Current trends in the email archiving marketplace [part 1]
March 5, 2008 at 4:53 pm (archive email, business, domino, e-discovery, eDiscovery, electronic discovery, Email Archiving, email compliance, email retention, email security, exchange, exchange 2007, GroupWise, Malaysia, message archiving, news, score card, thoughts)
In this entry I am going to take a look at a handful of email archiving press releases from over the past month and see if I can ascertain a general market direction. Without naming any companies directly, I am going to provide a summary of the press release and a link if you wish to take a further look.
-Company A presents an email archiving score card for businesses to make it easier to help clients identify the right email archiving product for their specific environment.
-Company B offers a low cost email archiving solution to help meet eDiscovery requirements.
-Company C provides a free email retention policy starter kit.
-Company D releases an enhanced product with better email security.
-Company E publicly announces the acquisition of a major player in the email archiving community.
-Company F drafts a press release citing market analysts that they provide the best eDiscovery capabilities for an email archiving solution.
-Company G introduces its email archiving solution to the European market.
-Company H releases a new version of its email archiving solution that supports all the major servers on the market (exchange, GroupWise, domino).
-Company I distributes its email archiving solution in Malaysia.
Let’s break this down.
Company A releases a free email archiving score card to help other businesses choose an email compliance solution. What is company A trying to accomplish? They are trying to simplify the process of email compliance through education. Some of this ties into the concept of “professional respect,” which I will discuss in more detail later on in this entry.
Company B offers a low cost email archiving solution to help meet eDiscovery requirements. What is company B trying to accomplish? They are using cost as a measure to gain market share.
Company C provides a free email retention policy starter kit. What is company C trying to accomplish? They are reaching out to businesses that are undecided on integrating an email archiving solution. Company C (much like company A) is trying to simplify the process of email compliance through education.
Company D releases an enhanced version of their product which strengthens email security and enhances policy management capabilities. What is company D trying to accomplish? They are using upgrades in technology as a measure to gain market share.
Company E publicly announces the acquisition of a major player in the email archiving community. What is company E trying to accomplish? They will likely enhance the operational capabilities of their acquisition.
Company F drafts a press release citing market analysts that they provide the best eDiscovery capabilities for an email archiving solution. What is company F trying to accomplish? They are trying to use market research as a PR tool.
Company G introduces its email archiving solution to the European market. What is company G trying to accomplish? They are using geographic location as a measure to gain market share.
Company H releases a new version of its email archiving solution that supports all the major servers on the market (exchange, GroupWise, domino). What is company H trying to accomplish? Much like company D, they are using technological advances as a measure to gain market share.
Company I distributes its email archiving solution in Malaysia. What is company I trying to accomplish? Much like company G, they are also using geographic location as a measure to gain market share.
Now, what is the big picture here? Education. Cost. Simplicity. Technology. Expansion. Market research. Geography. These 7 factors are what email archiving providers have been pushing in the last month.Some of these press releases focus on similar things, but you will have to stay tuned for part II to see how it all fits together in an analysis of current market trends. Stay tuned.
Hospitals get ready for HIPAA security compliance [part 3]
February 29, 2008 at 6:29 pm (archive email, business, cms, corporate, data retention, electronic communication, electronic document retention, electronic privacy, Email Archiving, email backup, email compliance, email management, email retention, email security, email storage, health care, health information, health records, healthcare, HIPAA, hipaa compliance, hipaa privacy, hipaa security, medical records, message archiving, news, privacy, thoughts, tony trenkle)
Ellen Messmer of Network World reports that lately hospitals have had more to worry about than just preparing for upcoming HIPAA security audits. “Health care organizations feel under increasing attack from the Internet,” Messmer writes, “while security incidents involving insiders and disappearing laptops with sensitive data are piling up.” Dr. John Halamka, CIO at both Beth Israel Deaconess Medical Center and Harvard Medical School in the Boston area, was quote as saying: “there is definitely an uptick in attacks. Privacy is the foundation of everything we do. We don’t want to be the TJX of health care.” She then turns to Don Jackson, researcher at Atlanta-based security services firm SecureWorks, who says: “health care organizations store a lot of valuable personal, identifiable information such as Social Security numbers, names, addresses, age, in addition to banking and credit-card information.” Jackson explains how cyber attacks are potentially beneficial to the pockets of criminals who obtain health insurance credentials to use in the “counterfeit document racket, especially in Central and South America.”
