Are You Confident of Your Ability to Manage E-Business Records?
According to a 2004 survey of records managers conducted by Cohasset Associates for the Association for Information and Image Management (AIIM) and Association of Records Managers and Administrators (ARMA), overall confidence levels in business’ ability to manage electronic records are low.
Thirty-three percent of records managers surveyed say they are ‘‘not confident at all,’’ while 29 percent report being ‘‘slightly confident’’ that their organizations could prove their electronic records are accurate, reliable, and trustworthy—as required by the courts to be accepted as evidence—years after they were created.
Overall, survey respondents rated the effectiveness of their organizations’ records management programs as ‘‘marginal’’ (18 percent) or ‘‘fair’’ (23 percent)—negative evaluations that have increased 32 percent over the past four years. Survey researchers attribute the lack of confidence to a growing realization among records managers that electronic business records are not being managed as successfully as traditional records. 
IM Rule # 24: Retain only business record instant messages. Delete messages that are personal or lack value as business records.
Ann Bednarz, ‘‘Electronic Records Policies Lacking, Firms Say,’’ Network World Fusion (March 12, 2004), www.nw fusion.com/news/2004/0312records.html.
Instant Messaging Risk Management Is Not Complete Until Dead Records Are Gone
Disposing of IM, e-mail, and other business records once they reach the end of their lifespan is an important part of document management. Assign your legal, compliance, and records management team the task of determining when old records have outlived their usefulness and can be disposed of.
The AIIM/ARMA survey of records managers reveals that 67 percent of records professionals doubt that their IT departments really understand the concept of electronic records lifecycle management. That’s despite the fact that, in 70 percent of cases, IT is responsible for managing the organization’s electronic records. 
Be sure to have legal, compliance, records management, and IT professionals work together as a team to ensure that everyone responsible for the successful management of your organization’s IM, e-mail, and other electronic records really understands the concept of business records—and business record lifecycle management—from both a legal and business perspective.
Personal Messages Return to Haunt Employees Years After Transmission
The employees of fallen energy giant Enron made the company e-mail system an extension of their personal lives. Like workers in many other offices, Enron employees thought nothing of using the company’s e-mail system to discuss personal matters and air dirty laundry.
Because those private (and in some cases highly confidential) messages were mixed in with Enron’s electronic business records, they were gathered as evidence during the Federal Energy Regulatory Commission (FERC) investigation of Enron’s alleged energy-market manipulation.
In March 2002, FERC posted online 1.6 million Enron e-mails from 2000 through 2002. At no charge, the public could surf the e-mail inboxes of 176 current and former executives and employees, some of whom had thousands of business and personal messages on display.
Romances, affairs, and gossip were discussed—with senders’ and receivers’ names attached. Complaints were lodged against in-laws and managers alike—with senders’ and receivers’ names attached. Executive salary packages and employee performance reviews were transmitted—with senders’ and receivers’ names attached.
Employees’ bank records and Social Security numbers were displayed—with senders’ and receivers’ names attached.
Two days after the e-mail was posted, Enron petitioned FERC to remove the most sensitive and confidential messages. FERC agreed to remove 8 percent of the database (141,379 documents), including a payroll document that listed the Social Security number of every Enron employee. In the end, only 5,128 e-mails containing Social Security numbers and employee performance evaluations were permanently removed. 
The Enron e-mail disaster was covered by The Wall Street Journal, CNBC, and National Public Radio, among other national business media outlets. Millions of curious readers (possibly including identity thieves) jumped online to sort through the goldmine of Social Security numbers, personal dirt, and other ‘‘goodies,’’ crashing the site in the process.
A cautionary tale for all IM and e-mail users, the Enron e-disaster story drives home an important lesson for employees. Never use your employer’s IM or e-mail system to transmit personal, sensitive, or confidential information that would embarrass or otherwise harm you or your loved ones were it to be made public.
For employers, the Enron e-mail disaster clearly illustrates why it is so important to distinguish business record IM and e-mail from nonbusiness record messages, and to purge all documents that you do not need to retain for business, legal, or regulatory purposes.
Dennis K. Berman, ‘‘Online Laundry: Government Posts Enron’s E-Mail,’’ The Wall Street Journal (October 6, 2003), A1.