This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. Send mail to mimeat_private for more info. --------------A531A71187EA10FB5BD1231D Content-Type: TEXT/PLAIN; CHARSET=us-ascii Content-ID: <Pine.SUN.3.96.981101162054.5667Iat_private> Forwarded From: darek milewski <darekmat_private> http://www.zdnet.com/pcweek/stories/printme/0,4235,364129,00.html E-mail cleanup By Christy Walker If Microsoft Corp. followed Betty Zimmerman's example and tidied up its e-mail more often, the software developer might have an easier time defending itself against federal antitrust charges in Washington. Every 18 months, Zimmerman sees to it that all 25,000 e-mail users at her company, Texaco Inc., know and follow the rules regarding retention, privacy, and the appropriate use and handling of e-mail messages. One of those rules: E-mail messages not specifically designated by users for retention are regularly deleted. If Microsoft had done likewise, it's possible that internal e-mail messages related to a June 21, 1995, meeting between officials from Microsoft and Netscape Communications Corp. would never have been available to Department of Justice prosecutors. The government, however, was able to subpoena that and hundreds of other Microsoft e-mail messages found in backup files and is using them as pivotal pieces of evidence in its antitrust case against the Redmond, Wash., software developer. Such high-profile cases are sending a wake-up call to IT managers: It's time to get serious about cleaning up enterprise e-mail. In a business climate where open lines of communication are vital and e-mail has become the most important and pervasive desktop application, a clear corporate messaging policy is mandatory. Such policies should clearly state not only how long an e-mail message will be kept but also how the enterprise will deal with other issues that e-mail misuse can bring, such as discrimination and harassment, copyright, defamation, spamming, employee privacy rights, and revelation of trade secrets (see chart, below). Without e-mail policies, corporations can be exposed to liability or, at the very least, a waste of computer resources. Pulling no punches Some enterprises are already getting tough about enforcing e-mail policies. One Wall Street brokerage, Smith Barney (now Salomon Smith Barney Inc.), for example, fired two analysts in April for allegedly circulating pornographic material via the corporate e-mail system. The New York company's Employee Interim Handbook cautions that e-mail is subject to examination and that mishandling of the company's equipment could result in termination. The handbook states: "Improper use includes but is not limited to any use of such equipment or services for the transmission or communication of images or text consisting of ethnic slurs, racial epithets, or anything that may be construed as illegally harassing or offensive to others based on an individual's race, national origin ..." A policy should, first and foremost, spell out which e-mail messages are to be kept and which are to be thrown out. "Without a good retention policy, old e-mail records could be available to provide a smoking gun in litigation," said Eric Goldreich, IS director at Sheppard, Mullin, Richter & Hampton LLP, a Los Angeles law firm, where a messaging policy has been in place for about six years. E-mail policies should also spell out what kind of message content is acceptable and what is not. Unless companies clearly state and enforce e-mail content policies, they may find themselves embroiled in a legal battle over e-mail issues such as harassment and racial discrimination. MCI WorldCom Inc. can attest to that. Earlier this year, the telecommunications company, then WorldCom Corp., successfully defended itself against a suit charging it allowed racially harassing messages on its e-mail system. WorldCom's defense: It had in place an e-mail policy spelling out appropriate content, and the Jackson, Miss., company enforced it. Having a policy, however, is only half the battle. Businesses must let employees know about their policies by conducting frequent training and awareness seminars, said Michael Overly, special counsel to the IT group at Foley & Lardner, a Los Angeles law firm. "Approximately 40 percent of large organizations still don't have a written policy in place or one that is adequate," said Overly. "Companies are doing a disservice when they rush out with a two- or three-page policy and forget it. They need a well-written policy, followed up with adoption and training for employees." Texaco's Zimmerman does exactly that. "All end users are notified of these policies via e-mail on a periodic basis ... as well as by continuous posting on the company intranet," said Zimmerman, who is technology leader for knowledge management at Houston-based Texaco. The oil company implemented its first e-mail policy in 1993. One company, Private Business Inc., of Brentwood, Tenn., used a template from the Electronic Messaging Association--a membership forum for businesses interested in emerging messaging technologies--to build its e-mail policy and distribute it to users. "We include our pagelong e-mail policy in the employees manual," said Rick Bryant, manager of sales force automation at Private Business. "It says e-mail is monitored periodically and subject to inspection at any time. ... Employees should use prudent judgment when [composing] messages and file attachments. But incidental personal use of e-mail is permitted." Sheppard, Mullin, Richter & Hampton goes even further. Its employees are reminded daily of corporate messaging policies as they click through a log-in screen. It instructs them that their use of the computer system is subject to the corporate electronic communications policy. Such a heavy-handed approach is not the norm in most organizations. A report released last month by American Management Association International found that only 20.2 percent of approximately 1,000 organizations surveyed are involved in e-mail store-and-review practices. A Microsoft spokesman declined to comment on the company's e-mail policies but said that, at more than 3 million messages a day, e-mail plays an important role at the company. "It facilitates transfer of important information so that good decisions can be made quickly," said spokesman Adam Sohn. IT plays central role As businesses clean up their e-mail by designing and implementing policies, IT has a central role to play. One job will be to make sure all the other corporate departments, such as legal, human resources and even senior management, are involved. "IT will certainly have to take a more aggressive stance in this," said Jonathan Penn, an analyst at Ferris Research Inc., of San Francisco. "More and more, it means that their job entails bringing in the legal counsel to plan IT policies, including message retention" or the size of outgoing e-mail messages. IT will also need tools that can filter and monitor outbound and inbound e-mail messages. A growing number of such tools from ISVs can supplement existing messaging systems. Brokerages have been among the leading adopters of such technology because of federal rules that require them to retain and review all communications with customers, including e-mail messages. Advent Inc., for instance, uses SRA International Inc.'s Assentor e-mail message screening and archiving software to comply with Securities and Exchange Commission and National Association of Securities Dealers Inc. regulations. "[Assentor] introduces another layer of technology, but it provides us with a savings in time, since we don't need a human monitor for each message," said Eric Generous, chief financial officer at the Hartford, Conn., brokerage. However, even many companies with strong e-mail policies are just beginning to look at tools that can help automate enforcement. "[Our] policy is fully implemented but not fully automated," said Zimmerman. Texaco recently thinned down its messaging infrastructure from 13 mail systems to Microsoft's Exchange Server. The company, which uses Documentum Inc.'s document management application for e-mail archiving, relies on individual users to specify e-mail messages for retention. More important, corporations must start with strong e-mail policies that are widely and regularly communicated and strongly enforced. Those that don't may be faced with a messy trail of lawsuits. "Freewheeling, casual, flippant, hyperbolic or simply careless e-mails are no-nos in dealing with situations presenting potential liabilities," said attorney Stephen Brock, of Christie, Pabarue, Mortensen and Young, in Philadelphia. "There are no 100 percent guarantees of confidentiality." Just ask Microsoft. --------------A531A71187EA10FB5BD1231D-- -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:09:47 PDT