Legal danger when IT patrols companies' e-mail retention

The majority of IT departments are having to manage their company's e-mail retention policy - a job for which they often do not...

The majority of IT departments are having to manage their company's e-mail retention policy - a job for which they often do not have the necessary legal training.

Managing e-mail retention has become a critical business problem in the wake of accountancy scandals involving Enron and Arthur Andersen, which have shaken the financial world.

According to a survey of more than 700 companies by the Research Group for archiving consultancy Essential, more than 60% of firms are running the risk of losing important business data and e-mails due to a reliance on IT departments to control disc space allocations.

Sara Appleyard, marketing manager at Essential, said, "There is a mismatch between what systems administrators believe is important and what businesses are legally required to keep. Crucially, we found that one third of systems administrators had no training in what documents to keep for legal reasons."

In the Enron scandal, a crucial e-mail from a company executive, Sherron Watkins, to Enron chairman Kenneth Lay blew the whistle on the company and, later, Enron accountant Arthur Andersen had to deny that an e-mail asking staff to comply with the firm's document-retention policy was a coded message for the shredding of Enron papers.

Philip Virgo, secretary general of IT user group Eurim, said the whole e-mail retention issue is "going to blow sky high over the next couple of months". He warned, "The issue of retention is a double-edged sword because, once data is retained, a large number of bodies can lay claim to access rights which may incriminate a company. If e-mails are not kept, a company will not be able to track and trace important negotiations."

Virgo added that this area needs to be reviewed and that, to keep on the right side of the law, managers need a framework to guide them. Over the next few months Eurim's E-Crime group will be holding workshops and events to highlight the requirements.

Simon Moores, chairman of the Research Group, believes companies need to be told clearly what should be retained for legal purposes and what can be discarded. "We urgently require guidelines because the industry needs certainty. I am sure that in many companies there will be embarrassing e-mails that may come back and bite you," he said.

Read more on IT risk management