European service supplier SCC has found that 87% of the 25 blue chip businesses it surveyed could not meet the requirements of the Data Protection Act or Sarbanes-Oxley.
None of the organisations, which included financial, legal and retail firms, had a fully compliant e-mail policy in place, even though more than half had experienced compliance-related problems in the past.
A separate survey of 100 CIOs by e-mail compliance vendor Cryoserver confirms companies' apathy to tackle e-mail problems. In the last year, 68% needed to retrieve e-mails to resolve a compliance issue. Despite this, 80% had little or no confidence their e-mail systems now complied with regulation.
Paul Eccleston, UK business solutions director at SCC, warned that ignorance about e-mail compliance would not be accepted as an excuse by regulators. "Organisations need to take a more assertive approach towards tackling compliance. Liability in most cases remains with the data owner, so it's in a business' interest to ensure senior employees implement secure e-mail management systems," he says.
"With fines of up to £3m and criminal penalties of up to 20 years, this issue should be at the top of businesses' agendas."