At least in terms of electronic communication, it might be time for some hospitals to turn to outsourced email archiving. Encryption, security, and access are all issues for health care providers right now, and these are three issues that email archiving services are well equipped to handle. It is time for hospitals to address the quality and success of their electronic patient data backup and protection. With HIPAA security audits right around the corner, the time to wait before integrating an email compliance solution is really over.
Google to store electronic patient medical records?
February 25, 2008 at 8:28 pm (advertising, archive email, business, cms, corporate, data retention, electronic communication, electronic document retention, Email Archiving, email audit, email security, google, governance, health care, health information, health records, healthcare, HIPAA, hipaa compliance, hipaa privacy, hipaa security, legal, medical records, message archiving, news, politics, thoughts)
I noticed today on Med Tech Sentinel that Google is about to begin experimentation with electronic patient medical records. Douglas Cress writes: “the Cleveland Clinic will facilitate Google’s potential domination of the electronic personal health record (PHR) space. Google chose the Clinic because they offer 100,000 patients the tools to manage their medical records online and coordinate with doctors using a PHR suite called eCleveland Clinic MyChart. An invitation will be extended to 1,500 – 10,000 of these users.” Google will use this trial to determine the level of its security in exchanging “patient medical record data including prescriptions, conditions, and allergies.” C. Martin Harris, Chief Information Officer of the Cleveland Clinic, said: “this collaboration is intended to help Google test features and services that will ultimately allow all Americans (as patients) to direct the exchange of their medical information between their various providers without compromising their privacy.
I believe the term of the day is: “HIPAA compliance.” This two word phrase is beginning to make the news in a big way. On one hand you have the CMS (Centers for Medicare and Medicaid Services) ready to conduct stringent HIPAA security audits of hospitals, and now on the other hand you have Google looking to become the top player in the electronic medical records arena. At the root of Google’s potential conquest is the technology and desire for patients to manage their personal health care records. This need is owed in large part to HIPAA, which ensures that the privileged relationship between doctor and patient is upheld. According to HIPAA, electronic patient health care data must be retained and kept secure in order for a health care provider to be deemed HIPAA compliant. However, providers such as the Cleveland Clinic have begun offering personalized tools for patients to manage their health records online. This new trend is certainly a fine idea and on part with a continuously evolving society, but are there some risks to be noted here? Are there reasons to be cautious of what Google is doing?
Firstly, what is in this for Google? I mean, nothing this noble could come for free, right? Of course not, and the concept to be aware of here is called “targeted marketing.” I am posting an additional excerpt from Douglas Cress below because I think it is important to read:
“Anyone who has spent any time on the Internet (or sorting through spam in their email in-box) should have a sense of how profitable medicine is on the Internet. Based on some cursory keyword research, and my rough calculations, Google is earning $20 million in annual revenues from the keyword ‘Viagra’ alone. ‘Ambien’ costs $2.43 -$3.65 per click; local queries like ‘Brooklyn dentist’ cost $3.71 – $4.98 per click. If Google delivers on their promise of a web portal with 24/7 access to health care information – and they’re certainly well positioned to, with their global web-based architecture and a focus on security – the upside could be tremendous. Google will have the ability to offer a free service supported by advertisers. Think GMAIL for medicine – with ads for doctors, pharmacies, drugs, and devices peppered beside your personal health records and delivered using the same contextual advertising Google is known for.”
This means that much to the delight of health care advertisers your medical records information will be used to assist in the campaign of targeted ads. There is also the issue of Google security here, is a simple password alone really enough to make you feel confident that your electronic health care data cannot be breached? What if your information is hacked? It’s true that it is possible for any system to be tampered with but would you feel more confident in a security provider that specializes solely in that field, or a gigantic corporation that merely uses it as an additional service? Will Google work on encryption? Will Google’s program only be compatible with health care providers that currently offer patients with the tools to manage medical records? If not, how would it work? If Google succeeds and takes this mainstream, how will this affect the email archiving industry? Will health care professionals flock to Google for their HIPAA email compliance needs? Stay tuned.
