LISTSERV - RECMGMT-L Archives - LISTSERV.IGGURU.US

RECMGMT-L Archives

Records Management

RECMGMT-L@LISTSERV.IGGURU.US

	LISTSERV Archives
	RECMGMT-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Topic for Discussion
From:	Rick Wolf <[log in to unmask]>
Reply To:	Records Management Program <[log in to unmask]>
Date:	Thu, 20 Sep 2007 15:18:41 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (103 lines)

Dear all,

The tone and length of the exchanges on this subject - email management -
illustrate points I have been making for years in training executives and
employees on the subject. Discussion of the management of email is personal
(to the user) and contentious (among vendors who claim to have a cure and IT
executives who do not want to engage in an initiative riddled with risk of
failure). In my view, email management projects are sure to fail if one
(legal/compliance/RIM professionals) does not address certain, key
considerations. In the interest of brevity, I will stick to a few bullet
points on this very complex topic, and return to the sidelines and enjoy
(and learn from) the dialogue.

. Walk before asking employees to run - Getting in place policies
and procedures and applying them to paper records and legacy offsite paper
inventories will help employees get used to and understand the operational
benefits of RIM (efficiency and productivity). Once part of the muscle
memory of the organization, and it is easy to show ROI on paper, turning to
email is a conceivable option. But I always counsel in favor of breaking
teeth on paper, not the sizzling hot button topic -- email.

. The slim chances of asking employees to comply - Here is a
paraphrase what Bill Gates said at a summit this past May where compliance
officers were gathered in Redmond to discuss the challenges of RIM and
e-discovery: With regard to his own organization - "If you are telling me
that employees (and I) would have to take even one extra step [in terms of
dragging and dropping email into proper buckets), I would not support the
initiative."

. Coming up with some solution - You will struggle to have effective
compliance if employees are expected or given license to make all the
decisions about what to keep. For that reason, in 2003-04, we designed a
central repository to store a replica of all email for a limited period of
time. We used open source code and a software I will mention only offline,
and through journaling sent a copy of every email that crossed the fire wall
to one storage platform (after de-duping). That platform allowed IT to use
backup tapes for disaster recovery purposes only and the lawyers to access
the separate platform (or archive) for hold management purposes. Employees
could do what they wanted to do with the email on the desktop for some
period of time based on business need (e.g., every 90, 120, 180 days) before
the email would be removed from the Exchange Server. The ability to create
PSTs is the exception, not the rule, under this process.

Through a basic, web-accessible interface, lawyers with permission-based
access could run queries based on criteria derived from the legal or
regulatory matter that required a hold. The query process had an audit
trail. A hold, or multiple holds would attach to an email in the repository
following the finalization of the query. Everything else not subject to hold
had a limited shelf life in the repository and was purged periodically
(e.g., every 90, 120, 180 days). The system is not perfect, but it worked.

. Understanding why people over-retain email - One might find the
key to the whole problem by taking a step back and asking "why do employees
over-retain and take it so personally when I talk about messing with their
email?" Employees (and we) retain email for a few reasons, but principally
because: (1) the desire to CYA, (2) if you delete the email, you will never
find "that" document or communication again, and (3) laziness. For the
first reason, covering one's assets, the higher up the food chain you go,
the more (and greater) offenders of over-retention you will find. As a
former ethics and compliance officer, I viewed the first item as a challenge
- getting managers to trust their superiors and employees to trust each
other and their manager. The blame game has to end. Once it does, email
proving one's innocence dissipates. Realistically, it is hard to achieve
perfect harmony and trust, so folks are always free to print that
exculpatory email if they so choose.

The second item is more tangible. If people know where to find what they
need when they need it, holding onto email is no longer mission critical.
This is where ECM, intranets, collaboration tools and central repositories
really matter. If documents were circulated with links, for instance,
rather than attachments, many emails would not need to be retained (as long
as the repository was readily accessible and searchable).

These are not perfect solutions and there are many ways to skin the email
cat, but I thought this might be some good food for thought on the hottest
operational and legal issue, perhaps, facing corporations today.

Rick

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]

ATOM RSS1 RSS2

LISTSERV.IGGURU.US