informa
/
2 MIN READ
Feature

Privacy Lawyer: Stick To Your Policy

The most important lesson from a recent study of E-mail and instant messaging by the American Management Association and the ePolicy Institute is how much work is needed to improve awareness and risk management in the wired workplace.
The most important lesson from a recent study of E-mail and instant messaging by the American Management Association and the ePolicy Institute is how much work is needed to improve awareness and risk management in the wired workplace.

Only about a third of the 840 respondents to the study say their companies have written E-mail-retention policies, and a similar number admit they don't know or are unsure what should be retained and what could be deleted. Of those governed by retention regulations, almost half admit to not complying with or being unsure if they're complying with retention rules. The number of respondents who really understand retention requirements and compliance is likely far lower than that of the self-reported here.

This shouldn't be a surprise, even if it's troubling. Lawyers have grappled with what to keep and what to dispose of for decades. Add electronic-communication-retention issues, technological developments, and the avalanche of new regulations to the mix, and you have a netmare!

Understanding the importance of a document to a future litigation is impossible, even for seasoned privacy legal professionals. Unless there's a rule governing a precise type of information, it's largely a case of Monday-morning quarterbacking. Because of this, most legal and risk-management experts decide in advance to take one of two strategies: keep everything or keep nothing.

If this choice is clearly articulated in a company's policies and adhered to consistently, it works. Companies get into trouble when they suddenly delete all E-mail archives on the morning they're served with a subpoena. Even if a written keep-nothing policy is in place, the company faces liability for deleting evidence unless it's followed consistently.

Most people in the survey--60%--say their employee E-mail hasn't been subpoenaed and that their company hasn't been involved in litigation because of employee E-mail. But reality may differ from perceptions. Companies are almost always involved in some type of litigation, and most cases now involve electronic evidence. Unless a survey respondent is directly involved, it's unlikely he or she would know the answer to these questions. Risk management might improve if employees were made aware of the legal significance of electronic communications.

It's also time to address instant messaging in the workplace. IM is harder to monitor, track, and retain than E-mail. It's rarely retained, unless one party has a reason to save it (which makes it even more dangerous). And IM is more like talking than writing, so normal written workplace-communication safeguards are often ignored.

How each company deals with that will differ, based on its workplace culture and technological capabilities. But it's much better to address the issue now than when looking down the barrel of a smoking E-mail or IM.

Return to main story: "Policies Lag E-Mail's Popularity"

Take our poll: Is IM Part Of Your World?


To find out more about Parry Aftab, please visit her page on the Listening Post.

Editor's Choice
Brian T. Horowitz, Contributing Reporter
Samuel Greengard, Contributing Reporter
Nathan Eddy, Freelance Writer
Brandon Taylor, Digital Editorial Program Manager
Jessica Davis, Senior Editor
Cynthia Harvey, Freelance Journalist, InformationWeek
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing