So you’re thinking of acquiring a new email archiving tool and need to craft an acquisition and implementation strategy. Here are some things you may want to consider.

Regulations, rules, requirements and product warranties can make buying archiving tools a minefield. By consulting with your corporate legal and compliance people, as well as your company’s business managers, you can get an idea about where those mines are buried. Moreover, you can use your efforts to educate yourself about what requirements must be met by your new tools to build support and acceptance among your legal and compliance people.

When garnering information from legal and business colleagues, it’s important not to lose sight of your role as a technology advocate. While it’s critical to know what your new archiving tools must do to meet compliance and warranty demands, it’s also crucial that those unschooled in the intricacies of storage management understand basic concepts, such as the distinction between backups and archiving and the hard and soft costs attached to storage.

Keep in mind that your new archiving tools need to do more that meet compliance requirements if they’re going to be accepted by your users. After all, you don’t want to trade one headache–jumping through compliance hoops–for another–a disgruntled user base that sees your new technology as an impediment to its doing its job.

Continue reading Tips when making email archiving choices

In my previous post I wrote about Los Angeles’ decision to consider Google Apps for email and other applications. Although it gets attention for cost savings, there are some real concerns with email in the cloud, especially in government organizations that are required to comply with security and privacy policies and regulations.

The World Privacy Forum’s letter to the Mayor of LA went into some detail about why they don’t think it’s a good idea. Let’s take a look at some of the major points in WPF’s letter. The first four points address medical and health-related information, domestic violence and sexual assault information, substance abuse information, and sensitive information in general. The Google/LA deal doesn’t address any of these areas, or any of the regulations such as HIPAA, Violence Against Women Act, or 42 CFR Part 2 (a California law that regulates confidentiality of substance abuse program clients). The legalities related to compliance with these sorts of statutes when using cloud computing for sending and storing data are still fuzzy, and could leave the city government open to liability.

Continue reading Do you really want email in the cloud?

The benefits associated with archiving Microsoft Exchange email and associated data, creates many cost effective solutions. Archiving facilitates government regulatory or civil litigation searches for ediscovery requests. It also allows for more complete archive journaling, and provides storage benefits for both mailbox growth and the various storage devices that can be utilized.

Although lowering storage reduction costs is a common denominator for email archiving, compliance requirements are moving more companies to implementing archiving strategies. Depending on the motivation factors, cost savings on storage are subject to interpretation by different people.  For some people, compressing email could reduce licensing, as well as storage hardware costs.  For others it may mean creating a mailbox for end users, which has virtually unlimited space.

Continue reading Archive Stubbing Techniques Not Recommended

By the end of 2008, Canadian financial services firms were expected to become subject to tough, new email storage, retrieval and archiving laws. Those companies who were in non-compliance could face fines into the millions of dollars and face penalties that could land them into prison.

The Canadian Securities Administrators (CSA) organization had proposed legislation that would force securities dealers and portfolio managers to abide by stricter rules designed to force more secure archiving of emails. The costs of non-compliance included multi-million dollar fines, criminal indictments, and exorbitant e-discovery costs.

Canadian financial services firms – including securities dealers and portfolio managers – could incur these in the not to distant future if they violated the pending legislation proposed by the Canadian Securities Administrators (CSA).

Thirteen securities regulators of Canada’s provinces and territories make up the CSA forum that coordinates and regulates the Canadian capital markets.

The new, stricter proposal for e-mail storage and retrieval rules is known as National Instrument 31-103 (NI 31-103). Continue reading Canadian Securities Administrators

Something smells fishy in New Orleans, and it’s not the etouffee.

Political email scandals seem to be more plentiful than ever, and the latest focus is on New Orleans mayor Ray Nagin. It seems there are actually two controversies. The first revolves around the city sanitation director, who gave an attorney emails of council members who had been critical of her job performance. Nagin only said that the director’s actions were “unusual.” However, city policy appropriately states that electronic records, including emails, should be reviewed by and provided by the city attorney’s office.

Nagin also took the opportunity to try to explain away why two years of council email was even available to the sanitation department. On to the second controversy: Curiously, the controversy over the release of emails came not too long after the mayor had stated that all of his communications for 2008 had been deleted to save space. To save space! Ray, you’ve got to be kidding. Are you really that computer illiterate? Do you think we’re actually going to buy that the city of New Orleans couldn’t afford to buy an extra backup drive, or even a handful of writable disks for archiving your emails? After all the controversy about politicians deleting emails, you still did it? Surely, the good mayor knew that the emails could have been easily archived, and surely, he knew that good governance demands that records be kept. I want to know what you have to hide. Continue reading City emails treated casually in the Big Easy

Today, most enterprises turn to Email Archiving and Management (EAM) to reduce costs and control information overload. With digital information, specifically email and messaging mushrooming faster than most enterprises can manage it, EAM projects have become a cost of doing business. EAM is fast becoming a business necessity.

