On 17 May 2016, harmon.ie in collaboration with Gimmal issued a survey report entitled "The One Email You Can’t Ignore: The Risks and Business Impact of Failing to Treat Emails as Records" ("Report"). This Report provides insight into the key challenges that businesses face in managing email records. The findings are based on feedback from over one hundred information governance leaders from different industries.
Given the enormous flow of email, businesses should develop a process to determine which emails should be classified and retained as business records. According to the report, the majority of information governance professionals identified capturing, classifying, storing, and retrieving email as posing a major compliance challenge for their organization. Businesses often overlook the importance of retaining emails as business records. This oversight often exposes businesses to significant financial consequences and legal risk.
Email Records: Classification and Legal Considerations
In determining whether an incoming or outgoing email is a business record, the following should be considered:
- Is there a legal obligation to retain the email?
- Is there any evidentiary reason to retain a email (i.e. possible audit, investigation, litigation)?
- Does the email form part of a contract, transaction or business decision?
Costs of Non-Compliance: Risks and Regrets
Non-compliant businesses expose themselves to potential financial loss, legal risks, and loss of reputation. According to the Report, nearly a quarter of information governance specialists indicated that their organizations experienced the negative impact of litigation, potential litigation or regulatory sanctions due to an inability to produce relevant records. In 2015, Scottrade was fined US $2.6 million because it was unable to produce important emails for audit purposes. Additionally, nearly one-third of information governance specialists forecasted financial risk for their organizations at US $5 million and over a half indicated US $1 million for email records non-compliance.
Strategic Email Records Management: Tactics and Takeaways
Strategic records management policies and procedures are required to effectively manage emails as business records. Businesses should ensure that they are legally compliant in the way they capture, classify and store email including attachments. Businesses operating globally will need to consider the implications of different legal environments including telecommunication, marketing, employment and privacy laws. Key considerations in developing a legally compliant email records management plan include:
- Develop or revisit email records management plan to ensure that legal compliance standardsare met.
- Tailor recordkeeping compliance solutions to meet business requirements.
- Engage simple and straightforward procedures to ensure that employees understand why email compliance is important. Employees should be able to identify and capture all relevant business information required to avoid potential financial and legal risks.
- Adopt tools and procedures to succeed against non-compliance risks.