Like their American counterparts, organizations all around the world rely heavily on email for business communications. As such, correspondence sent through the medium contains pertinent information regarding the company and its inner workings.

European Union officials have recognized the importance of the information contained in email and handed down the Data Retention Directive on March 15, 2006. While the law contains similarities to its American counterparts, most notably the Federal Rules of Civil Procedure, it is also a decidedly different piece of legislation.

Below we’ll examine the need for EU email retention standards, the law’s actual requirements and the heavy criticisms it has faced from several member nations.

The Need

As in most parts of the globe, employees in the European Union can’t do without email. It is the primary form of communications within European businesses, used for sharing information between branches, partners, customers and clients.

Furthermore, a whitepaper from Frost & Sullivan on the subject of email archiving revealed that 80 percent of the business-critical content for a company is contained in email messages. That means nearly all their trade secrets, confidential company data and insider information is all floating through cyber space in email.

For this reason, it is clear that making a legal case either for or against a company is dependent on the information contained in email. However, that same information could also be used to fight crime and thwart terrorism plots, both of which appear to be driving forces behind the EU’s Data Retention Directive.

That differs from the U.S. requirements, which are targeted at civil lawsuits and legal proceedings.

The Requirements

Under the directive, companies, mostly Internet service providers and others in the telecommunications, must retain all customer transactions for a period ranging between six months and two years. As for the transactions covered, they include email, telephone calls and website traffic, among others.

“The bottom line for many EU organizations is that proper email life cycle management decreases outside liability potential and falls in line with modern corporate email governance procedures,” according to Frost & Sullivan’s whitepaper.

However, the directive applies to certain information concerning these channels, but not necessarily the contents of them. Companies must identify the source, destination, date, time and duration of such communications.

Also, industry regulators in specific EU member nations have taken requirements step further. For example, the U.K.’s Financial Services Authority requires companies to retain email for six years. Such measures could cause other countries to follow suit with strict mandates of their own, according to Frost & Sullivan.

The Criticism

The EU Data Retention Directive has not been received without its detractors. In fact, the German Parliament has even gone so far as to call the directive illegal.

According to the IDG News Service, the German Bundestag’s Working Group on data retention said the law is “disproportionate in the measures it requires to fight crime, as data retention increases the crime clearance rate only slightly.” Essentially, the ends don’t justify the means. And the group said it would be impossible to reword the law to bring it in line with the EU’s Charter of Fundamental Rights.

In response, the European Commission, the executive body of the EU, said the directive does walk a fine line in terms of the right to privacy, and it will consider tighter regulations for the access and use of the retained data.

In addition to EU rules, EU companies also face industry email archiving requirements as well as the need to retain and if necessary produce electronic records for tax audits.

A .PST file is a file-access-driven method of message storage, according to Microsoft. That means the system uses special file access commands that the operating system provides to read and write data to the file.

These types of files are popular for Exchange Server users to avoid meeting the platform’s email inbox quotas. Users will convert files they wish to keep into .PST format in Microsoft Outlook and hold onto them for however long they are needed.

At first glance, it sounds like a reliable enough archiving strategy – files don’t clog users’ inboxes and are stored on the company’s local or network drives. But this may cause several major problems that will adversely affect the company, including failing to comply with email retention requirements and failing to be prepared for eDiscovery requests.

The following problems arise when users store emails in .PST files for long-term retention:

1. PST Files are not reliable

In fact, the method is so unreliable that Microsoft doesn’t recommend it practiced for email archiving. The company’s TechNet Performance Team posted an entry on its blog entitled “Network Stored PST Files … don’t do it.”

2. PST Files are vulnerable to data loss

A major issue is unintended data loss. Such files stored on a computer’s hard drive are usually without a backup. If a user’s computer is lost, stolen, hacked or the hard dive fails, the file will be lost forever.

3. PST Files can become corrupted

.PST files stored on a network drive are also vulnerable to data loss. Because the files are stored on the network, a user needs a network connection to access them, whether for eDiscovery or other purposes. According to Microsoft, “Microsoft Outlook tries to use the file commands to read from the file or write to the file, but the operating system then has to send those commands over the network because the file is not on the local computer.”

That process can’t happen should a network connection degrade or fail, which in turn will corrupt the .PST file and make it unreadable.

4. PST Files slow down the Network

Ironically, .PST files can be a common culprit behind the network slowdowns and stoppages that corrupt them. The size of a .PST file, compounded by the number of users that retain emails in such a way, places a lot of strain on a network, according to Microsoft.

