|
Email retrieval has been at the crux of numerous litigations and, as many organizations have learned, failure to manage or implement effective email archiving systems can end up costing companies millions of dollars in court. Here, email expert David Gewirtz offers tips on what CIOs can do to avoid email liabilities.
What Happened To The White House E-Mails?
The IT And The Law Blog
Email archiving, seemingly the most basic of information technology functions, has been much in the news of late.
Since 2002, the White House somehow has managed to lose an estimated 5 million emails, many of them reportedly dealing with sensitive, politically-charged material. And, in its recent indictment of two former Bear Stearns hedge funds managers, the Justice Department is counting on emails between the two fund managers to make its case.
In the past few years email retrieval has been at the crux of numerous previous litigations and, as many organizations have learned, failure to manage or implement effective email archiving systems can end up costing companies millions of dollars in court. Case in point: Investment bank Morgan Stanley lost a $1.45 billion case against financier Ron Pearlman largely because of its inability to retrieve emails, and was then fined $15 million dollars for email storage issues by the Securities and Exchange Commission.
To determine what CIOs need to do to avoid email retrieval liabilities, CIOZone Contributing Editor Laton McCartney talked to David Gewirtz, editor-in-chief of two publications dedicated to email and electronic communication, OutlookPower Magazine and DominoPower Magazine, and author of the book "Where Have All the Emails Gone?"
CIOZONE: With the discovery of millions of missing White House emails, which you wrote about in your book, and the importance of emails as the supposed "smoking gun" in the Justice Department's case against two former Bear Stearns hedge fund managers, email retention and management seem to be an even greater priority for CIOs.
GEWIRTZ: The liability for CIOs who don't have proper email records is getting bigger and bigger. Ineffective email management is the kind of issue that can reach up and bite you if you're not careful.
CIOZONE: Bite you in legal terms?
GERWIRTZ: Yes, and this goes back to 2003 when US Warburg (the investment firm) was found grossly negligent for allowing destruction of email evidence in a sex discrimination suit.
Also it can be harmful operationally. It can cause you to spend far more time digging out of a hole and less time operating business. And email retention is important in risk management to show you have all your I's dotted and T's crossed.
CIOZONE: What are the pitfalls confronting effective email management and retention?
GERWIRTZ: One is the massive flow of spam.
CIOZONE: Which takes up your storage capacity?
GERWIRTZ: Right.
CIOZONE: Has virtualization become a factor in email archiving.
GERWIRTZ: Yes, moderately. Email administrators are not so concerned with power consummation as they are with reducing floor space. Ecological benefits are not a driver of virtualization but a byproduct.
CIOZONE: Are there technology issues that stand in the way of archiving?
GERWIRTZ: No, the vast majority of problems stem from policy issues. Does the company want this (effective email archiving and retrieval) to happen?
CIOZONE: You say in your book "Where Have All the Emails Gone?" that the lost White House records have created national security concerns. How so?
GERWIRTZ: There are actually national security concerns due to a number of factors, the missing email messages are just one of them. Specifically, the White House is prohibited from using government resources for politically-oriented communication, forcing message traffic to travel over the open (and insecure) Internet. Archiving is impacted here as well, because none of those politically-oriented messages are being archived or preserved. Future leaders may need access to that information for governance or operational reasons.
There are a lot of other security issues I found, but the next biggest concern is a lack of operational security for portable devices, flash drives, BlackBerries and so forth. The big take-away, however, from my research into this, is that the White House has used pretty much "worst practices" in managing email. For such a critical command-and-control system, this raises huge concerns.
CIOZONE: What lessons, if any, can business draw from the White House debacle?
GERWIRTZ: The White House is facing some serious technology issues including messaging security, email archiving, compliance and disclosure, robustness, physical systems security, and IT management discipline. For any CIO, these topics are very familiar. If I were to boil it all down for the typical CIO, I'd recommend you make sure you do everything to protect your own infrastructure and your company's interests -- or you could be putting your company's financial and, often, physical security at risk.
Areas we've found to be surprising risk points turned out to be BlackBerries and portable media. These things are little tiny nightmares waiting to happen and they both figuratively and literally fall through the cracks. Pay extra attention to what's on these devices and how you manage recovery.
As a secondary issue, especially how it pertains to the White House, I'd suggest remembering that archiving is a technical act and the responsibility of the CIO. However, disclosure is a policy (or, for corporations, a management) issue, and therefore the responsibility of executive management. If CIOs focus on quality archiving, they won't need to worry about disclosure problems.
|
