As IT Business Edge blogger Carl Weinschenk brought to light recently, e-mail archiving and document management are important from a compliance standpoint inasmuch as Sarbanes-Oxley and other regulations (HIPAA, Graham-Leach-Bliley, Basel II and even the Federal Rules of Civil Procedure) require preservation and/or review of various types of corporate records.
But what happens when employees use personal e-mail accounts or other outside systems rather than company-maintained e-mail systems to create, send and receive business-related messages?
That, it seems, is a completely different animal. In a recent IT Business Edge interview, MessageOne marketing director Paul D'Arcy contends that use of personal e-mail to conduct business exposes companies to big risks -- precisely because business e-mails sent from or received in personal accounts defeat corporate processes that have been put in place to ensure that the company does not run afoul of any laws and regulations.
The great majority of people who use personal e-mail accounts for business do so as a matter of convenience, D'Arcy says, but a surprising 16 percent of respondents to an Osterman Research survey admit that they use personal e-mail accounts specifically to avoid corporate e-mail control processes.
How is a company to minimize the risk created when outside systems are used for company business? Steven Bennett, a partner with international law firm Jones Day, told IT Business Edge this week that an express policy is the place to start. The company can either recognize the fact that people use outside systems for work e-mail and require the employee to agree in advance that business e-mail on his or her personal systems will be preserved and provided to the company, or the company can declare that corporate business may only be conducted on company-maintained systems.
Either way, Bennett says, the key is educating employees on the policy and reinforcing that policy as necessary.