Email Archiving: Understanding the Reasons, Risks and Rewards

Overview

Statistics show that as much as 60 percent of business-critical data now resides in email, making it the most important repository of data your company may own. This huge amount of data—which grows on a daily basis—translates into a significant burden on corporate storage resources. These facts—combined with a recent onslaught of regulatory compliance rules—are forcing organizations to take a deeper look at email storage, retention, and archiving practices. In fact, if you are not already considering an archiving solution, it is very likely that your organization will be facing this decision in the coming months or years.  And it’s not just compliance with regulations that is driving this trend to archive. As email messages increasingly take center stage in headlines and lawsuits, email has become the electronic equivalent of DNA evidence. Having a system in place that takes this risk into account is crucial for businesses that don’t want to end up at the center of one of these scandals. In most organizations, responsibility for archiving decisions falls to the IT department. Before embarking on email archiving, IT professionals need to understand a range of business and technology issues—from the key reasons for archiving to the best type of archive to meet those needs.

Electronic Discovery and Litigation

Understanding the reasons why your organization needs an archiving solution will play a key role in choosing the right solution. One of the most important considerations for businesses, regardless of size or industry, is the issue of electronic search and discovery. Electronic discovery—or “e-discovery”—usually refers to the retrieval of data from a computer to meet a legal request. However, the term can also be used whenever data retrieval is required for regulatory compliance, HR concerns, validation of client correspondence or other corporate needs. As a result, all organizations require search and discovery capabilities for email, even if they are not currently involved in litigation. Recently, the electronic discovery burden on IT organizations has increased both in frequency and demand. In fact, a survey performed by Osterman Research, Inc. found that:

This is not surprising when you consider that email is just as admissible in court as paper-based documents, and can be requested for legal discovery at any time. In fact, email evidence has been the “smoking gun” in numerous cases of illegal corporate activity. And that does not take into consideration the risks of non-business related content that can be found in email. Sexist, racist and other inappropriate content—which would be deemed unacceptable in all other corporate arenas—can often be found in employee inboxes. In fact, according to the American Management Association, 27 percent of Fortune 500 companies have defended themselves against claims of sexual harassment stemming from inappropriate email and/or Internet use.

Without an archiving system with appropriate search and discovery capabilities, these requests can add up to a great deal of time, effort, and expense on the part of the IT department. According to Osterman Research, the IT department in a typical large organization spends five hours per 1,000 users per week performing backups, recovering users’ deleted emails and dealing with other backup and archiving-related tasks. That works out to approximately $10 per user per year on labor alone. For smaller organizations, Osterman Research estimates that cost can go up to $34 per user per year on just the labor involved in managing backups and archiving.

In the case of litigation, the costs can rise even more dramatically. An employee discrimination suit known as Zubulake vs. UBS Warburg is a great example of this. UBS Warburg archived outgoing and incoming email for their registered traders on optical disk, with no effective means of searching. When the Zubulake discovery request sought internal mails stored on backup tapes, UBS Warburg was forced to pay the cost of recovery, despite the fact that recovery costs for a sample set of email on five initial backup tapes cost $19,003.43, or about $4,000 per tape. A second round of discovery requests resulted in costs of more than $100,000, before related litigation fees—costs that UBS Warburg, the defendant in the case, was once again responsible for covering.

Cost isn’t the only concern when retrieving data for a discovery request. In most cases, a strict time limit is placed on when data must be produced. For example, the SEC generally requires that requested email be produced within 48 hours of a request. Failure to produce requested email in a reasonable timeframe can result in significant fines, as in a case involving J.P. Morgan Chase & Co. The investment banking firm was fined $2.1 million when they failed to produce all the emails sought because backup tapes could not be found in storage facilities, other tapes were damaged or contained errors, or backup tapes were not made for some periods.

While you might think that the best answer to these issues is to simply delete email on a regular basis, there are problems with this assumption. In the case of litigation, seemingly unimportant email messages can often support a company’s claims of innocence. A deleted email trail can not only weaken an organization’s defense, but it can also lead to a presumption of guilt, potentially costing a business millions in fines and settlements and causing immeasurable damage to corporate credibility.

Without an archiving discovery system, it is also difficult to limit searches for appropriate data before presentation to litigators, creating opportunities for unnecessary data to be exposed. Ultimately, the cost of innocence can be extremely high for organizations that do not proactively manage email usage and archiving.

Regulatory Compliance

In recent years, the archiving of email messages has become a business requirement driven by numerous federal and state regulations including Sarbanes-Oxley , SEC 17a 3-4, HIPAA, and NASD rules. With more than 10,000 regulations on data and record retention currently in force in North America, very few businesses are exempt from some form of regulatory scrutiny.
These regulations are forcing businesses to retain email just as they must retain other formal corporate records—or face penalties that can include significant fines or even criminal charges. As just one recent example (September, 2007), Morgan Stanley & Co. paid $12.5 million to resolve charges with the Financial Industry Regulatory Authority (FINRA) that a former affiliate failed, on numerous occasions, to provide emails to claimants in arbitration proceedings.
With a policy-driven archiving system in place, email can be checked for compliance with regulations,
and then retained for the appropriate amount of time based on email content. These solutions can also reduce the risk of inappropriate content being exchanged, as employees can be alerted when an email doesn’t comply with company policy.

Storage Management

Nearly every IT department has struggled with the issue of storage management for messaging servers. The pressure to increase storage limits continues to grow as the amount of email sent each day—as well as the size of messages and attachments—increases. This ever-increasing storage demand is driven in part by faster connection speeds, and partly by the fact that email’s role as a primary channel for corporate communication continues to expand. This growth is not expected to slow down in the near future; in fact, Radicati Research estimates that corporate email traffic will almost double between 2005 and 2009, going from 64.9 to 120 billion messages
a day.
An archiving system, by automatically offloading data into an archive, can dramatically help improve the efficiency of messaging servers, their reliability and the speed with which they deliver messages.

Knowledge Management

Beyond the capacity issues associated with storage management, email has also become the de facto filing system for many enterprises. According to IDC, as much as 60 percent of business-critical information is stored in email and other electronic messaging tools. Everything from sales proposals and marketing plans to competitor profiles, contracts, and personnel files can exist—sometimes exclusively—in an employee’s inbox. Maintaining an archive that allows end-users to easily access and search all previous email can greatly improve productivity. In addition, vital content cannot be deleted by a disgruntled employee; in the event of an employee leaving the company, the trail of information managed by that staff member can be accessed in the future.