Email Regulation a Major Concern for IT Departments

While IT departments are worried about muddy policies on email archiving and regulation, many businesses don’t have clear policies in place.

Businesses are leaving themselves exposed to potential litigation or compliance issues due to a lack of clear-cut corporate email archiving and retention policies, according to a Loudhouse Research survey sponsored by cloud-based email management Mimecast of IT decision makers across a range of company sizes and industry sectors and regions. The sample consisted of 200 U.S. respondents, 200 from the U.K. and 100 from South Africa.

The survey, which asked IT managers about email policies and archiving practices, found only 20 percent of U.S. businesses (23 percent globally) retain archived email for three years or more, with one in four businesses (25 percent in the U.S. and 26 percent globally) admitting that they do not have a clear policy on retaining email at all. Six percent of U.S. and global businesses said they would be deciding their email retention policy around a random future date with no basis.

An alarming 41 percent of U.S. businesses surveyed (43 percent globally) said their archiving policies are based on internal best practices, with no consideration given to industry or country-specific regulations, and just one-quarter of businesses reported having an email retention policy designed to comply with industry regulations, with e-discovery for email a major area of concern. On average, it would take a U.S. business 15 working days to identify all emails relating to a potential litigation, the report found.

“IT departments can and should be doing more to protect their organizations by adopting a more rigorous approach to email archiving,” Mimecast’s director of legal IT Eliza Hedegaard said in a statement. “However, the businesses I speak to are not being helped by a regulatory system that is incredibly confusing and difficult to navigate. Regulators should be helping businesses by simplifying the regulatory framework and putting greater emphasis on clearly communicating what organizations need to do to in order to comply instead of adopting scare tactics that focus on what will happen if organizations fall afoul of the rules.”

However, the report indicates that even if businesses aren’t prepared for proper email archiving, their IT departments are aware of the issue—and concerned. Just one in four IT teams (24 percent in the U.S.; 27 percent globally) said they are completely confident that their email policies comply with all relevant regulations, with 48 percent in the U.S. (46 percent globally) saying they were “mostly confident.” Globally, 34 percent were not at all confident or minimally confident.

“Taking 15 days to identify all relevant emails sent and received by a client is a massive and unnecessary resource drain,” Jim Darsigny, CIO at law firm Brown Rudnick, said in a statement. “For IT departments, managing and enforcing email policies can no longer be an ad hoc approach as the risk potential and time wasted is too high to ignore. In our organization, the cloud enables our business to significantly reduce the pain, costs and resources normally dedicated to sourcing archived email data. With a solid email eDiscovery strategy in place, we are not only able to better serve our clients, but we can also more accurately assess their level of risk.”