White House still under scrutiny for email retention policy
February 22, 2008 at 5:25 pm (archive email, business, citizens for responsibility and ethics, Colleen Kollar-Kotelly, company email policy, corporate, data retention, electronic communication, electronic document retention, Email Archiving, email backup, email compliance, email management, email retention, email security, freedom of information act, Kollar-Kotelly, legal, message archiving, news, politics, white house)
Brian Fonseca of Computerworld reports that “District Court Judge Colleen Kollar-Kotelly this week issued an order enabling the Washington-based Citizens for Responsibility and Ethics watchdog group to perform limited questioning of White House officials.” The group had filed suit against the White House Office of Administration last May “seeking access to White House e-mail under the federal Freedom of Information Act.” The discovery ordered by Kollar-Kotelly was issued to “determine whether the Office of Administration is subject to the Freedom of Information Act.” This will be a situation to keep an eye on as the office contends “it is not subject to FOI requests.” Additionally, Fonseca provided insight from Mike Osterman, president of Black Diamond, Wash.-based Osterman Research Inc., who said: “many businesses operate under the false assumption that e-mail is not a business record. A lot of people are not implementing e-mail archiving [processes]; they’re saving e-mail, but not in a cohesive or consistent way. Companies can say ‘Yes, we need to archive,’ but [the process] must be policy driven and taken out of users’ hands.”
Even though I probably shouldn’t, I still find it fairly remarkable that the White House simply cannot respond about the whereabouts of many missing emails. With the advent of internet technology there seems to be this general attitude that electronic communication does not have to be held up to the same standard as traditional paper documents. Many corporate executives and government officials seem to think they can pretend conversations never happened by simply deleting email backup tapes. In theory paper copies could just be burned up, but it seems that the ease of conveniently “losing” emails is what makes it so much more noticeable. It does not require a lot to act as if nothing ever happened. However, with industry regulations and legal expectations tightening the grip on corporate behavior, abusing the age of email messaging is only going to get harder to do. It is high time for all organizations to integrate an email archiving solution, especially when the center of the American universe is being thrown into the grand spotlight for this exact reason.
Does an employees use of email affect compliance with Sarbanes-Oxley?
February 21, 2008 at 9:09 pm (archive email, business, company email policy, corporate, data retention, Email Archiving, email compliance, email retention, email security, email surveillance, legal, message archiving, news, politics, sarbanes-oxley, sox, thoughts)
According to an article written by Paul Chen for the Sarbanes-Oxley Compliance Journal, the answer is absolutely. Chen discusses how “with regulations like SOX in place, organizations must take special precautions to ensure their employees do not send and receive damaging emails via their workplace account.” However, citing a recent survey on corporate email usage conducted by Harris Interactive, Chen says that “nearly half the people polled say they have sent or received jokes, comical pictures/videos, and stories of a questionable tone, while one in five say they have sent or received a password or log-in information via email.” Amazingly, Chen says that the survey also found that “92% of these employees do not have believe that they have ever sent a risky email, which demonstrates that there is a substantial discrepancy between perceived and actual risks posed by email exchange.”
The Sarbanes-Oxley (SOX) act, as described by Chen, requires all public companies to retain their business records, including email, for at least five years. Since Sarbanes-Oxley does NOT specify which documents are relevant and which are not, it makes the practice of email retention significant for all public companies. Businesses cannot afford to preserve only select electronic communications. But with that being said, I have several questions in regards to the survey conducted by Harris Interactive. If the survey results are truly accurate, what does this say about company email policies? Are organizations effectively communicating the use of business email for personal reasons? How about what language is considered proper? Or how about the tolerance of humor? And if a company DOES have this policy circulating around, then why are so many employees ignoring it? Apathy? No fear of consequences? The survey results say that nearly all the employees polled do not believe that they have ever sent a risky email. Therefore it seems that most employees are not even aware that they are doing anything wrong. I believe that companies need to lay out specific rules within the employee email policy and hold review sessions to make sure that the rules are being followed. Additionally, I think that consequences are necessary and should be mandatory to enforce the rules. With SOX email compliance such a crucial item on the business agenda, more companies should be taking the time to make sure that their employee email policy is stringently regulated.
Hospitals get ready for HIPAA security compliance [part 2]
February 18, 2008 at 6:11 pm (archive email, business, cms, data retention, electronic communication, electronic document retention, Email Archiving, email audit, email compliance, email management, email retention, email security, health care, healthcare, HIPAA, hipaa compliance, hipaa privacy, hipaa security, legal, message archiving, news, oig, politics, thoughts, tony trenkle)
According to report on patient privacy (RPP), the industry’s most practical source of news on HIPAA patient privacy provisions, the compliance reviews which began last month “are separate and unrelated to audits being conducted by the HSS Office of Inspector General (OIG).” Tony Trenkle, director of the CMS Office of E-Health Standards and Services, told RPP that “the focus is broader than just hospitals, although they are included. In the future we may work with OIG, but these are two separate proceses.” Trenkle’s senior policy advisor, Lorraine Tunis Doo, added: “we will interview the people who are appropriate to the documentation and policy and procedures that we need to evaluate. Whoever is relevant will need to be there. It could be different at every review.” In regards to the 283 security complaints logged by the CMS as of December 2007, Trenkle said: “the majority of allegations are of inappropriate access and risk of inappropriate disclosure.”
