03:57 PM
You’ve Got (potentially dangerous) Mail
Comprehensive Strategy
For e-mail and IM, as with traditional written correspondence, a comprehensive risk management strategy can go a long way toward mitigating dangers. Nancy Flynn, executive director of the ePolicy Institute, a Columbus, Ohio-based research and consulting firm focused on e-mail and IM, recommends a three-pronged approach: establish written policy, educate your workforce and enforce policies with a combination of disciplinary action and software technology.
"You need to work on the assumption that it's not a matter of 'if' you will be sued or investigated by a regulator but 'when,'" Flynn advises. With the right practices and technology in place, she continues, not only will you be able to comply with the demands of discovery, but "the e-mail or IM that is discovered will be less likely to contain messages that can be used as evidence against you." The technology component of the strategy should include software that filters and monitors content; has robust capability for archiving, including storage and retrieval of records; and purges non-business records, Flynn says.
The archiving component is central to achieving regulatory and legal compliance, but traditional technologies can leave financial services companies exposed in today's more-demanding compliance environment, according to Mike Gundling, senior vice president of product management at electronic communications solution vendor iLumin (Reston, Va.). "Many use e-mail archive products that were built for mail storage management and are ill-suited for compliance needs," Gundling claims. "Typically the products are scheduled to run on evenings and weekends to free up storage on the mail servers. When messages are deleted between scheduled processing, they are lost forever."
Some firms are out of compliance and place themselves at risk of litigation because they store their archives on tape - a practice at odds with SEC 17a-4, which states that messages must be kept for three years, and for the first two years in an "easily accessible place," Gundling adds. "Firms that are asked to search and produce messages from tape are often using backup systems that have no tools for discovery," he says.
Anthony O'Donnell has covered technology in the insurance industry since 2000, when he joined the editorial staff of Insurance & Technology. As an editor and reporter for I&T and the InformationWeek Financial Services of TechWeb he has written on all areas of information ... View Full Bio