Chapter 18: Regulated Firms Playing Catch-Up with E-Mail Retention | Instant Messaging Rules: A Business Guide to Managing Policies, Security, and Legal Issues for Safe IM Communication

Overview

In spite of heightened regulatory oversight—and the high-profile news coverage some Wall Street e-mail gaffes have generated— many employers and users remain unaware of the content, privacy, retention, and archiving requirements governing IM and e-mail.

Like other industries, the financial services community has yet to fully adopt recommended best practices for e-mail management, and consequently many organizations are still struggling to adhere to regulators’ e-mail requirements. Now those organizations (still playing catch-up with e-mail compliance) are required to manage IM use and retention appropriately—or face stiff fines and other penalties.

According to Osterman Research, many companies in regulated industries mistakenly believe that regulations governing e-mail retention do not apply to them—an oversight that places them at risk of legal exposure and loss of critical information. Only 29 percent of regulated companies believe they have a legal requirement to retain e-mail for a minimum period. ^[1]

Eighty-nine percent of organizations surveyed were in industries that require e-mail retention, including financial services. Nonetheless, 43 percent lack an e-mail retention policy. Among the 57 percent with retention policies in place, many fail to meet regulatory requirements. ^[2]

According to the ‘‘2003 E-Mail Rules, Policies, and Practices Survey,’’ 66 percent of companies (regulated and unregulated) lack an e-mail retention and deletion policy. Only 27 percent of employers educate employees about the organization’s retention policy, and the individual employee’s compliance role. ^[3]

At the end of the day, it’s probably safe to assume that employers who have yet to adopt e-mail best practices are in the dark regarding IM compliance.

^[1]Jeff Brandes, ‘‘The Role of Secure Archiving in the E-Mail Life Cycle,’’ Infostor (November 2003), www.infostor.com.

^[2]Ibid.

^[3]‘‘2003 E-Mail Rules, Policies, and Practices Survey,’’ conducted by American Management Association, The ePolicy Institute, and Clearswift. Survey findings available online at www.epolicyinstitute.com.