Archiving offers a range of benefits

Investigating what’s behind the buzzwords “email archiving” and “e-discovery” will potentially reveal considerably more benefits than just cost savings and increased productivity.

Organisations are having to manage volumes of email that are set to nearly double in the next two years. Other business communication formats are also increasing: IT analyst organisation, IDC, predicts that instant messaging (IM) will grow faster than email, with annual increases of 23.5 percent expected through to 2011.

Storing emails, IMs and other electronic documents such as desktop documents, ERP documents and data, images, voice, video and other corporate records may initially appear relatively inexpensive and easy thanks to the commoditisation of storage – but ensuring you can search, preserve and retrieve specific items from those storage devices quickly and easily is less straightforward – and becoming increasingly more important.

Many IT executives are under a misconception that software-based digital archive and retrieval systems cannot handle the volume and types of data produced by organisations as well as the breadth of requirements. However, there are a host of companies and government departments that have implemented archives capable of capturing all digital content, including emails and IMs, and have reduced not just costs but also risk as a result of more efficient data management.
It is essential that the archiving solution enforces the organisation’s records management policies, dictating what records need to be retained, how and for how long.

Significant benefits

IT decision-makers should investigate an archiving solution that can not only reduce infrastructure and operational costs (storage, backups and IT support) but also deliver other functionality such as:

• archiving for regulatory compliance
• proactive surveillance and monitoring
• data retention
• e-discovery.

The right tool should deliver these significant benefits:

• documents requested in a legal case can be produced quickly
• good corporate governance
• maintaining investor confidence
• risk mitigation
• share price protection
• reputation management of the company and its brands
• less reliance on external legal firms
• reduced litigation costs
• and importantly, increased user productivity because users want to keep everything and expect a Google-like experience when it comes to searching for their historical records.

The numerous regulations and laws in Australia that cover document retention take account of electronic records, which carry just as much evidentiary weight as paper-based records.

Legal issues to be considered

Some of the more common legal retention and destruction obligations for electronic records include:

• The Corporations Act: “financial records” to be kept for seven years
• Income Tax Assessment Act: tax records to be kept for five years
• Workplace Relations Acts: covering industrial relations, long-service leave and workers’ compensation where records need to be kept for minimum periods that vary between six and seven years
• Privacy Act: organisations have an obligation to destroy personal information no longer retained for a permitted purpose.

Other statutes that companies and government need to be aware of include:

• CLERP 9
• Australian Prudential Regulation Authority Guidelines
• Australian Standards
• Archives Act
• NSW Workplace Surveillance Act 2005
• Australian Standard on Compliance (AS3806)
• Australian Standard for Records Management (ASISO 15489)
• Basel II
• Commonwealth Evidence Act 1995
• Commonwealth Electronic Transactions Act 1999
• International Accounting Standards (IAS)
• QLD Recordkeeping (IS40)

Two other acts worthy of elaboration are the Crimes (Document Destruction) Act 2006 (Vic) and Evidence (Document Unavailability) Act 2006 (Vic).

Companies operating in Victoria need to be aware of this government legislation that prohibits individuals or corporations from intentionally destroying documents that may at some future time be needed as evidence in court. If convicted, the maximum sentence is five years imprisonment or a fine of $62,886 for individuals and $314,430 for corporations.

In addition, a significant penalty can be applied where a judge may instruct the jury that the destruction of the evidence should give rise to an adverse inference regarding liability. More seriously, the judge might order that the defence be struck out (ignored) by the jury, so the plaintiff wins by default. Thus, corporations and individuals may, by destroying documents, make it much more likely that they will lose the case and be subject to considerably greater sanctions in terms of awards of damages than those nominated under the act.

These two offences relate to the destruction of a document or other object that is reasonably likely to be required in evidence in a legal proceeding. It is important to note that these acts create this offence in situations where no litigation has actually commenced (it has always been illegal to destroy evidence once a case has actually been launched).

This covers circumstances where an individual or organisation destroys documents that may, at some future time, be needed in evidence and where this need can be and has been anticipated.

Victoria is the first state to create a specific document destruction offence whereby a corporation can be prosecuted in circumstances where, even though there was no direct instruction by the organisations to destroy a document, it was implied by the corporation’s culture. In addition to destroying a document, it is also a crime if they prevent the documents being used in evidence, such as concealment or rendering them illegible. This includes emails and
their attachments.

In addition to the legal and regulatory requirements, organisations can have their own policy needs to retain corporate records for their business value.
e-discovery

One of the latest new responsibilities that organisations need to be aware of is the Federal Court of Australia’s new rule on the discovery of electronic documents, which is expected to apply to all proceedings commenced after 1 July, 2008.

