Organisations still underestimate need to manage e-mail storage

Tracking original agreements of business transactions signed by both parties has seldom been a major concern for people, from the times of slate through papyrus to paper and ink. But that has changed with the introduction of electronic documents and messaging.

Think of the ability to copy electronic records and the fast and easy communication mediums for transmitting them, and you are facing a different ball game, says Bernard Donnelly, consulting services manager at Unisys Africa.

Corporations around the globe have become keenly aware of legislation surrounding electronic records and document management. Of primary concern is the fact that with the introduction of new regulations, e-mail has become an accepted form of judiciary evidence. The most obvious conclusion to draw then is that lost or corrupted e-mails suggest massive cost and business reputation implications arising from unsuccessful lawsuits. What businesses are also becoming aware of is that the demands of good governance, the need for ensuring compliance with legislation surrounding retention of e-mail records, go beyond minimising the cost impact, to ensuring smoother, more efficient processes that reduce operating costs and improve the bottom line.

For example, e-mail traffic is expected to grow to 35 billion messages a day this year. Average message size increased in 2000 by 192% to 286Kb. Corporate mailbox volume is growing at an average of 40% annually. Effectively dealing with this growing communications load and associated information storage growth has its obvious advantages.

South Africa has its own legislation surrounding good governance, which is in line with international standards, and corporates need to ensure, firstly, that they are not caught unawares, and secondly, that they derive the benefits of good governance practices.

The Electronic Communications and Transaction (ECT) Act, for instance, defines the requirements of electronic record integrity in terms of admissibility of evidence of e-mail.

Financial industry regulation saw the introduction of the Financial Intelligence Centre Act (FICA), which requires banking organisations to demonstrate that they maintain positive client identification information such as their full names and identity numbers to support certain financial transactions. Although this is aimed at preventing fraud in the financial sector, it impacts the technology systems that underpin the business because they need to be able to capture, store and retrieve this information, as well as manage it, in most cases, for the duration of the client`s life or the organisation`s existence.

Further regulation comes in the form of the Financial Advisory and Intermediary Services Act (FAIS), which lays down requirements for qualification and certification of people providing these services and provides redress for clients who have suffered losses arising from poor advice.

Basel II requires organisations to address operational, credit and market risks and retain a specified amount of capital to cover these. Basel II has exposed the enormity of the task banks, in particular, face in trying to gain a single view of the customer.

The ECT Act and FICA have highlighted the need for effective document and records archiving, retention, retrieval and management while FAIS requires organisations, in terms of technology, to be able to track and record conversations and documents exchanged with clients.

In achieving FAIS compliance organisations have started investigating information storage and management solutions to maintain documented advice and mechanisms that allow them to match employee skills and certification to customer requests for advice.

Electronic documents are used extensively in companies today, for such tasks as:

* Negotiating, entering or maintaining business relations with clients,customers, vendors and service providers;
* Buying services or products;
* Receiving or transmitting business-related complaints, recommendations, problems, questions or inquiries; and
* Communicating information about product development, sales, service offerings, customer service, marketing or advertising.

In today`s business world, security and confidentiality involve more than the encryption of e-mail message and attachment content. It also means securing the processes of authentication, integrity and subsequent archiving. New information storage development can now ensure tamper-proof electronic record archiving with record management audit trails.

Some of the benefits of using e-mail records compliance management solutions are:

* E-mail is stored on the appropriate-cost storage;
* Direct user access to archives eliminates IT intervention;
* Stored message sizes are reduced;
* Storage volume is reduced because messages are stored only once;
* Messages and attachments are fully indexed for accurate results in discovery;
* Archived data is protected; and
* Management is centralised for direct user and corporate retrieval.

More than simple IT and cost benefits, there are other advantages to be had from employing a mail records management solution:

Organisations typically retain records and other information in order to address business, operational, legal, regulatory, and/or historical needs. As e-mail use in the public and private sector is replacing many of the more traditional forms of communication, many records are contained in e-mail, ranging from customer correspondence, advertising, and sales literature to customer grievances, requests for service, orders, receipts, confirmations, and various reports.

Key to record keeping practice is the ability to retain access to the record for as long as the business value remains. For any organisation, the compelling need to be compliant with regulations defines the business value and associated retention period. For example, if the firm chooses to manage e-mail as simple correspondence, then there is a regulatory obligation to retain the e-mail for three years. At the end of the three years, the business value of compliance stops.

The resulting action of the firm is to destroy the records. During the retention period, the firm has an obligation to provide reasonably prompt access to the records. Another objective with regard to business value is to provide easy access to the records, such that users are not compelled to create their own personal archives of e-mail or other communication records.

In Microsoft Outlook and Exchange environments, for example, this is done through the use of .PST files.

Most organisations have the view that any residual value that an expired record may give to an end-user is outweighed by the associated costs and legal risks. Consequently, firms have a compelling interest in destroying the original and all convenience copies of the expired records.

Notwithstanding regulatory considerations, decisions for more robust e-mail solutions simply have to be cost-justifiable. The key business drivers for IT in most organisations remain:

* Improving customer service;
* Productivity gains for users; and
* Cost reduction of IT operations.

Deploying comprehensive mail records management solutions ensures that IT executives need not fear fines and threats of imprisonment for non-compliance with regulations to archive e-mail business records. But they need to take heed of the warnings now: the Radicati Group has found that only 37% of US organisations have an e-mail archiving policy.