European service supplier SCC has found that 87% of the
25 blue chip businesses it surveyed could not meet the requirements
of the Data Protection Act or Sarbanes-Oxley.
None of the organisations, which included financial, legal and
retail firms, had a fully compliant e-mail policy in place, even
though more than half had experienced compliance-related problems
in the past.
A separate survey of 100 CIOs by e-mail compliance vendor
Cryoserver confirms companies' apathy to tackle e-mail problems. In
the last year, 68% needed to retrieve e-mails to resolve a
compliance issue. Despite this, 80% had little or no confidence
their e-mail systems now complied with regulation.
Paul Eccleston, UK business solutions director at SCC, warned
that ignorance about e-mail compliance would not be accepted as an
excuse by regulators. "Organisations need to take a more assertive
approach towards tackling compliance. Liability in most cases
remains with the data owner, so it's in a business' interest to
ensure senior employees implement secure e-mail management
systems," he says.
"With fines of up to £3m and criminal penalties of up to 20
years, this issue should be at the top of businesses' agendas."