There may be roughly 13 000 km separating South African organisations from Washington DC’s White House, but many of the e-mail records problems it faces are to be found in the fabric of our local operations.
In almost every organisation today, e-mail messages constitute office correspondence and are generally the most common form of communication within and between entities. Like any other form of corporate or official communication they must be evaluated as potential official records that fall under the legislative compliance umbrella.
Surprisingly then, few US federal agencies would seem to have systems for capturing e-mail messages as federal records, as stipulated by US acts and regulations. Most agencies move messages into storage where they are kept for 120 to 180 days before being deleted. Archiving is left up to individual employees, but since none of them are trained to do it, it is not being done at all, or at best is incorrectly performed.
And yet highly automated e-mail records management is eminently possible, since most correspondence that should be recorded is predictable and standard systems already carry the necessary metadata to conduct the operation.
Companies have no excuse, considering the low cost, for not marginally extending those systems so that records are properly archived according to legislation. But the cost of not managing paper and electronic records could be enormous.
The well publicised Enron accounting scandal divulged in 2002 that Arthur Andersen illegally and prematurely shredded and destroyed hundreds of paper and electronic records relating to its audit. At the time Arthur Andersen had already lost much of its business and two-thirds of its 28 000 employees.
US Investment banking firm, SG Cowen, paid the price financially and with its reputation when it paid a $100 000 settlement for failing to retain e-mail backup tapes.
Wilfully destroyed e-mail
In 2004 a judge found that UBS bank had wilfully destroyed e-mail evidence in a discrimination case and the company was ordered to pay $29 million to the defendant as a result.
In the Perelman versus Morgan Stanley case, a judge ruled that Morgan Stanley's failure to produce e-mail records as evidence was a key factor in issuing a whopping $1,45 billion verdict.
E-mail is the medium of choice in corporate and government correspondence. It is quick, efficient and easy. But therein lies the rub. Since it is quick and easy, few employees are trained to properly use it and considering the risks that it contains that is a major oversight. In addition, few local organisations have taken the time to determine proper retention periods for their corporate records of which e-mail is simply one more type. The result is that they either keep them for too long, at potentially great cost and exposure, or they delete them prematurely, which can also expose them in the event of litigation, an investigation or an audit.
Legislation and the corporate governance principles embodied in the King II report require local organisations to properly manage information assets, which means knowing how and where they put the organisation at risk and taking appropriate steps to reduce the risk.
To achieve that, South African concerns must conduct a thorough analysis of what record types they keep and how long to keep them based on legal, evidential and business requirements. The next step is to establish processes to ensure that this takes place and that records are stored in appropriate locations. Infrequently accessed records that need to be retained should not be housed on prime physical or digital real estate. They should be moved to secondary locations that are lower cost yet properly managed. With e-mails that suggests archive systems with off-site storage and backup.
Paul Mullon, information governance executive at Metrofile