Email compliance - how to get it right

By Barry Gill
20 Oct 2008
The storage and retrieval of emails have become a big headache for most businesses, especially now that good governance and no fewer than five local acts prescribe the need to store all email sent or received for up to 10 years.
Email compliance - how to get it right

The acts that demand effective storage of email include Electronic Communications and Transactions Act (ECT Act), the Regulation of Interception of Communications and Provision of Communications-Related Information Act (Interception Act), the Financial Advisory and Intermediary Services Act (FAIS), National Archives of South Africa Act and the Companies Act.

In addition, The King II report, which guides South African companies on what constitutes good corporate governance, requires companies to identify and mitigate risk.

The challenges are vast and include the cost of storing millions of emails in a way that doesn't erode the integrity of the mail, the infrastructure to retrieve and archive the emails and the people to manage it all. This isn't just about a few servers down in the data room. It's become about making sure that every email is one ‘search phrase' away.

There are a few things that companies can do to get it right.

  1. Remember - archiving is not a job for employees

    Automate as much as possible. Expecting users to take responsibility for archiving is just setting you and your staff up for failure and a mountain of written warnings.

  2. Don't change a thing

    If the email has been changed in any way, its power as a piece of evidence is eroded. Using immutable storage together with encryption technology can ensure that a ‘forensically sound' copy can be sourced. This is vital in any legal situation, where the only piece of evidence between your company and a hefty fine is one small email.

  3. Make sure it's easily retrievable

    Store the email in a way that makes it easy to search for. We have heard horror stories from clients where it has taken seven straight days to locate one email because it was all stored on tapes which required a person to physically go through data on each and every tape.

  4. Tell people that it's going on

    Remember to inform your staff that every email is going to be stored, archived and saved for 10 years. The communication has a few positive outcomes:

    • It should stop any ‘fruity' emails being sent and received

    • Users are confident to delete emails as they can search the store should they need them. This means smaller active mail boxes which means fewer IT issues

Correctly managing your company's communication can only benefit the business, and considering that up 80% of an organisation's fresh intellectual property (IP) can be found in its emails, it makes sense to make sure none of them get away.

About the author

Barry Gill has over 17 years of experience in the IT industry, including telecommunications consultancy and product management. He has been with Mimecast South Africa since 2005 and is currently its product strategist. Contact him on +27 (0)86 111 4063.

 
For more, visit: https://www.bizcommunity.com