The need to produce IM evidence is not restricted to Wall Street, nor is it limited to litigation. The FDA, the IRS, and other government and industry regulators regularly request copies of, and inhouse access to, e-mail and other electronic records. Expect to start receiving requests for IM—if you haven’t already.
If you are unclear on which government and industry regulations govern your industry and your employees’ use of IM, now is the time to find out. Your legal, compliance, and IT professionals should work together to determine where IM fits into the organization’s regulatory puzzle, and how a program that combines written policy, employee education, and enforcement technology (the three Es of IM risk management) can help ensure compliance and minimize costly IM-related disasters.