Make sure you’re not archiving rubbish!

SIR – E-MAIL COMPLIANCE ISSUES MAY well be receiving a great deal of attention from UK plc of late, as Alex Shipp’s recent article shows (‘It’s money for old rope!’, Secure IT, SMT, December 2004, p45).

However, events of late such as the suspension of officers from Merseyside Constabulary and the conviction of Frank Quattrone – the former Wall Street high-flyer who was last year found guilty of obstructing the course of justice based on e-mail evidence alone – only serve to highlight that the majority of organisations still do not fully understand what e-mail compliance entails, or how to approach it.

This lack of understanding is further compounded by many of the technology vendors, who are happy to sell e-mail compliance ‘solutions’ which do little more than archive data. Fundamentally, e-mail compliance is not just about retention, but also usage. Organisations need to know how their employees are using e-mail, rather than simply finding a large enough ‘bucket’ for storing it all.

A true e-mail management system will enable client organisations to attain a fine-grained level of detail concerning both internal and external e-mail traffic, allowing them to properly develop, monitor and then report on effective e-mail usage policies.

With e-mail compliance – and the security implications of that – now such a high priority for ensuring ongoing business trading, companies can no longer afford to archive rubbish.