E-mail in the dock

There is no substitute for properly managing your e-mail. The words it generates often have the same status in law as legal...

There is no substitute for properly managing your e-mail. The words it generates often have the same status in law as legal documents. Julia Vowler finds out what precautions the legal profession recommends

Careless e-mail costs jobs and can land even major corporates in court. With "pervasive e-mail" now the norm, how does an IT department get to grips with it?

If anyone should know it is the head of IT at a law firm. John Rogers is head of IT services at law firm Herbert Smith and he concedes that it would be particularly embarrassing for such a company to be caught out by careless e-mail. So how did he get his firm's e-mail under control?

"Our e-mail has grown tremendously, and has become our primary means of communication, but I was surprised by the sheer volume of e-mail, and how fast the company has become completely reliant on it," says Rogers.

Companies need a clear, well-thought out e-mail policy. "But a policy is only part of the answer," says Rogers. "The real answer is education." It is easy to think of e-mail as being ephemeral, but it is not Rogers warns. Indeed, sometimes the opposite can be true. "Lawyers are very reluctant to delete anything," he says.

E-mails themselves may not be so much of a burden, but in law firms they usually come with substantial attachments. "Printing all these out [for regulatory record-keeping] is a tremendous burden, both on the printers, which are not designed to handle such volumes, and on our secretarial staff," says Rogers. "And the volume is increasing all the time."

His advice, based on his own experience, is to consider several tactics:

  • Use recent "horror stories" to persuade management of the need to get e-mail under control. One upside of the recent spate of e-mail-generated corporate embarrassments is that it provides IT with a strong argument for getting budget to set up a robust e-mail policy.

  • Keep your e-mail policy simple and clear. "We tell people, 'Don't write in an e-mail what you would not say to someone face-to-face'," says Rogers. "Send out a consistent message to users, 'You are responsible for your e-mails, so check everything in them.' We remind them that their e-mails could be used as evidence," says Rogers.
    The message does get through, he finds. "We have had a very few, specific issues, and each time we've taken someone to task the word goes around. People are growing up about this."

  • Adopt an e-mail archiving system. "We're installing KVS software which will take the load off our e-mail management," says Rogers. The software will not only retrieve by date order but, more usefully, by client as well. Users can 'tag' mails that relate to a single client, making them faster and easier to retrieve from the archive. "It has cost us less than £100,000 for the hardware and software and, as e-mail is so crucial, I consider it money well spent," says Rogers. "Yes, we could do e-mail archiving ourselves, but we'd have to be far more dictatorial to our users."

  • Find out what end-users want from their e-mail. "Go to the business and find out how and why they are using e-mail," says Rogers. "We missed out originally on why volumes were rocketing, but now we are talking to lawyers in the different parts of our practice [who use e-mail differently] to understand what they are doing with e-mail."
    Because e-mail was driven by the need to circulate documents between lawyers and clients, a better method of communication, says Rogers, is to put the documentation on a private extranet accessible only by the lawyers and a particular client.

  • Examine business processes to see if they are unnecessarily dependent on e-mail. "E-mail may not always be the most efficient and effective method of executing a business process," says Rogers. "When lawyers draft a document, for example, it passes around several people who need to check it and comment on it. The process could easily involve 10 people, and generate a hundred e-mails just around a single document," says Rogers. Instead of this cumbersome, e-mail-intensive method, "We're now looking at a document drafting system," he says.

Make sure you have an efficient e-mail system in the first place. "Have really good people, or hire the expertise," advises Rogers. "Tuning an e-mail system is well worth while - performance is so dependent on how it is set up and managed."

  • Plan for growth. "Anticipate future growth adequately - you should plan for a 10-fold increase," warns Rogers. "Although there is a physical limit to the number of e-mails a person can deal with, there is no limit to the size of attachments.
    "Build a very high-spec system now - it is absolutely crucial to company operations, like the telephone system, so build in resilience and realise that your connections to the Internet are really important."

  • IT managers need to make the business aware of its responsibility to monitor e-mail
    • Companies need to be accountable for the content of e-mail generated by individual employees. Although reviewing content before sending is not feasible, "sent" folders should be both reviewed and monitored (with an ability to screen for trigger words such as "deal" or "sure thing")

    • Ignorance of content is no defence in law

    • Decisions about deletion must be based on content, not cost. Destroyed e-mails may be seen as a "smoking gun" to investigators

    • E-mail needs an audit trail based on context, not back-up

    • It is commercial suicide not to know what the content of your
      e-mail system is. You need to be able to prove what was sent and - just as importantly - what was not

    • The law requires companies to keep a large range of documents for given lengths of time - these days e-mail is associated with such documentation, in areas such as accounting and employment records, and commercial agreements

    • Those with a right to access your computerised information include company liquidators and administrators, Companies Act inspectors, Financial Services Authority investigators, the Serious Fraud Office, the Inland Revenue, Customs & Excise, the Office of Fair Trading and the European Commission.

    Source: "E-mail, the Law and Your Business", a briefing paper from Laytons Solicitors

    Read more on IT risk management