In its Performance Team blog post, Microsoft gives the example of a couple hundred users who each had two or three, a low estimate, .PST files in Outlook. The users never delete the files and they continue to grow in size the longer they are stored.

Each time the user launches Outlook; the program makes a request for the two or three .PST files, which Microsoft estimates to be about 1 gigabyte each. When the 200 or so users launch outlook, that’s 600 gigabytes – 200 users, times three files each at 1 gigabyte each – worth of files being requested at once.

“That’s an awful lot of Disk & Network I/O to process simultaneously. This is a very common scenario – the file server ‘freezing’ for a few minutes at a time while it tries to service these requests,” according to Microsoft’s blog post.

5. No centralized storage of PST Files

Since PST files are stored on local drives, they can be lost and un-producible when the company faces litigation and an eDiscovery request. If so, a judge can levy sanctions and monetary fines for improper email archiving. On the flipside, PST Files can also suddenly show up when the company thought they had legitimately purged records according to their email retention policy rules.  With PST files residing on many different hard drives, it is hard to keep track of all the files and to know which data you have and which data you don’t have. It goes without saying that this uncertainty is less than desirable when dealing with an eDiscovery request.

In short, storing emails in PST files is simply not a good archiving strategy and a centralized email archiving system is advised instead.

That’s right, money is the best way to get a company’s attention when it comes to expounding the importance of email archiving. And the best way to avoid suffering such setbacks, or even facing them, may be to understand where the penalties come from and what they could potentially be.

First, we’ll highlight two of the most well known sources of penalties when it comes to email archiving – the Federal Rules of Civil Procedure and the Financial Industry Regulatory Authority. Then, we’ll highlight some real-life examples of what happens when email archiving goes awry.

Sources of penalties

Federal Rules of Civil Procedure

The Federal Rules of Civil Procedure are a set of regulations and requirements that govern how litigation is carried out in U.S. federal courts. They are also a good benchmark for companies to follow when looking to deploy compliant email archiving solutions.

The Federal Rules of Civil Procedure were revised in 2006 to take on a greater focus for electronically stored information, such as email. With the changes, eDiscovery requirements recognize all electronic communication, especially email and IMs, as now legal to request at the court’s convenience.

And the regulations are pretty clear concerning penalties. Should a company fail to produce requested Electronically Stored Information (ESI), or is found to have failed in archiving relevant data, a judge has several options. Penalties may include one or more of the following: paying for the expenses of the opposing party, contempt of court, imposing of sanctions against a case, heavy fines or even an automatic guilty verdict.

Financial Industry Regulatory Authority (FINRA)

Obviously this is a name you hear a lot about when it comes to financial organizations failing to practice proper email archiving.

Because the Financial Industry Regulatory Authority is a private corporation that acts as a self-regulatory organization, it has no standing to impose legal measures for email archiving impropriety. However, it still wields the authority to levy fines, and it isn’t shy about doing so.

In 2009, the organization handed down $50 million in fines for email archiving noncompliance.

Examples of penalties

MetLife

In November 2009, the company was fined $1.2 million by FINRA for failing to properly supervise “the review of brokers’ email correspondence with the public.”

According to the ruling, MetLife had an auditing system in place for its email archiving efforts, but failed to adequately ensure emails were forwarded properly. That allowed for the tampering of messages subject to regulation.

Piper Jaffray

Early last year, FINRA fined the investment bank $700,000 for an issue that spanned six years. As it turns out, Piper Jaffray had failed to archive more than 4 million pertinent emails during that time period.

EchoStar Satellite

The designer, developer and distributor of television set-top boxes was fined for the second time in November of last year.

New York state judge Richard Lowe concluded EchoStar “systematically destroyed evidence in direct violation of the law and in the face of a ruling.” That’s after it was previously sanctioned for deleting messages after just 21 days, against the Federal Rules of Civil Procedure mandates.

The second penalty was levied during a lawsuit in which a company was already seeking $2.5 billion in damages from EchoStar.

image by pitklad

‘Tis the season, all right. Law enforcement all around the world report an increase in cybercriminal activity during the holiday seasons. Everything from scams to phishing attacks can land in your inbox and it can be very difficult to discern the legitimate from the nefarious.

One of the biggest trends surfacing this year is the proliferation of fake Twitter and Facebook promotions luring consumers into phishing traps and in some cases full-on scams. Many promotions will promise a popular product at a price that seems too good to be true—and it is. Unfortunately, the consumer won’t know that they’ve been taken by a cybercriminal until long after they’ve submitted their credit card or payment information.

There are also several reports of phishing emails coming from what seems to be retailers following up on recent purchases and banks questioning purchase histories. These emails request login information or other sensitive personal data. Unfortunately, more often than not these emails can be surprisingly deceptive and many people can fall for them.

In most cases, it’s best to call a reliable customer service number if you have any questions at all about an email. Also, recognize that most amazing deals found online aren’t worth the risk.

As a side note, many companies will find themselves at risk of security breaches as employees will often use computers for personal use during the holiday season to get shopping done or visit other non-secure sites. The best way to protect your company from this employee use is to have reliable email filter that will prevent spam, protect inboxes and check for suspicious content.

This holiday season, the best gift your can give yourself and your company is peace of mind from inbox attacks.

Scholtes’ article illustrates issues related to minimizing legal risks and compliance. Legal obligations are major factors. Understanding eDiscovery obligations and regulations are critical for anyone deciding how records management will be handled. Additionally, continuing education and professional development is essential to keep any team responsible for records management abreast of any changes to compliance issues, laws or regulations.

While it is very important to archive and manage records with the possibility of litigation in mind, as Scholtes points out, there needs to be a level of flexibility built into your management system and policy to make room for technological advances and changes in policy.

Scholtes talks about finding “the right mix” of components for your policy and management system. He notes that it is just as important to focus on your storage components, as it is to spotlight the process of your records management.

For us, the takeaway here is that, each company, no matter what size or industry, needs to consider not only how they store records, but why. In the end, our recommendation is that companies utilize the resources available from experts like Scholtes and AIIM to reach their records management goals.

Email disclaimers can be used to remind recipients of confidential content and to deter persons from unlawfully forwarding or copying the email. Email disclaimers can also be used to state company email policies, such as not sending libelous, offensive, obscene or defamatory emails. Below are a few tips for drafting an email disclaimer.

1)   Research industry guidelines. For example, if you are in the healthcare field, you must familiarize yourself with the latest HIPAA and HITECH regulations. Tax advisors need to keep to the IRS Circular 230 email disclaimer guidelines. Some legal companies require a disclaimer on every email such as “The information contained in this email does not constitute legal advice.”

2)   Use a confidentiality header.  This information will clearly state the name of the person for whom the email is intended. This is important if you are emailing any sort of sensitive or private information, such as financial data or HR concerns. This line in the disclaimer will offer some protection to the company if the email were to fall into the wrong hands.

3)   Use disclaimers on internal emails within the company. Internal disclaimers should be different from external disclaimers and serve an important purpose. Lawsuits have arisen as a result of an offensive email being circulated around the office. An internal email is a good place to reiterate company policy in one or two lines, and internal disclaimers can vary by department.

4)   Include company slogans or messages for marketing purposes. It’s an easy and cost-effective way to get the word out to clients or customers about any upcoming products or events your company has in the works. Make sure it is placed at the end of the disclaimer so it doesn’t conflict with important information.

5)   There is nothing more annoying than a long list of email disclaimers at the bottom of emails. Try to make sure that your email disclaimer software can avoid adding multiple disclaimers as well as place the email disclaimer below your email message instead of right at the bottom of the email.

View more email disclaimer tips here.

image by suphakit73

Email is an effective communications tool and can benefit a company in numerous ways. There are times, however, when this tool can become a company’s worst nightmare.  Oddly enough, even organizational leadership and management can be the source of damaging emails that get into the wrong hands and show an ugly company image.

Back in 2009 an infamous email from a management level investor sparked discussion when it offended employees. They later posted it online for everyone to see and some jokester even started a fake Twitter account mocking him.

Apparently, that incident didn’t serve as a warning and two other bosses are now in the hot seat for some rather uncouth emails. In the first example a convenience store manager sent an email asking employees to guess who would be the next cashier to be fired. The winner would be awarded a $10 cash prize. In the end, it was found that his email had created a hostile work environment, which caused some major financial ramifications for the company.

Another email from a boss to his employees, this time about failing to replace the skimmed milk in the refrigerator, went very awry when the chief executive of a PR firm stepped into the realm of ill-mannered emails. Just think of the public embarrassment and loss of credibility—and over milk to boot!

Frankly, it comes down to the fact that any time someone is sending an email from a work environment, it is important to obey the rules of email etiquette. Additionally, a strongly enforced corporate email policy should be in place for employees at every level.

As shown in the instance of the boss that created a hostile workplace with his email, it’s worth noting that offensive emails can open a company up to legal liability and financial loss. With that in mind, it’s a wonder that any management level employee would expose their company to such potential damages.