The overriding requirement of the new Practice Note is to preserve relevant electronically stored information and be able to produce material, including emails and Instant Messages, in a timely fashion.

Most businesses in Australia would find it extremely difficult and costly to comply with these new e-discovery requirements in the event of any litigation.

Usually, once a request for electronic documents has been made, organisations have to produce them within a very limited period. Relying on back-up tapes for retrieval is not really a viable option in these instances.

With emails accounting for approximately 90 percent of business communication today, it is necessary to be prepared for any potential litigation involving these unstructured documents, which should be archived and managed in accordance with corporate policy like any paper-based business records.

Organisations need to ensure that records pertaining to a specific case or cases are preserved and managed in line with litigation hold orders and that an auditable chain of custody supports testimony requirements.

How these electronic records are retained has the potential to save a business an enormous amount of discovery and production time and possibly hundreds of thousands of dollars (or more).

Relying on backup tapes, which most organisations in Australia still do, creates all kinds of problems including:

• Documents and emails that are saved in this way can be deleted or altered – either inadvertently or deliberately; and

• Finding specific documents in the event of litigation is sometimes impossible or takes so long that recovery costs can be more than a legal settlement fee

• If organisations are unsure if they can find relevant records, how long the search would take and how much it would cost to retrieve them, an out-of-court settlement is often taken.

As we have seen from many high-profile cases, particularly in the financial services industry in the U.S, the reality of relying on backup tapes has been a very rude awakening. Morgan Stanley was one such case where the court took a dim view of the company not knowing where its records were and it cost them billions of dollars; and that’s from a firm recognised as having a sophisticated IT setup. It paints a vivid picture of how so many companies are running their business.

The White House issue

The current White House administration is another culprit caught up in email mismanagement. Emails sent in 2003 – around the opening days of the Iraq War – now appear to be missing. Critics blame the White House’s manual email archiving system.

It apparently dates back to when the White House decided to migrate its email system from Lotus Notes to Microsoft Exchange, a transition completed in 2004. The White House’s CIO claims that when the migration occurred, it did not use the Automatic Records Management System but chose a process called “journaling”, which involved manually copying files from one email folder, renaming them and saving them as a .PST file on a number of servers. Note that this journaling is different to the Journaling feature in Microsoft Exchange.

The risks to this method include: a high probability of lost emails, a perception of file mismanagement, virtually no user accountability and no guarantee of file integrity. However, many businesses have adopted a similar “archiving” method for years, resulting in the same devastating results.

The problem of lost or otherwise irretrievable electronic records remains a persistent headache throughout the corporate world, even among highly respected multinationals with state-of-the-art technology infrastructures. Ironically, just as with the White House, the need is greater than ever for every business, big or small, to be able to quickly and accurately find and preserve its electronically stored information.

Three key pieces of advice I suggest you offer to your customers are:

1. Email is your biggest risk, so fix it. Email should be the first candidate when it comes to managing information risk. Ensure the IT and legal departments (at a minimum) work together to establish records retention policies that reflect your regulatory obligations, business continuity needs and litigation risks. Make that your policy and stick to it. A retention policy is pointless unless it’s uniformly enforced. And note that backup tapes are no substitute for policy-based records retention and archiving.

2. Email is the tip of the iceberg. People don’t just communicate through email anymore. We’re using IM, texting, blogs, wikkis, etc. Ensure retention policies apply uniformly to all forms of electronic records, not just email.

3. Act now. Start to take preventative measures now so that, if faced with an investigation or litigation, you’re acting from a position of strength (versus scrambling to try and find an email). Remember, if you and your team are asked to produce records and you can’t, you either look incompetent or fraudulent.

Industry-best practices

Best practices have to be a combination of policy, technology and execution.

1. An organisation must establish policies (preferably enforced by senior management and/or the board and developed with the co-operation of IT, legal and business units) that define what is a corporate record and for how long those records must be retained.

2. Given the volume of records that organisations are dealing with as well as the complexities of mounting regulation and legislation, organisations should implement appropriate technology to electronically enforce those policies. The technology should be capable of managing and enforcing legal holds as well as support the orderly destruction of records.

3. Organisations should regularly review and test:

• Their ability to access, search and retrieve electronic records in the event of litigation. Special consideration should be given to the speed, accuracy and completeness of searches.

• Written policies and procedures for handling electronic records, and ensure that implemented technology can prove they consistently enforce them.