It is well understood that the transition to Internet protocol (IP) involves a significant shift in technology, business approach and marketing. What isn't as often pointed out-but is in this eWEEK blog-are the possible legal and regulatory changes related to the natural tendency of the new network to save messages.
The blogger, Salvatore Salamone, points out that VoIP voice mail messages are likelier to survive than traditional voice mail messages. In the old days, messages simply were recorded over. Today, each message usually ends up as a .wav file and a backup copy made. Thus, deletion of the original isn't as automatic and, even if it is destroyed, a copy often exists.
Companies need to know what their responsibilities are. Is it OK to delete both the original and backup copies? Does the move to IP mean that more is expected of the company in terms of preserving messages? Are there special requirements under The Health Insurance Portability and Accountability Act (HIPAA)? Sarbanes-Oxley? Other regulations?
Regardless of whether preserving the recorded calls is legally required, it makes sense to do so. Or at least it does, according to an organization named SIP Print, which is in the business of recording calls. Regardless of the self-serving nature of the list, many of the reasons make sense. One point is that a key rationale for recording calls is regulatory compliance:
Businesses of all types face growing regulatory requirements. Today, many businesses are simply required to record phone calls for an undisputable record of transactions. Others find that implementing a call recording solution offers the most effective and affordable way to demonstrate a pattern of compliance.
There is a new level of complexity arising in the meeting of e-mail and hosted services. And, again, regulatory compliance is a key concern. At eSecurityPlanet, SecurityCurve partner Diana Kelley does a deep dive into what organizations should look for in cloud-based e-mail service providers. There are many questions to ask about how the service is configured. Some of these are mandated by the particular regulatory regime under which the organization works, while others are driven by internal mandates. Kelley points out that cross-border issues can crop up when the requirement is driven by governmental regulation.
Digitization and IP has led to radical increases in the ability to store messages and other incidental, but potentially valuable, information. Sue Marquette Poremba presents the issues well over at Network Security Edge. She was discussing the matter in the context of health care, but it is a question that is relevant across the board. The bottom line is that IT managers, CIOs and legal departments must grapple with whether-and if so, how-the network's new capabilities change organizations' responsibility to store everyday messages.