« September 2004 »
SunMonTueWedThuFriSat
   
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
  
       
Today
XML

Blog::Navigation


blogs.sun.com
Weblog
Login

Blog::Editing

Bookmarks::Blogroll

Bookmarks::News

Site notes

This page validates as XHTML 1.0, and will look much better in a browser that supports web standards, but it is accessible to any browser or Internet device. It was created using techniques detailed at glish.com/css/.

Powered by Roller Weblogger.
All | General | Java | Music
« Previous month (Aug 2004) | Main | Next month (Oct 2004) »
20040929 Wednesday September 29, 2004
Bank News Article Review on E-mail & Regulatory Compliance I just finished reading the Bank News July 2004 issue. In the article Adam Wilkins writes in a general way about email management. He mentions the various legislation, fines & penalties and then defines three cycles of email management: backups only, "self-insurance" and "insurance plus roi". Insurance plus ROI basically means integrating email into business process by having a single repository managed via a single business process. These ideas are only presented in a general way and so provide little practical insight. From these generalities, he says do something about it now. If you are a publicly traded organization, you are compelled to do something now or suffer the consequences. He states that you "actually create a policy and make it known". Unfortunately, this does not go far enough. A recent case concluded that a policy alone is not enough, it must be followed. There the company had a policy, did nothing, got sued and then destroyed email after the fact. Court held that once sued, if present, must be kept regardless of policy. The author says start with customer service, procurement and legal. How many lawsuits originate from customer service? What about the C-level folks who are subject to compliance? What about customer facing folks like sales or Wall Street traders? Would that be better protection than capturing procurement email? Legal of course is aware of the venue and so would likely be least productive. He makes additional suggestions which seem not well thought out. For example, "Encourage employees to use their "own" accounts for personal messages" like MSN's Hotmail. With that suggestion, you have simultaneously thwarted your ability to monitor, allowed employees to misuse corporate assets, waste time, and opened the door to vulnerabilities by allowing any corporate data to fly out the hotmail window. On the other head, he suggests that typing PRIVATE in the subject line can avoid the review process again leaving the employee to judge what is a business record. While the article makes some good points about automating and administrative methods for accessing old messages in the future, the overall gist, in my opinion is naive.
Permalink (2004-09-29 09:42:25.0/2004-09-29 09:42:25.0)
Trackback: http://blogs.sun.com/flag/entry/bank_news_article_review_on
Copyright (C) 2003, Frank Lagorio's Weblog