RECURSOS - Artículos - Non-compliance

Federal regulations require an entirely new approach to storing and searching e-mails. Noncompliance is not an option. Eliot Spitzer loves e-mail. The lawsuits filed by New York's crusading attorney general against brokerages, mutual fund companies and most recently the insurance industry have all depended on incriminating evidence in the companies' own electronic communications. But while these and other notable cases in which e-mails played a key role have gotten the headlines, they are just symptoms of something grander.

E-mail's usage and scope is exploding. IDC (a sister company to CIO 's publisher) forecasts that the average number of e-mails sent each day worldwide will hit 36.2 billion in 2006, and Gartner predicts the volume of business e-mail will grow 25 percent to 30 percent a year through 2009. (Gartner's figures exclude spam, which currently accounts for around three-fourths of inbound e-mail.) This growth reflects an important shift in how e-mail is employed. The Enterprise Strategy Group (ESG) reports that as much as 75 percent of most companies' intellectual property is contained in the messages and attachments they send through their e-mail systems.

"E-mail has become the primary medium for how we communicate," says Jeffrey Schwarz, a partner at McDermott, Will & Emery. "Four years ago we used paper and FedEx. Now almost everything is done over e-mail." The consequence is that e-mail has become a de facto record repository, a burden that e-mail systems as we know them can barely handle. "We are trying to make a system do something that it wasn't designed to do," says Schwarz, who is also the top IT officer for the $668 million firm. "E-mail wasn't designed to be a document repository. It was meant to be send, read, delete. But now you can't delete. There are regulations that don't let you do that."
Many CIOs thought they had nailed e-mail systems in the '90s and could move on to more important things, but the kind of search required by the new regulations is beyond the capability of most current e-mail systems. Simply adding more storage isn't nearly enough. Consider that over the next seven years, a company with 20,000 employees will have to save approximately 4.5 billion e-mails, and it must be able to search through them all to find messages relevant to a request for information in a matter of days or hours. "These new [regulatory] obligations require you not just to save more e-mails, but to be able to access them promptly," says Carl Metzger, a partner specializing in securities litigation at Testa, Hurwitz & Thibeault. "CIOs who have ignored these requirements need to take their heads out of the sand." It's high time for all CIOs to reexamine their e-mail management systems.

Federal regulators understand the role e-mail plays in corporate life today. Consequently, almost every new regulation mandates that companies save those messages for years. For example, the Sarbanes-Oxley Act requires every public company to save every record that informs its audit process, e-mails included, for seven years. Different regulations target specific industries. Securities and Exchange Commission Rule 17a-4, which covers brokerages, is the most publicized example. The Health Insurance Portability and Accountability Act and Medicare both require health-care companies to save e-mails. Pharmaceutical companies, telecommunications companies and government contractors have to comply with other e-mail laws and rules.

And the rules are being enforced. Until recently, the SEC rarely requested e-mails, so brokerages didn't take seriously the longtime requirement that e-mails be stored and kept accessible. Then in December 2002, the SEC fined five brokerages $8.25 million for failure to retain e-mails. That got the industry's attention. While only a few companies were fined, violations in the industry were widespread, says an e-mail manager who spoke with CIO about violations at his company in exchange for anonymity. "I don't think the SEC had ever thought about applying [the rules]," he says, and as a result nobody was prepared to comply. "We were noncompliant with the retention requirement too."

Setting aside the question of regulations, a good e-mail management policy is a good business practice. Qualcomm Senior Vice President and CIO Norm Fjeldheim says his company saves every e-mail sent or received to fend off potential patent violation lawsuits. Yet a 2003 study by the Association for Information and Image Management and Kahn Consulting found that 60 percent of companies have no formal e-mail retention policy.

