There’s been a lot of noise over the last year or so about “email archival”, “data retention”, “Sarbanes Oxley” etc. and there’s good reason for this, Radicati Group are telling us - “Compliance and Policy Management Market Poised to Grow to Over $2.4 Billion by 2011.” So, you can see why the big guys want a piece of the action!
I have a view about this. I believe that this is mostly PR activity and hype being generated by hardware and vendors whom are seeing significant returns on the high-margin hardware and software solutions being deployed to address these “areas of high risk”.
There are some legal compliance issue in the US, this is true. Meeting the requirements of the Sarbanes-Oxley, or being SOX-compliant, is a real issue for some organisations in the US, but not all of them. Certain types of organisation are more open to this than others. There are some providers of data and email services that are running scared of the whole compliance issue because they are unable to take on the legal burden of responsibility that comes with providing compliancy services to US customers.
In the UK and EU we don’t have such tight regulations which is a relief, however we’re still subject to the media attention and marketing surrounding this. I won’t say it’s scaremongering, because it’s not, it’s PR. By focusing on the negatives and the legalities, companies are unable to see the real value that archival services can bring to a business.
What’s interesting is that often the regulations are self-imposed internal rules within the organisation and not a government legislation. This is important – only do what your business needs to do and don’t be led by media-hype or vendor advertising to deploy a solution that’s more than you need.
Ensure that you are addressing the real business drivers within your business. Think about the roles within your organisation and the data that those people are sending and receiving. If you FD was to leave your business, wouldn’t it be useful to have a copy of the emails from 3 months ago when that £2m leasing agreement was agreed? What if there are some issues with the payments and previous conversations are called in to question? How about your Sales team – who’s word will you trust if your biggest customer says “before Jimmy left he’d agreed a 25% discount if we renewed our contract”. Being able to find and recall these emails in would be beneficial to your business in both of these scenarios and there’s no mention of legal or compliancy here!
I have an archived copy of all my email for the last 2 years and a copy of all mailboxes for previous members of my team that have left Cobweb for greener pastures. We use an email archival solution inside of Cobweb that works well with Exchange. You can take it as read that it’s seamless to the end-user, secure, robust and reliable – it works. I can think of a few occasions where I’ve had to find an old email from an archived mailbox, or find a document from Sent Items that was missing from a colleagues handover before they left. On one occasion we just wanted to see the background email conversations between a key staff member and a customer of ours that was having business difficulties of their own. None of this was due to pending legal action or pressing compliancy issue, but I was glad that information was there, and I take comfort knowing that everything’s stored away should I need it one day.
Great post Dan and very thought provoking. The PR machines of the big (primarily US) software and hardware vendors undoubtedly serve a purpose in keeping the IT industry buoyant. The FUD (Fear, Uncertainty and Doubt) they create keeps organisation’s buying stuff but it is often over-engineered, over-complex and requires a lot of professional services work to implement effectively. In turn that creates a whole load of extra opportunity for smaller vendors who come along and say “that stuff is way too complicated, it’s not user friendly and we can do it for half the cost” etc, etc. And so it goes on with each ‘new thing’. It’s kept me in a job for the best part of 20 years so I’m not going to complain too loudly ;)
However, as your post rightly points out, the FUD is often not the right or best reason for organisations to take action.
The thing about email compliance is that it’s basically fixing what is essentially a flawed system or in terms of those old Irish jokes – “If I was building an email system, I wouldn’t start from here”. In terms of a straight replacement for traditional mail it has been massively successful but in terms of helping organisations deal with the challenges of managing electronic information flows effectively it has often created more problems than solutions - largely because the ubiquitous systems such as Exchange have created bloody great silos of information that are disconnected from other business processes.
It’s great to see a lot of these issues of disconnected processes being addressed with Microsoft’s latest flurry of releases such as Exchange 2007 and MOSS. It looks likely that the best outcome going forward is that email compliance and email archival in particular just becomes a standard part of an email system. It’s really the only way organisations and individuals will change engrained behaviours to improve information management for the better.
Posted by: James H | August 02, 2007 at 11:19 AM