Moderator: Peter Burris
Analyst: David Floyer
With knowledge workers spending 10% or more of their work days on email and the focus on email in both business criminal and civil legal actions, the implementation of solid, defensible, reasonable email compliance practices has become incredibly important. This effort must start with the development of policies and practices that users need to follow in their email handling, along with the creation of email archiving practices that comply with present legal mandates and, to the degree possible, anticipate future court and legislative actions. Otherwise, the enterprise may well find itself exposed to a “witch hunt” through its back email by an aggressive team of attorneys looking to liabilities to attack. While archiving is being pioneered largely in answer to specific legislative requirements to preserve email, even organizations operating in jurisdictions or industries not facing these explicit requirements need to anticipate future civil actions that may focus on their email archives or, worse, lack of them.
Given the clear dictates of new laws in Europe and America, and the sometimes punitive actions of US civil court judges impatient with the inability of corporate defendants in several famous cases to produce a full record of relevant emails in a reasonable time, businesses must focus their archive creation efforts first on compliance and risk abatement, ignoring other potential uses or advantages until after the basic system is built. To do otherwise is to invite design bloat that will increase cost and time, may create archiving systems that do not in fact meet the basic legal needs driving archiving and, in the worst case, may create a project that collapses of its own weight. Maintaining this tight focus in the face of software vendor competition based on providing the widest possible collection of functionalities will be a key challenge for the email archiving team, including storage administrators, and in many cases may lead to selection of a much simpler solution that otherwise might be implemented. Consequently email archive design teams must address three critical issues as they define the architecture:
- They must assess the actual scope of the risk, as measured by potential losses from three main areas – fines from noncompliance, punitive damages, and lack of accountability leading to potential extensive criminal witch hunts. The scope of these risk elements will vary by industry, geography and the need to sustain a history of email activity.
- They must recognize that over the 7-10 year period that emails need to be archived, they will experience at least one media migration regardless of the application or media chosen, driven by the 30% per year decrease in cost of new media acquisition versus steadily rising maintenance costs. We expect that virtual tape libraries will emerge as a favored mechanism for managing these migrations.
- They must anticipate the certainty that the business will request ways to access the archive to generate derivative business value by running future applications against it as an information store. In this context the archive takes on characteristics of a content management system. Therefore, designers need to consider factors such as open access methods that developers can use, and therefore need to avoid solutions that use proprietary data formats that lock the business into a particular vendor.
Ultimately the group running the archive may look like a classic applications team if only because of the potential future use of the archive as a content management system. But near term it is critical that storage administrators work closely with legal counsel and risk management personnel in the business to keep the focus of the archive project on risk, with a recognition of the derivative application benefits in the design process. They must avoid being taken over by email application management teams who will tend to bloat the project with a functionality wish list that may hinder rather than advance the business’s overall risk mitigation objectives.
Action Item: Storage administrators are being asked to put forward clear plans to manage email archive infrastructure. When responding, they must focus narrowly on the requirements put forward by the business’s legal and risk management teams and choose appropriate email archive solutions, infrastructure and operating policies to ensure that the business receives the right spectrum of risk mitigation capabilities and not just a new cool set of email application functions.
Footnotes: