do not have built-in electronic records management (ERM) capabilities, and if they do, the capabilities are so rudimentary that the ERM system is separate from the enterprise-wide ERM system. The challenge becomes increasingly complex.
A large number of firms have chosen to outsource email infrastructure to a hosted provider, thus providing a layer of separation legally and leaving the burden to a specialized Software-as-a-Service (SaaS) provider. In a recent study, Osterman Research found that 40% of companies surveyed are outsourcing some part of their email infrastructure. However, these companies still have the problem of categorizing and sorting through email messages according to a specified records retention schedule and producing relevant email messages and attachments for e-discovery requests in litigation while proving that all along that they have maintained the integrity and security of those messages. Therefore, organizations must still have an email policy.
So how do you determine whether certain messages are a business record or not? The general answer is that a record documents a transaction or business-related event that may have legal ramifications or historical value. The most important are those business activities that may relate to compliance requirements or those that could possibly come into dispute in litigation.
Certainly, email use will continue to grow, and email messages that become business records will grow, too. To avoid the heavy costs of failing to adequately preserve and find these key business records, organizations must do their governance and policy-making homework and actively ensure that email messages that have been classified as business records are archived and maintained properly.
ROBERT F. SMALLWOOD [firstname.lastname@example.org] is a partner with IMERGE Consulting and the author of the book, Taming the Email Tiger.