Storing and searching messages on a large scale requires a new approach. This approach has four different but interrelated components: storage, archiving, indexing and policy enforcement. For the most part, it is a seamless change for users and a straightforward initiative for CIOs. "This isn't reinventing the wheel," says Vincent Cottone, vice president and director of infrastructure service for mutual fund company Eaton Vance. The key to the new e-mail management is several technologies that are coming of age—and consequently coming down in price. Cheaper disk storage lets CIOs store e-mails in a searchable format, and archiving and indexing software gives these messages the meta-data that makes searching possible on the required scale. And it all happens on the back end.

Why the Old Way Doesn't Work
Exchange and Lotus Notes, the two dominant e-mail platforms today, were not designed with today's e-mail management needs in mind. These systems were made to communicate messages, not to become a company's primary document repository—and certainly not to give CIOs control of all their companies' e-mails. In fact, Exchange's personal folder storage system is in a sense the opposite of what a compliance-minded policy calls for, in that it allows users to remove messages from the server and store them locally.

In the past, e-mail management was a matter of buying more servers and backing up onto tape. But tape is an insufficient medium in a regulated environment. First, it breaks. According to Peter Gerr, an analyst at ESG, only 70 percent of companies have a tape recovery rate greater than 80 percent. Second, it takes too long. Qualcomm's Fjeldheim says the standard turnaround time to find e-mails requested by his legal department on his tape backup is three or four weeks. That may be acceptable for legal discovery or an internal investigation, but it will get you into trouble with regulators. Bank of America, for example, was fined $10 million in March 2004 when it failed to turn over e-mails to the SEC in a timely manner (currently interpreted as only 36 to 72 hours).

Switching to disk storage technology is part of the answer, and it is easy enough now to buy disk storage instead of tape. Prices are coming down; a terabyte of disk storage today costs a sixteenth of its price in 2001, according to Gerr. But simply switching from tape to disk doesn't solve the more fundamental problem of search and recovery. Gerr says that just as with tape, e-mails on disk are hard to search unless they are indexed. "Exchange and Lotus don't have native tools to index all the incoming and outgoing messages," he says. For the time being, that capability needs to come from third-party software that can intercept e-mails as soon as they hit the mail server, index them and send them to an archive.

Source: CIO Magazine, Ben Worthen

Productos para Archivar

Soluciones completas y asequibles para PYMES y empresas grandes.
Lea más>>>

Archiving Demos

Descubra como integrar el proceso de archivar fácilmente en su flujo de trabajo.
Ver demos>>>

Casos de Éxito

El Prepress Archive gana el premio de Innovación 2008 en Mercurius. Lea más>>>

Soluciones para Archivar

Archivos digitales para flujos de trabajo específicos.
Lea más>>>

Noticias

DAX presenta File and Folder Archive Software. Lea más>>>

Casos de Éxito

La descarga automatizada de los discos duros de los microscopios ahorran horas muy valiosas de trabajo al personal de NIAID. Lea más>>>

Evaluación de Software

Instale el software de evaluación en su propio entorno antes de adquirirlo. Lea más>>>

Customer Challenge

El Broadcast Archive facilita Parelli una solución integrada de edición de video y archivo a LTO. Lea más>>>

Archivo vs. Back-up

Archivar no es lo mismo que hacer copias de seguridad y debería formar parte de sus procesos de almacenamiento y recuperación de datos. Lea más>>>

Casos de Éxito

De Schutter ´Neroc archiva automaticamente todos sus correos y contenidos relacionados con su flujo de prepress. Lea más>>>

Automatizar Archivos

Ahorre costes y mejore la eficacia a través de la automatización. Lea más>>>

Archivo Blu-ray

Los archivos Blu-ray ofrecen capacidad masiva, acceso aleatorio y permanente.
Lea más>>>

Casos de Éxito

El Prepress Archive gana el premio de Innovación 2008 en Mercurius. Lea más>>>

DAX On-Line Archive

Descubra la sencillez de archivar con el asequible DAX On-Line Archive. Lea más>>>

© DAX Archiving Solutions