Email retention
The Enron and WorldCom debacles emphasised the importance of the retention of emails and other digital communications in the event that something goes terribly wrong and an investigation is required. While there are clear guidelines for the retention of paper documents, there was a degree of uncertainty about digital information until the Electronic Communications and Transactions Act was passed a few years ago. The Act provides for retention of information stored digitally in section 16:
1) Where a law requires information to be retained, that requirement is met by retaining such information in the form of a data message, if-
a) the information contained in the data message is accessible so as to be usable for subsequent reference;
b) the data message is in the format in which it was generated, sent or received, or in a format which can be demonstrated to represent accurately the information generated, sent or received; and
c) the origin and destination of that data message and the date and time it was sent or received can he determined.
2) The obligation to retain information as contemplated in subsection (I) does not extend to any information the sole purpose of which is to enable the message to be sent or received.
It becomes important to implement systems that are compliant with the Act to ensure that, should the need arise for an investigation, that the information has been stored in the manner required by law and that the company itself does not expose itself to criminal or other sanctions simply because of a failure to comply with its obligations to properly retain this information. There are a number of laws which require companies to retain information for a period of time and the fines for non-compliance can be pretty hefty. Aside from the imperative that this information be retained, it is often in a company’s interest to retain information generated and transmitted across its network should the need arise to investigate, for example, an employee’s misconduct. This ties in with the need for policies dealing with the interception and monitoring of communications across a company’s network, which I took a look at here.
I was chatting to a developer in Cape Town, Martin Hattingh, who runs a company called bsolve. bsolve recently launched a product called mailMAC which he develop in consultation with the IT law expert, Reinhardt Buys:
mailMAC enables easy retrieval of archived records through a centrally accessible and user-friendly web search interface, giving both administrators and end-users quick access to their archived mail.
How does mailMAC add value?
mailMAC solves the following problems:
- Mail deletion by users – mailMAC archives mail before it reaches the user
- Lack of integrity/authenticity of records – mailMAC uses secure encryption and verification to ensure item integrity
- Storage efficiency – archiving enables centralised Exchange quota enforcement without fear of items being lost
- Access to old records – the search capabilities of mailMAC enable easy retrieval of items several periods old
- Compliance – secure and authenticity-verified retrieval of items lends credibility to records as legal evidence
This is really one example of a product designed to help you comply with data retention requirements in law. I recommend that you investigate your options and put a system in place that helps you meet your legal obligations.
Tags: document, information, email, retention, mailmac, buys, bsolve, interception and monitoring, ect act, electronic communications and transactions act
Related posts:
