Email regulations mess with customers’ heads

Resellers have a tough time explaining the latest email regulations to their customers.

A new survey from cloud-based email suppler Mimecast has found that customers cannot cope with email regulations and have corporate email archiving and retention policies are muddled and unclear,.

On the bonus side, resellers can tell their clients that if they do not sort out the mess they could find themselves facing stiff fines and can offer packages accordingly. But the downside is that they have to wade their way through a sea of red tape to understand the regulations themselves.

The research, which surveyed IT managers on their organisations’ email policies and archiving practices, found that only a third retain archived email for three years or more and a quarter admitting that they do not have a clear policy on retaining email at all.

About 41 percent of UK businesses surveyed say their archiving policies are based on ‘internal best practice’ with no consideration given to industry or country specific regulations.

Six percent said that they would sort out their email retention policy around a ‘random future date’ in the future and they are not sure what it will be when the date arrives.

Many businesses are not confident that they would be able to identify all emails relating to a specific customer in a timely manner, which is required by law.

It would take a UK business 12 working days to identify all emails relating to a potential litigation and 17 percent of UK businesses do not think they would be able to comply with this kind of email eDiscovery request within a month.

Jeff Wright, Partner and IT Director, Morgan Cole said that  busy IT departments find managing and enforcing corporate email policies a peripheral issue. But if they but if they don’t get their act together they could expose the organisation to huge risk, he warned.

In the event of litigation, you need to be able to provide all relevant messages as soon as possible and, crucially, guarantee their accuracy. Once an email is sent or received, it is often not possible to know how many copies exist, where they reside or if they have been tampered with or edited.

Eliza Hedegaard, Director, Legal IT, Mimecast, said that IT departments can and should be doing more to protect their organisations by adopting a more rigorous approach to email archiving.

“However, the businesses I speak to are not being helped by a regulatory system that is incredibly confusing and difficult to navigate,” he said.

Regulators should be helping businesses by simplifying the regulatory framework and putting greater emphasis on clearly communicating what organisations need to do to in order to comply instead of adopting scare tactics that focus on what will happen if organisations fall foul of the rules, Hedegaard added.