Secure and Legal Content

Are you storing your email and web page content securely and legally

A major issue for businesses is managing the cost of data storage. Not only is the volume of email increasing hugely - it is estimated that in 2005 we will send somewhere in the order of 60 billion emails - but also the size of the files being transmitted have got bigger. Each email will be on average 180kb of data; 3 years ago the same emails averaged 21kb of data.

It is estimated that 70% of the cost of managing that data is the cost of the human element manipulating the data. This is not necessarily adding value to business, as disproportionate amounts of time are spent, for example, recovering emails that have been accidentally deleted. We are also not focussing on managing the storage environment more intelligently. A key point regarding back up is that this is pointless to do so unless it is possible to recover data easily. Therefore organising the data which is stored is crucial so that it is possible, for example, to perform key word recognition functions to seek out specific emails.

The fact that data must be stored is indisputable. The European Commission has proposed an EC Directive obliging companies to retain internet data for 6 months and telephone data for 12 months. Following the Enron debacle, the Sarbanes Oxley Act (which has been in force since 2002) requires much more stringent storage and handling of data. Whilst this applies specifically to companies that currently deal with the US, it is a requirement that will be implemented in the UK within the next couple of years by the Companies (Audit, Investigations and Community Enterprise) Bill that has passed through the House of Lords. For legal reasons, access to archived data may be essential to fight disputes including civil proceedings and employment tribunals.

The Data Protection Act imposes requirements that all data must be stored accurately and securely and must be up-to-date. In June 2005 an enforcement agency was brought into being by the Data Protection Commissioner, which will prosecute for breach. A number of cases have already been brought against companies which have failed to notify the Commission (a task which costs ?35 and takes a competent IT employee an hour), leading to fines of £5,000 plus costs.

There are also strong commercial reasons for covering all aspects of data management. Beyond routinely backing up emails companies often do not have the foresight to consider holding regularly backed up copies of their web site, with a view to being able to maintain an Internet presence in the event that their current web hosting company ceases to trade, for example.

Q: In view of the huge volume of emails generated within any organisation, what should be retained - for instance should emails of a personal or trivial, internal nature be kept?

A: You cannot afford to delete internal emails - in a recent case an Employment Tribunal claim was overturned on the basis of derogatory comments found in internal emails, thus winning the case for the employer and protecting the organisation's brand. It is not practical to expect to be able to sort internal emails and remove irrelevant ones before archiving. It is more effective to have software systems in place which enable you to recover particular types of email, through searching on specific content, for example. It is possible to index data by subject, by department etc to make the recovery of particular information easier.
It is certainly well worth while considering an organisational policy on what you keep and how it is to be classified, which will act as a guide to how emails are organised and what should be kept or deleted.