Today, if you Google the phrase, “email retention,” 19.6 Million matches are found. If nothing else, that means that this topic is surrounded by industry buzz. With all of the complex regulations that only include vague policies on email retention, it is hard to assess whether or not you will soon be thrown into the deep end. While following behind the pace car that signifies “industry best practice,” it is also hard to justify whether or not this costly and time consuming practice truly warrants your immediate attention. Requirements under the Sarbanes-Oxley Act, Sections 802 and 1102 state that anyone who knowingly destroys or alters a document that turns out to impede an investigation or obstruct an official proceeding, is subject to a 20-year prison term. While most corporations have set some ground rules in regard to the appropriate way to utilize your corporate PC, it is hard to ascertain to what extent a company understands the content of their employee’s on-line interactions. Running scans to pick up “naughty” words in your e-mail can not protect a corporation from avoiding in house terrorist activities or corporate fraud. Research from the Radicatici Group, Inc. found that the average corporate email user sends and receives 84 emails a day, equating to 10MB of storage each day. This number is expected to rise to 15.8 MB per user, per day by 2008.<\/p>\n","protected":false},"excerpt":{"rendered":"
Therefore, monitoring and storing this mountain of content can easily seem like an overwhelming project to begin and maintain for corporations and banks alike. While it is has long been accepted that an employee’s corporate e-mail account is not protected under personal property laws, I do not believe that employees ever thought that their everyday banter would ever be neatly filed pending the possibility of future reference. Sarbanes Oxley (SOX) regulations may cause security auditors and data management professionals to move even the ever popular one-line emails to the filing cabinet.<\/p>\n
This is because although emails are informal in nature, electronic documents are as legally binding as hard copy communications. Already, the Securities and Exchange Commission (SEC) requires all private brokerage houses and banks to save hard copy, email, and instant messenger communications in regard to any stock trade or investment which occurred within the past 3 years. This SEC retention of records statute (section 17a-4) has been continuously adjusted, added too, and enforced since 1939. These regulations were originally established to help assure that brokers did not raise their commission rates or become involved in investment fraud.<\/p>\n
This need was stemmed by notable court cases such as Morgan Stanley V. Ronald Perelman (Revlon), a case which has already pushed Morgan Stanley ahead of the curve in saving all of their communications, and cost them somewhere in the ballpark of 1.45 billion dollars. Morgan Stanley is now leading the way in these practices in hope of avoiding further litigation and fines for not having proper email retention policies in place. Many entities are looking for the most cost effective services possible when beginning this process and this search has pointed towards hierarchical storage management services.<\/p>\n
http:\/\/bankinfosecurity.com\/node\/2570<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-698","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/698","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=698"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/698\/revisions"}],"predecessor-version":[{"id":3185,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/698\/revisions\/3185"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=698"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=698"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=698"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}