See also Email Management Lags slideshow.
Enterprises are unable to deal with the torrent of e-mail records bombarding their users because so many of them fail to set policies regarding retention, deletion and classification of e-mails, according to a report released by the Association for Information and Image Management (AIIM).
The report detailed the findings of a recent survey conducted among 1,109 members of AIIM, which showed most organizations fail to consistently handle e-mail management for legal discovery or efficiency purposes.
In spite of the prevailing use of e-mail as a common means of communicating business obligations and relationships, the survey found that over 50 percent of organizations don't have policies to deal with important e-mails as shareable and retrievable records. And more than 84 percent have no way to justify e-mails of a certain age or type have been deleted.
"In a large organization, several millions of emails are handled each day. Most are of no lasting consequence, but each day there will be a significant number of important emails involving the organization in obligations, agreements, contracts, regulations and discussions, all of which might be of legal significance."
Approximately a third of respondents said that their organizations have no policy to deal with legal discovery of e-mail records and about 40 percent of respondents believe that their organizations would need to laboriously search through back-up tapes to find e-mails that could be relevant to litigation.
Electronic discovery, also known as e-discovery, has been a growing concern for legal departments and risk management professionals ever since the new U.S. Rules of Civil Procedure were released in December 2006, requiring disclosure of all types of electronic documents during the discovery phase of trials. With e-mail included in that long list of unstructured electronic data, enterprises have been scrambling to reliably and cost-effectively track and find data when necessary.
"Companies aren't as consistent about it as they need to be," says Chuck Burke, president of The Normandy Group, a Cincinnati-based consultancy. "I think that companies don't realize how much information is contained within their e-mail stores."
As a consultant, Burke helps clients get a handle on e-mail management as a part of their overall risk management strategy. Out in the field he has seen plenty of anecdotal evidence to back up AIIM's findings. Not only are there many enterprises that still lack policies regarding e-mail management, but he also says that the majority that do have policies fail to properly enforce them.
He believes that many companies do not take the matter seriously because they have not yet experienced the pain associated with non-compliance of discovery mandates. Unfortunately, enterprises are not learning from each others' mistakes in regard to e-discovery because failures are not always publicized the way that, say, major security breaches are brought to light. Many of these incidents unfold under sealed court proceedings, so the fiscal consequences aren't always plastered all over the media.
"I don't think they understand how bad they're at risk based on other companies' experiences," Burke says. "They're not hearing those things, so therefore they're not understanding the risks that they themselves are facing."
News is slowly trickling out about the risks, however. Most recently, reports emerged from a case between Qualcomm and Broadcom in which where Qualcomm and its counsel failed to turn over e-mail evidence in a timely fashion. The judge admonished the telecommunications giant, threatening state bar sanctions and requiring it to pay $8.5 million for Broadcom's litigation costs as a result of the failure.
Many times the issue enterprises face is the fact that they may still have e-mail documents in storage, but it takes too long to find it to satisfy court needs. Over a quarter of survey respondents said it would take over a month to produce e-mail evidence for court proceedings. And over half of respondents said they lack confidence that e-mails related to documenting commitments and obligations made by staff are recorded, complete and recoverable.
Failing to properly manage e-mail is not only adding unnecessary legal risk, either. It is also bogging down users, says Doug Miles, director of market intelligence at AIIM and the author of the report.
"This is not just a legal discovery issue. Finding and
recovering past emails is cited as the number two problem with email as a
business tool - after 'sheer overload' at number one," Miles said in a statement,
emphasizing that the survey found that on average users spend more than an hour
and a half per day processing e-mail.
The Role of Standards in Cloud Security
Security is often cited as a primary cause for concern...Watch Now
Ensuring Resources for Mission Critical Workloads
Application workloads can thrive in cloud environments,...Watch Now
Improving Security in the Public Cloud
One of the main concerns about moving data to a public...Watch Now