-->

KMWorld 2024 Is Nov. 18-21 in Washington, DC. Register now for Super Early Bird Savings!

How to Optimally Manage Email in the Enterprise

Many organizations today are confounded by the question "how and where should we store email files for peak performance and iron-clad compliance?" The answer includes two major classes of solutions: email archiving and records management. This article uncovers the challenges and requirements of email management and discusses available solutions.

Four Key Challenges of Email Management

When you think about email management, four issues deserve a closer look:

1. A percentage of email, such as spam, has a short lifecycle. It is retained and soon thereafter deleted;

2. Some email needs to be managed online for an extended period of time;

3. The majority of email has business value and requires management outside the organization's email system to meet legal, regulatory and compliance requirements; and

4. All email, while in the organization's email system, is open to document discovery for litigation or regulatory inquiry. Compounding these issues, organizations are receiving more and more email. Current estimates show email size and volume growing by 30% annually. The Radicati Group estimates the average corporate user generates and receives about 84 emails a day requiring about 10 megabytes of storage. They predict this number will rise to 15.8 megabytes by 2008.

In organizations where email is voluminous, two issues are often present:

1. The organization is forced to regularly increase the size and capacity of email systems, or move email to secondary systems for management and storage; and

2. The task of locating emails—either by users or organization-wide for compliance or discovery purposes—becomes more complex, time consuming and costly.

Yet another challenge relates to managing the numerous emails received daily by each user. A single inbox can require a variety of processing activities. Some emails require routing to a certain system, while others have special rules for access, retention and destruction. Some business requirements mandate that only the body of the email be retained, while others must include attachments, audit trails and metadata. Dealing with all scenarios appropriately is no easy task. A few examples of email types include:

  • Spam or other un-requested or undesired email every organization tries to limit;
  • Transitory/non-business emails not required for any legal, business or regulatory purpose;
  • Personal emails a user wishes to keep, but that the organization does not need for legal, business or regulatory purposes; and
  • Business emails that must be retained for legal, business or regulatory reasons. This email type is further complicated by the user not knowing if it is "the email of record" or a copy.

Of all email, business email is the most complex to manage because of the variety of forms it takes. Some business email simply contains referential information, while other emails might contain the only written confirmation of a special price offered to a client making it a legal document of record. It is estimated that more than 75% of organizational know-how is buried in email. This makes it critical for email to remain not only accessible for an extended period, but easy to find.

In addition, business email must adhere to numerous legal, regulatory and corporate requirements. This list represents just a few of the laws governing how organizations must manage their email:

  • US Securities and Exchange Commission (SEC);
  • National Association of Securities Dealers (NASD);
  • The Freedom of Information Act; u Sarbanes-Oxley Act of 2002; and 
  • Rules of Civil Procedure (26, 34) case law.

But why is it so critical to adhere to these laws? One example comes from the 2004 ePolicy Institute survey of US companies which revealed that 21% of participants had their employees' email and instant messaging content subpoenaed as part of a lawsuit or investigation. Responding to these investigations is both time-consuming and expensive, particularly in light of the increasing volume of email described previously.

In general, rules require organizations to manage the entire email records lifecycle as un-editable originals in a system outside their email system. An example of this requirement is the US government's DoD 5015.2 standard for managing electronic records.

Retention Policies are Serious Business

The reason retention is at the heart of the email problem is because it represents a business asset. As an asset, it has both user and business value. As business information, it carries retention requirements defined by laws and statutes. And, unfortunately, these laws make email management a high-risk area because it can be used against an organization in court and/or by regulators.

Retention is also costly in two ways: pure storage costs, and the cost of review as part of a discovery process. In a 2006 report, Forrester Research stated firms need a way to archive only emails that are business records for only as long as necessary, and organizations must be able to produce only relevant records as part of a legal discovery or internal investigation.

Stringent compliance requirements dictate that organizations cannot improvise when it comes to the email destruction process. And email should never be destroyed specifically to avoid legal complications or regulatory intervention. In a 2002 report, Gartner Group stated that retaining everything forever is unwise and costly, as is deleting it after 30 days. An all-or-nothing approach does not work, which means enterprises must understand the legal and technical issues involved and take the appropriate measures.

KMWorld Covers
Free
for qualified subscribers
Subscribe Now Current Issue Past Issues
KMWorld on Facebook
KMWorld on X
KMWorld on LinkedIn
KMWorld on YouTube
Best Practices
100 Companies That Matter in Knowledge Management 2020
KMWorld Trendsetting Products of 2019
Knowledge Management Webinars
Site Sponsors