Don't Be the eDiscovery Cautionary Tale
It might have slipped below your radar but, last month, the Boston mayor's office had some email troubles. Although most people wouldn't consider this a "scandal" — no affairs, bribes, etc. — those of us in the messaging world would certainly consider it scandalous. A top aid to the mayor was accused of routinely deleting emails in violation of state law, which requires employees keep all email for a minimum of two years.
The spin-doctors at the mayor's office defended the aid by explaining that "double-deleting" (moving emails to the trash and emptying the recycle bin daily) is simply a good organizational habit. Then, of course, the finger-pointing began with the aid contending that he just assumed the email was being backed up by the city's servers. The city's IT department insisted it was the employee's job to archive the messages.
No one is saying that the deleted emails contained evidence of any wrong-doing. Here's the real "crime" in my estimation: The aid was deleting email, despite the fact that, a year ago, a judge warned the mayor's office about the practice of deleting emails. (It had been revealed that employees were deleting emails to save on storage space.) The city then bought email backup software, but didn't bother to create an email retention policy.
Seriously. They bought an email archiving system. Presumably, they fixed the storage problem when they bought the archive. And, then … nothing. Folks, all the software and storage in the world isn't going to solve your email management problems if you don't have policies to guide what you do with it.
Because we understand that polices are the absolute foundation of message management, we've created an ePolicy Workshop. It's a private, two-day workshop that helps organizations think through and create clear, written policies. You start by assessing your organization's current retention policies (if there are any), how you're enforcing them (if at all), and how the policies might help or hinder a potential discovery or disaster recovery process. You'll learn what areas of an email infrastructure typically present security and compliance gaps and how your organization scores in each of these areas. Once you understand where you are, you can determine how far you have to go.
It's important to include all the people who have a stake in the policy. This isn't just an IT issue, so key executives and people from legal, records management, and human resources also need to be involved. If you're worried about the logistics of getting all these people to a seminar or conference, don't worry — we come to you. Because we hold the workshop onsite, you don't have to figure out how to get everyone to some offsite location. Another bonus is you're someplace where you can have confidential discussions of sensitive, company-specific issues.
Although you might cringe at the idea of being pulled off other projects for two days, the time-frame really is pretty short and sweet. If you were doing this on your own, you'd be faced with assembling a policy team, scheduling a series of meetings, and going through draft after draft trying to come up with a policy that meets everyone's needs. With the workshop, our technical and legal experts guide you through the process, and in two days you walk away with an email retention and deletion policy tailored to your business needs and industry requirements. You'll know what email needs to be retained and for how long; how to maintain secure and auditable records; what should go into formal, written policies; and what technologies will enforce those policies.
Beyond policies
Enforcement is key. As we've seen from the Boston situation, it's important to have policies, but it's also unreasonable to expect employees to implement these policies with completely accurate judgment 100 percent of the time. It isn't their core competency, it distracts them from their daily work, and — should they slip even once — the stakes are too high. To be sure your policies are being strictly and consistently followed, you need a way to automate their enforcement. If the employees in the Boston mayor's office had these two elements in place – policies and the technology to enforce them — we wouldn't be reading about them today.
– Ranjit Sarai