It’s been addressed before, but it can’t be emphasized enough. Emails don’t disappear into the ether when you hit send. They are permanent and sometimes can be very humiliating. Don’t let your company end up as the next viral joke.

Image by Patchareeya99

Researchers at the University of California have been conducting a multi-year study investigating spam and other unsolicited email communications. Their study, dubbed “Spamalytics” has shed light on possibly the most powerful way to fight spam.

 The Study

According to an article published in The New York Times, the researchers allowed every piece of spam mail to enter their inboxes and then actually purchased products from 120 strategically selected messages. Their findings showed that it took 12.5 million spam messages to sell a $100 unit of pharmaceuticals. More importantly, they found that the most effective place to combat spam as an industry was by blocking cooperation with spammers and banks. Specifically, if the relationship between bank card processors and spam advertisers can be severed, the research suggests that spam would no longer be a profitable venture and therefore go the way of the dinosaurs.

What Can You Do To Protect Your Company?

Until legislation is introduced to ban these bankcard processors from doing business with spammers, or until there is a voluntary movement to abandon the practice, companies need to protect their email servers from spam infiltration. There are many options out there now to help guard against incoming spam messages including: blacklisting, greylisting, sender reputation and Sender Policy Framework. Having a strict and well-enforced email policy is another way to help protect company assets. Above all, investing in an effective spam filter will be well worth it considering the level of protection provided for a company.

Spamalytics may be a great step forward in thwarting the nefarious efforts of cyber criminals, but until there is cooperation from bankcard processors, it’s really in the hands of companies themselves to protect their inboxes from incoming spam messages with anti-spam software and filters.

The Error You Didn’t Catch

The less serious email mishaps that happen all too frequently are communication miscues, typos, and grammatical errors. While not ideal as it can make the sender and business seem careless and unprofessional, companies can usually address this problem with spelling checkers and stipulations in the company email policy. Make sure it’s required that employees proofread and spell-check all emails before they hit send. Tell them to avoid sending harried emails from mobile devices unless they can take the time to properly word the email. Set a company-wide email signature so that all emails consistently include the company’s branding and any necessary legal disclaimers. Simple steps can make a world of difference where your professional image and reputation is concerned.

The Error You Need To Catch

If your email security has been compromised, your contacts and more importantly your reputations could be used to pawn scams. In addition to other security measures, a good way to protect against infiltration is to use anti-spam and anti-phishing software that can block spam attacks and thwart phishing attacks. If your spam filter makes use of greylisting, it will not only block spam and phishing attacks but viruses sent from infected zombie machines. If someone were to send a malicious email to your contacts impersonating your company, it’s likely that your customers – who trust your company – could fall victim to a phishing scam. The damage to your company’s image and reputation could be significant.

The Worst Error Of All

It is important to prevent employees spouting off and sending a less than pleasant email to a fellow co-worker or a customer. This type of malicious email can hurt your company’s reputation by casting the appearance that your workplace is out of control. An overly emotional or angry email smacks of disrespect to the recipient. In addition to talking to your employees about holding off on hitting that send button with a hot head, installing an email content filter can make sure that emails containing any inappropriate language are blocked before they are delivered and can do any damage.

Diligence is a requirement in any workplace with electronic communication. Protecting your company is paramount when considering one click of the send button could have lasting and damaging consequences.

At Red Earth Software we fully understand how critical it is to protect your business with effective safeguards like anti-spam software that effectively blocks junk mail and spam messages.

Keep in mind that cyber security in the workplace is just as much about protecting your business as it is about protecting your customers. Data breaches not only expose information about your company, but they can also expose your customers’ confidential information. Phishing attacks have been around for some time now but with the increasing sophistication and rise of individualized spear phishing attacks, they are becoming harder to spot.

“Successful phishing attacks are launched through emails that all have one thing in common: they seem like they have originated from a legitimate or well-known source, like a bank,” says Deborah Galea, COO and co-founder of Red Earth Software. “The recipient then unwittingly provides passwords and other sensitive information or clicks on a link that infects their computer with malware. For SMBs, a good way to fight these attacks is to install anti-spam software and anti-virus software and make sure it’s kept up to date. Email filtering software can help as well. In addition, it’s wise to have a sound email policy in place and make sure your employees are educated about the dangers of phishing. Your email policy should spell out the warning signs of a phishing attack and provide steps to take when an email is received requesting passwords or sensitive data. Having a set policy can make a significant difference in whether or not your company ends up a phishing victim.”

Stay tuned for more tips on how to protect your sensitive email data.