Well, as the Centers for Medicare and Medicaid Services (CMS) start to integrate the compliance review process there are a bunch of pertinent questions that come to my mind. Firstly, how will the CMS reviews impact the current state of electronic patient health care data and email management? Would a serious HIPAA violation change the way that electronic information is managed by health care providers? What is the difference between a HIPAA security compliance review and an OIG audit? Would the agency doing the testing (OIG or Office of E-Health Standards and Services) impact the stringency required for the security and privacy of an email archiving system? Will the OIG and CMS Office for E-Health Standards and Services be working together in the future? If the answer is yes, would this create a uniform policy and method for testing electronic patient health care data? Would the OIG merely be setting the stage for Tony Trenkle by doing preliminary investigation work? How many entities will be reviewed? What other health care providers and facilities will be subject to HIPAA email compliance regulations besides hospitals? Stay tuned for updates.
Email Archiving: in-house solution or outsourced service? [part 1]
February 15, 2008 at 10:10 pm (archive email, business, data retention, electronic communication, electronic data discovery, electronic document retention, Email Archiving, email audit, email backup, email compliance, email management, email retention, email security, message archiving, news, politics, thoughts)
In this entry I would like to focus on the cost of an in-house email archiving solution versus that of an outsourced service. Firstly, which one is more cost efficient? This question is an important one for most small to mid-sized businesses as they need to keep email archiving within a tight IT budget. Organizations will be pleased to know that the answer is an outsourced service, and it is usually by a significant amount. But why? Why are in-house solutions so much more expensive? It all comes down to the sheer amount of work that is required to keep the in-house solution up and running. The IT team is responsible for monitoring all incoming and outgoing electronic communications, maintaining email archiving appliances, and ensuring proper systems integration. There is also the issue of storage space, which could add up in a hurry if your business has thousands of emails entering and leaving the archive daily. Outsourced services retain all of your email messages for you and present you with advanced search options to quickly retrieve specific emails that have been captured in the archive. However, the big question that I am posing here is: are there any distinct advantages to an in-house email archiving solution that would justify the high cost to maintain and integrate? Why do some organizations PREFER the higher cost?
In one word, the answer is trust. Companies simply do not feel comfortable trusting an outsourced email archiving service to sift through their email and have access to private information. But is that really what happens? Do email archiving services take such advantage of their clients? No, they don’t. Why not, you might ask? Roles based permission access, industry regulation authorities, and business reputation are three critical factors that ensure outsourced email archiving safety. Are there any distinct advantages to an in-house email archiving solution that would justify the high cost to maintain and integrate? There are some loose arguments to be made in favor of an in-house solution, but stay tuned for part II for more information.
NY LegalTech panel takes a look at in-house and outsourced electronic data discovery
February 11, 2008 at 9:46 pm (archive email, business, data retention, e-discovery, edd, eDiscovery, electronic communication, electronic data discovery, electronic discovery, electronic document retention, Email Archiving, email backup, email compliance, email management, email retention, email security, frcp, legal, message archiving, news, politics, thoughts)
Legal Blog Watch reports that on February 5th Claire Duffet of Law Technology News attended a morning session of the NY LegalTech panel entitled: “Actionable E-discovery: Finding the Right Balance of In-house and Outsourced Resources.” According to Duffet there were 300 attendees in the room who had to answer the poll question: which step in the eDiscovery process is most concerning? 43% said that this step is in the processing review and analysis, 33% said that its in preservation and collection, and 13% said information management with identification, production, and presentation rounding out the rest of the responses.
Duffet mentioned the presence of several significant eDiscovery figures including: attorney Marie Lona, partner and chair of the e-discovery and electronic information practice group at Winston and Strawn, Tom Hall, managing attorney for discovery and litigation technology at Cleary Gottlieb Steen & Hamilton, Mikki Tomlinson, litigation support manager for Chesapeake Energy Corp, and moderator Kelli Brooks, principal of forensic technology services at KPMG. Tom Hall discussed the serious sanction handed down in the Qualcomm Inc v. Broadcom Corp by saying “My risk aversion advice: Don’t do that.”