The “Email Archiving and Management Report“,  published by CMS Watch, provides a clear strategy for your implementation team.

The domain of EAM is broad enough to touch multiple areas within your enterprise, including both technical and business departments. Managers have several common reasons to justify applying EAM technologies:

• To be proactive with legal requests and ediscovery requests
• To be in compliance with local governing requirements regarding information management
• To improve the performance of their e-mail environment (Exchange, Notes, or Groupwise)
• To reduce email volume on servers to reduce the need to buy more licenses
• To provide back up and disaster recovery for their e-mail system
• To improve storage management costs and needs

The marketplace keeps finding new reasons for applying EAM technologies. Compliance, for example, is a relatively new rationale. Traditionally, the sales and buying processes focused on systems management and storage requirements.

Continue reading Applying Email Archiving and Management Technologies

FederalComputerWeek is reporting that a federal judge has ordered the White House to search the computers of people who worked there from 2003-2005 for millions of missing emails from that period. Here’s an excerpt:

 

Judge Henry Kennedy of United States District Court for the District of Columbia also ordered officials of that office to collect and preserve any e-mail messages that were sent or received during that period. EOP officials are also to collect from the office’s employees any electronic media that may contain e-mail messages from that time and preserve them.

The order comes just days before the inauguration, when presidential documents are to be handed over to the National Archives for safekeeping to comply with the Presidential Records Act.

Two separate organizations are suing the White House alleging they violated the Federal Records Act (FRA) by not properly archiving emails. The groups allege that many of the missing emails may contain information about the Iraq war, FEMA’s response to Hurricane Katrina, and the Valerie Plame leak investigation. A White House spokeswoman says they will comply with the order.

The folks over at the LiveOffice blog are reporting that the SEC has sent a letter out to the CEOs of firms registered with them warning them to take email compliance and archiving seriously and not to try and cut corners due to the economy. Here’s an excerpt from the letter:

While many firms are considering reductions and cost-cutting measures, we remind you of your firm’s legal obligation to maintain an adequate compliance program reasonably designed to achieve compliance with the law. As SEC Chairman Cox noted recently, “[E]xperience has taught us again and again that giving short shrift to regulatory compliance subjects a company’s investors, employees, management, directors, and every other stakeholder to unacceptable risks….[C]ompliance programs have made huge strides in recent years in becoming more formalized and more robust…. Now more than ever, companies need to take a long-term view on compliance and realize that their fiduciary responsibility requires a constant commitment to investors. That means sustaining their support for compliance during this market turmoil, and beyond it as well.”

We agree. If you’re looking for ways to cut costs, don’t do so at the expense of your compliance program!

Although ISO provides electronic standard document compliance in the healthcare industry, the most widespread and well-known piece of legislation is the United States Department of Health and Human Services’ Health Insurance Portability and Accountability Act (HIPAA).  As Kevin Beaver explains in his white paper ”E-mail Compliance Security Solutions for Regulatory Requirements“  HIPAA originated in 1996 under President Clinton. HIPAA affects the entire healthcare industry. This industry encompasses approximately 15 percent of the U.S. economy. The specific part of HIPAA we are referring to is called Administrative Simplification.  It contains documents in the fields of information technology and data utilization as these relate to the effective and efficient administration of the Medicaid program.

Continue reading 17 Email Compliance Considerations required by HIPAA

Cheryl over at the GTEC blog has an interesting post about the recent controversy surrounding Republican vice presidential candidate Sarah Palin’s hacked Yahoo! email account. She feels it should serve as a wake up call about how important information management and email compliance is:

The Alaskan email controversy serves as a wake up call to information management practitioners regardless of the jurisdiction or department we serve – public business communication must be preserved, protected and disclosed regardless of the individual format, program or communication channel that is used.

Back to basics – manage the content, not the container it came in. Use of unsanctioned email, text, chat or other electronic communication tools does not preclude the record from inclusion in an ATIP/FOI or discovery order in most jurisdictions. Unmanaged, uncontrolled business correspondence is a time bomb in government and commercial enterprise.

Indeed, the mess Palin now finds herself in, including being found guilty of abusing her authority as Governor and her obvious disregard for separating business and personal matters shows that proper email management is crucial for businesses and governments.