LISTSERV - RECMGMT-L Archives - LISTSERV.IGGURU.US

RECMGMT-L Archives

Records Management

RECMGMT-L@LISTSERV.IGGURU.US

	LISTSERV Archives
	RECMGMT-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Condense Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Content-Type:	text/plain; charset=us-ascii
Sender:	Records Management Program <[log in to unmask]>
Subject:	Re: Legal importance of instant messaging
From:	Patrick Cunningham <[log in to unmask]>
Date:	Thu, 6 Jan 2005 11:55:07 -0800
In-Reply-To:	<[log in to unmask]>
MIME-Version:	1.0
Reply-To:	Records Management Program <[log in to unmask]>
Parts/Attachments:	text/plain (50 lines)

I think records managers have a responsibility in their organizations
to be proactive about instant messaging. However, the jury is still out
to some extent on when IM messages need to be retained. Arguably, a
business may consider (via policy statements) IM to be a transitory
media akin to voicemail and not require retention (with a clear policy
statement that business as such cannot be transacted via IM technology
and that any business-relevant IM transactions be retained).

That may well be challenged by a number of folks, but I think you have
to triage this messaging technology in the midst of the many other
electronic records issues in your organization. However, at some point
you may find that business must be transacted in IM and you will have
no choice but to treat IM as you do any other business record.

Today, your key areas of concern should be:

Who are you IMing? If you are using IM with customers or business
partners, you very likely will need a retention policy. If you are
subject to the SEC Rule 17a-4 regulation, then you must retain those
customer communications of business as such. If your IM traffic is
solely within the firewall, you have a greater chance of being able to
sidestep much of the record retention issue through internal policies.

What IM systems are being used? If your employees are installing their
own IM clients, that has to stop. Your IT department should have the
technical means to scan your network and determine if there are rogue
IM installations out there. If IM is a record of the organization, it
needs to be able to be authenticated and retained.

What policies exist? If you do not have policies regarding the use and
retention of IM traffic, you need to start writing.

At the end of the day, I do expect that IM will be sought after by
opposing counsel in litigation. Your organization should have a policy
that defines what Im systems can be used within the organization, how
IM is to be used, who you can communicate with, how user names are to
be authenticated, and what information can be transmitted. An issue of
some substance for concern is the transmission of privacy-protected
information, personally identifiable information, proprietary
information, or HIPAA-protected information. The reason for concern is
that using commercially available software (Yahoo, AOL, MSN, etc.) may
expose sensitive information to third parties managing IM servers on
the Internet.


Patrick Cunningham, CRM

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance

ATOM RSS1 RSS2

LISTSERV.IGGURU.US