EDD (electronic data discovery), as evident by the 46,000 missing electronic documents in Qualcomm, is an extremely important business continuity measure in the year 2008. Panel discussions such as the one above are instrumental in the education process for U.S. Businesses to learn about the dangers of avoiding email compliance and email archiving solutions. Perhaps the question is: is it better to retain electronic correspondences using in-house or outsourced solutions? This depends largely on the finances of a company, but there is a strong argument to be made for an outsourced service. They are generally more cost efficient, provide IT relief, and automatically provide you with regulatory and legal compliance.
New white paper by Osterman Research sheds light on email archiving
February 11, 2008 at 6:30 pm (archive email, business, data retention, e-discovery, eDiscovery, electronic communication, electronic discovery, electronic document retention, Email Archiving, email backup, email compliance, email management, email retention, email security, Financial institution, FINRA, frcp, gramm-leach-bliley, health care, healthcare, HIPAA, hipaa compliance, message archiving, news, Osterman Research, politics, sarbanes-oxley, thoughts, white paper)
The Portland Daily Business News reports that Osterman Research has published a new white paper entitled: “A Guide to Messaging Archiving.” According to the press release, Osterman Research “indicates that support for regulatory and legal compliance obligations and growing storage requirements are among the reasons for companies to deploy a messaging-archiving solution, and that any one of those rationale can often justify the entire cost of the archiving capability.” Michael Osterman, president of Osterman Research, said that “having a messaging-archiving system in place is becoming increasingly critical in today’s business environment. We’re seeing an increasing number of examples of companies paying a massive price for a failure to produce electronic documents and e-mails.
The study includes the following factors as significant reasons to implement an email archiving solution:
Regulatory compliance. Industries that are heavily regulated, such as financial services or health care companies, must meet a variety of statutory requirements with regard to records retention.
Legal compliance. Dec 2006 revisions to the Federal Rules of Civil Procedure (FRCP) require organizations to manage their data in such away that it can be produced in a timely and complete manner when necessary, such as during legal discovery proceedings.
Reducing the impact of storage. Roughly 60% of decision-makers cite growth in messaging storage as a serious or very serious problem. Messaging storage, driven by increasing use of e-mail, larger attachments and the like, is growing at an average of 35% annually. By migrating data from storage on messaging servers to archival storage, companies overall storage costs can be reduced, while improving their messaging server performance and expediting recovery from downtime incidents.
My thoughts: at this point there is certainly no shortage of reasons to archive email. This white paper only highlights the list of issues facing both enterprises and businesses in relation to integrating an email compliance solution. With HIPAA, SOX, GLB, NYSE, NASD, AND SEC laws firmly in place, the monitoring and enforcement of corporate email retention is a top priority for U.S. industry regulators. FRCP eDiscovery proceedings have only placed the necessity to archive email on a grander scale, as harsh sanctions and criminal prosecution are legitimate possibilities facing those companies who cannot produce email evidence in a timely fashion. Additionally, the strain placed on an in-house server to retain the thousands upon thousands of in-coming and out-going emails that are accumulated daily has also enhanced the attraction of outsourcing an email archiving service.
HOWEVER, is this really what will get the corporate world to archive their email? I think that Osterman Research has done a great job, but I think that the benefits to email archiving are out there and have been out there. With so many laws, requirements, and IT concerns already established will a new white paper citing what is already known really make a difference? For some it might, but for many it wont. In a recent series of posts about Email Insurance I said that cost, complexity, satisfaction with email backups, apprehension about an unfamiliar corporate practice, and professional disinterest were big reasons why email archiving has not risen to the top of the business agenda. What the U.S. business world needs is the following three factors to help push email archiving into the corporate spotlight: Education. Momentum. Trust. I want to elaborate much more on these three factors in subsequent blog entries but for now I am going to focus on education.
“A Guide to Messaging Archiving” sounds like a nice tool for a CEO or CIO willing to invest the time to learn about email archiving, but will they? Who reads white papers? White papers are academic endeavors designed to provide a degree of expertise in a given topic. Most business professionals are simply too busy to be bothered with reading a white paper no matter how beneficial it might be for their business operation. This seems a strange scenario. People are taking the time to draft comprehensive analyses of important topics and nobody is reading them? I wouldn’t say nobody here, but unless someone is seriously considering a purchase it is not a common phenomenon. How can education about corporate email archiving become more appealing? How do you make people WANT to get what they SHOULD get in the first place? I believe this is where attorneys come in. I believe this is where the news comes in. I believe this is where word of mouth comes in. Sometimes it depends on WHO is doing the educating. Might a white paper be more informative then listening to an attorney speak? Sure. Might it not? Sure. That is up to the individual person doing the listening. But what I do know is that hearing what you need to do from someone that you perceive to be in the right position to make a judgment call will win over reading a white paper almost every time. Our society is governed by law. People trust the law. U.S. Businesses trust the legal practitioners that represent the law. If email archiving is to be taken seriously it must come at least partially come from attorneys.
