IM and blogs next target for litigation

By Shamus McGillicuddy, News Writer 11 Oct 2006 | SearchSMB.com

Technology news and tips for midmarket CIOs Digg This!     StumbleUpon     Del.icio.us

The list of electronic records that must be retained for regulatory compliance and litigation continues to expand, and information technology executives must create and enforce policies that take this into consideration.

During the IT Compliance Institute Conference in Washington, D.C., Priscilla Emery, president of e-Nterprise Advisors, a Longwood, Fla.-based enterprise content management consultancy, told attendees that email is still the prime target for legal discovery in litigation. However, other forms of electronic records are also becoming applicable.

Emery cited an ePolicy Institute survey that revealed 24% of responding organizations said they had received a subpoena requesting employee email in 2005. Fifteen percent reported that a lawsuit had been triggered by an employee email. She said these numbers will continue to rise.

More on email archiving Email archiving: What's right for your enterprise?  E-mail archiving and compliance tools: SMB Buying Decisions

These numbers underscore the importance of having an effective records retention policy and an acceptable use policy for a wide variety of electronic media, not just email.

That same ePolicy Institute survey found that 58% of employees send personal instant messages at work.

"Most organizations do not allow instant messages," Emery said. "But a lot of financial services companies and broker dealers use instant messages to communicate internally and with customers. You need to keep those records. If you don't save your instant messages, someone else might do so without you knowing it."

Tony DePalma, CIO of Mineral Technologies Inc., a New York-based $1 billion manufacturer of mineral whiteners and other products, said his company has an email retention technology in place, but it has yet to start archiving instant messages.

"We do have an email archiving process," DePalma said. "Other areas are to be planned."

DePalma said his company allows employees to use AOL Instant Messenger for business communication. He considers other instant messaging platforms to be less secure, so their use within the business is restricted. However, the company has not yet started to archive instant messages. He hopes to have a strategy team in place soon to develop an archiving plan.

Blogs are also subject to record retention requirements. These include blogs on corporate Web sites, but also personal blogs might become subject to legal action if an employee posts corporate information on it. Emery said companies need to create policies around what can and cannot be posted on a blog. They also need to scan personal blogs to ensure that employees are complying with policy.

Companies must also capture information on their Web sites in their original formats as a record of communication. If sales or pricing information appear on a company's Web site, that information needs to be retained since Web sites can change on a daily basis. A company needs to be able to prove what information was on its Web site in case it has to defend itself in court.

Emery said personal digital assistants (PDAs) are also becoming "problematic." She said very few companies have policies in place that make sure all PDAs synchronize to one server. Without such a policy, email retention polices can be undermined.

Even text messages on mobile phones and PDAs can be used in legal proceedings. Few companies retain text messages sent and received by its employees, but all mobile phone service providers retain them.

"A service provider retains those records, and if they are subpoenaed, they will turn them over," she said.

Emery said companies should set standards for formats and usage for each of these media. She said employee training is critical.

"People are your biggest challenge" to installing a records retention policy, Emery said. Training should be done routinely, not just once. And CIOs should take steps to make sure compliance to a records retention policy is easy.

"Do not create more interfaces," she said. "If it takes more than five seconds for employees to figure out where to put something, you aren't getting anywhere."

Let us know what you think about the story; email: Shamus McGillicuddy, News Writer

Tags: Web 2.0 technology for the midmarket,  Email and messaging for the midmarket,  Compliance management for the midmarket,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Web 2.0 technology for the midmarket How to drive a successful Web 2.0 technology implementation CIO resources: Top five technology topics of 2009 Salesforce.com's Chatter: A collaboration tool worth talking about SharePoint muscles into records management systems 2009 IT Geek Halloween costume ideas Virtualization management strategies ezine for CIOs Business software guides for the midmarket: CRM, ERP, Web 2.0 and more How to create and measure success of a SharePoint governance program Social networking, real-time data feeds -- where does that leave IT? Enterprise content management a player in disaster recovery program Email and messaging for the midmarket Test your knowledge: IT quizzes for midmarket CIOs Midmarket data center management guides: Tips and best practices CIO's cost-cutting measures include move to Gmail Midmarket firm harnesses email communication as part of disaster plan Arts center's network infrastructure hits right note with Wi-Fi, FMC When Microsoft shuts you down and other IT horror stories CIOs, unified communications and the lost art of conversation Fixed-mobile convergence saves firms costly mobile phone charges CIOs grapple with tying Wi-Fi, VoIP into unified communications plan Unified communications: Savvy business move or security meltdown? Compliance management for the midmarket Test your knowledge: IT quizzes for midmarket CIOs What will net neutrality mean for SMBs? At your peril, disaster recovery testing gets short shrift From software prices to EHR security: The latest advice for CIOs Security and risk management in the midmarket A CIO's advice for implementing single sign-on solutions Compliance management: From virtualization to licensing agreements 2008 top 10 technology articles: Social media, Vista, IT salaries Healthcare compliance gets boost from national HHS privacy framework Taking electronic records retention management to the next level

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary