What is My Conversation Worth?
Best Practice Considerations for the Protection and Retention of Electronic Communications
Jeff Mansir, Risk and Business Advisory Senior Manager
In the heavily regulated environments of financial services and healthcare, greater scrutiny is being directed toward protection and retention of electronic communications. The Financial Industry Regulatory Authority (“FINRA”) is requiring businesses in the finance industry to have thorough documentation of their communications in an unalterable state, including emails and instant messages. As a result, it has become essential for companies operating in these industries to develop and implement “messaging management” policies to avoid the frequently severe regulatory penalties incurred by failing to maintain adequate systems for email and other messaging. In 2013, FINRA fined Barclays Capital Inc. $3.75 million for systematic failures to preserve electronic records and certain emails and instant messages in the manner required.
Most organizations use email servers as their primary file system, storing correspondence and attachments in an unstructured setting (i.e. date received, or sender, as the primary key for finding data). Use of mail storage caps can force users to discard what could be potentially sensitive, discoverable emails. Often, in the absence of a formal and enforced email management policy, employees may take it upon themselves to create personal email archives (.pst or .nsf files, for example) to store message contents on their local hard drives, beyond the scope of any mail store and server backup programs your organization has had the foresight to put in place.
Decentralized, random stores of messages prevent messages from being indexed and archived properly; they may also prevent timely destruction of correspondence as called for by policy and best practice, jeopardizing the organization’s ability to respond appropriately to an e-discovery request in civil litigation or government investigation. Responding to an e-discovery “event” can cost millions of dollars, of which the majority of the expense is incurred processing, analyzing, and reviewing materials requested by regulatory agencies. Failing to comply adequately with an e-discovery request in a timely manner can be a costly mistake.
An established policy for retaining, retrieving, and destroying emails is an essential starting point for implementing a messaging management program. Following the policy, a well-designed message archiving system retains relevant messages (in accessible media) and ensures the appropriate and timely destruction of obsolete messages. A few notes to keep in mind:
- Messages contain correspondence; what is the shelf life of the discussion? Is retaining the conversation necessary, or advisable?
- Messages can contain attachments; does this document reside elsewhere, in other versions? If I delete it from one place, do I know it has really been deleted from my information store?
- Messages exist in several places; do I have this email on my iPhone? Home PC?
Simplicity is key. Reducing the number of files, especially instances of the same file, is critical to maintaining control over your information assets. Then, ensure that your backup regime is adequate to archive and protect the critical files you have in a readily-accessible manner. Finally, TEST your systems periodically to ensure that your media is working, and your data is accessible.
Disclaimer of Liability: This publication is intended to provide general information to our clients and friends. It does not constitute accounting, tax, or legal advice; nor is it intended to convey a thorough treatment of the subject matter.
IRS CIRCULAR 230 DISCLOSURE:
Pursuant to requirements imposed by the Internal Revenue Service, any tax advice contained in this communication (including any attachment) is not intended to be used, and cannot be used, for purposes of avoiding penalties imposed under the United States Internal Revenue Code or promoting, marketing or recommending to another person any tax-related matter. Please contact us if you wish to have formal written advice on this matter.