Email Archiving Models (Part I) - Needs & Regulations
(This is the part I of our 3 articles serie on Email Archiving Models - Click here for Part II and here for Part III)
The need for Email Archiving...
At the 2010 “Techonomy” conference, Google CEO Eric Schmidt asserted that we are now generating more data every two days than we generated between the dawn of civilization and 2003. While this particular assertion received a great deal of (well-deserved) attention, his next point was no less significant: users such as you and I are the primary contributors to this explosion in data. That’s right—our email, Facebook, Twitter, LinkedIn, instant messaging, files, SMS messages, videos, and pictures are the culprits, and nowhere are the implications felt more keenly than in IT.
We in IT have struggled for years to address the ever-growing impact of user-generated data. Email is a great example; over the past ten years, mailboxes have grown from several MB to hundreds of MB and now the average corporate mailbox is allocated over 10 GB of storage—and the trend shows no sign of relenting. Organizations now want to provide users with “unlimited” mailboxes that could contain hundreds of GB of data.
We are also tasked with managing new data types. Priorities related to improved collaboration, data loss prevention, and intellectual property protection are driving us to move files from client storage (laptop and desktop hard drives) to IT-managed storage and from simple network folders to complex systems such as Microsoft SharePoint and EMC Documentum. The same issues are driving standardization around IT-managed instant messaging systems (like IBM Sametime and Microsoft OCS) rather than public IM (like MSN or Yahoo Messenger). And IT is now being called upon to address the unmitigated rise of social media, blogging, and mobile communications as business tools.
Regulations and Their Consequences...
The explosion in IT-managed data has occurred during a period when regulators are placing new requirements on the handling, retention, and disposition of content. For example:
- The United States Federal Rules of Civil Procedure (FRCP) require that organizations of all sizes maintain data archives that are readily accessible in the event of litigation.
- The Sarbanes-Oxley Act (SOX) requires that companies preserve a variety of correspondences (including email messages) for a period of seven years.
- The Financial Regulatory Authority (FINRA) and Securities and Exchange Commission (SEC) place numerous restrictions on financial services firms related to the management and preservation of email, instant messaging, and social media data.
- The Health Insurance Portability and Accountability Act (HIPAA) requires that companies operating in the healthcare industry retain certain communications and documentation (which can include email messages and attachments) for a minimum of six years.
The list goes on and on. In addition to the examples cited above, industries ranging from energy to state and federal government to education and the non-profit sector all fall under specific regulations that govern how user-generated content should be managed, and the penalties for non-compliance have never been higher:
- In 2004, the SEC fined Bank of America $10 million for failing to retain and produce emails in accordance for SEC regulations.
- In 2008, non-compliance with FRCP mandates compelled a judge in the United States to award $29 million to a plaintiff in a suit against UBS Warburg.
- In 2010, FINRA fined Piper Jaffray and MetLife Securities a combined $2M+ for email-related failures.
While the amounts may be modest in the scheme of the financial services industry, we should consider the reputational impact to the companies; particularly after FINRA published press releases referring to “supervisory and reporting violations” as well as “investigations of broker misconduct.”
(This is the part I of our 3 articles serie on Email Archiving Models - Click here for Part II and here for Part III)
blog comments powered by