Is there something wrong with a new white paper on email archiving by Osterman Research? There is nothing WRONG in the traditional sense, but I feel that corporate America is just waiting a different form of education, one that they feel more comfortable with. When is this change coming? Is this change coming? I would like to do some more writing on these issues soon. Stay tuned.
Ohio law firm offers guidelines to deal with email compliance and electronic document retention
February 5, 2008 at 6:04 pm (archive email, business, data retention, e-discovery, eDiscovery, electronic communication, electronic discovery, electronic document retention, Email Archiving, email compliance, email management, email retention, email security, frcp, legal, message archiving, news, ohio, politics, thoughts)
According to PRNewswire an Ohio law firm, Harrington, Hoppe & Mitchell (HHM), has released a set of general guidelines designed to help companies address the “growing concern over legal challenges related to electronic document retention.” HHM has posted excerpts of the guidelines on its website, with the complete and unabridged information provided to the law firm’s clients in a “comprehensive and proprietary document” just recently.
John L. Pogue, chairman of HHM’s business services practices group, issued the following statement for the press release: “Improper management of electronically stored information creates a huge risk. Some companies that have found themselves uninformed or unprepared in this area have sustained themselves massive judgments. In today’s business climate it is important for companies to build well- defined policies that address how email and electronic documents are used and managed, and to communicate and enforce those policies.”
I wholeheartedly agree. There is no question about the importance of integrating an email compliance and document retention solution. However, what I find truly significant here is that the warning to properly manage electronic information has come from a legal entity and NOT from an industry analyst. In a recent post entitled: “New eDiscovery reference promotes necessity of email archiving,” I said that “while it is unlikely for business executives to run to the ABA and order a copy of their own, there is a great chance that corporate lawyers will purchase the book and relay the information back to their clients.” The bottom line is that attorneys NEED to assist in the corporate education process with regards to email compliance and electronic data retention. Learning about the dangers of email retention from anonymous editors and obscure marketing professionals just doesn’t appear to have the same effect as hearing it from a respected legal practitioner.
I am posting the excerpted guidelines from the HHM website just below because I think it is essential for every organization to review:
“Note: This information was excerpted from Drafting and Implementing Document Retention and Litigation Hold Policies, a comprehensive and proprietary document HHM developed for clients in response to growing concerns about the issue.
1. Every company is different. Not all companies rely equally on technology in their communications. Also, some companies allow employees to take digital information home, while in others that is not practical. Because tools and practices vary so widely, there is no one-size-fits all rule.
2. Consider laws already on the books. Certain businesses are subject to federal and state regulation of records retention, so it is important to investigate whether any of these apply. This applies to both electronic and paper records.
3. Consider the breadth of electronic communications your company uses. A sound electronic communications policy establishes permissible and prohibited uses, notifies employees that the company is monitoring electronic communications and sets up security procedures, etiquette, and records retention guidelines. As part of this process, a business needs to consider the types of electronic information that it uses: email, word-processing documents, spreadsheets, databases, digital images, scanned documents, and digital sound and video recordings. Federal courts refer to this as “electronically stored information” or ESI. Email raises its own technical questions that are important in drafting an effective policy.
4. Determine the possible locations where this information may be located. This may require a thorough inventory, because information could be stored on computers and devices not even owned by the company. For example, a flash drive can hold thousands of files, and an employee may use such a device to take information home to finish a project. If that employee opens a document on his or her home computer, that computer is now a repository of information that may be relevant in future litigation. Policies need top address these situations.
5. Establish a “litigation hold” policy that outlines a response to potential litigation. This policy, which should be created with input from the company’s legal and information technology advisors, suspends the application of the document retention/destruction policies for relevant documents. Then the business needs to implement and enforce this policy. It is at this stage that companies like Morgan Stanley have run afoul of the judicial system and paid the price.”
Rss Feeds
Directory – Rss feeds directory and resources.
Simplicato's Weblog 