APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

2005/07/30 Archiving All Email

© July 2005 Tony Lawrence

Nowadays, the problem isn't really so much how you do this, but rather is the legal morass surrounding it. The "How" is easy: with sendmail you can use procmail recipes or even milters to squirrel away copies of incoming and outgoing mail. Commercial products like Kerio Mail Server have direct support for archiving incoming or outgoing emails.

Some companies have legal need to do this. Sarbanes-Oxley may require it for many companies, as more and more do business by email. On the other hand, privacy laws, particularly with regard to medical records, are more stringent than ever. So, let's say we have a company that deals with stock transactions, and the SEC or Sarbanes-Oxley requires them to archive email. OK, now an internal employee sends a note to their doctor concerning a work place accident. Is it legal to archive that? Is it legal to read it? I sure wouldn't know, but it's the kind of thing you had better know the answer to before you turn on archiving. At Virtual Failover in the Cloud: Challenge Abound, this subject is discussed in the context of the Sarbanes-Oxley Act and it is noted that:

information maintained that is not required for compliance does
not serve the company and has the potential to be evidentiary

Good luck trying to algorithmically determine which email is required for compliance. We can't even filter spam with 100% accuracy; how could you expect to figure out whether storing a particular piece of email was necessary to keep you out of trouble or vice-versa?

Got something to add? Send me email.

(OLDER)    <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

-> Archiving All Email

1 comment

Inexpensive and informative Apple related e-books:

Take Control of OS X Server

Are Your Bits Flipped?

Take Control of iCloud

Photos: A Take Control Crash Course

Sierra: A Take Control Crash Course

More Articles by © Tony Lawrence

Sat Jul 30 14:27:05 2005: 899   BigDumbDinosaur

We can't even filter spam with 100 accuracy; how could you expect to figure out whether storing a particular piece of email was necessary to keep you out of trouble or vice-versa?

Obviously, you can't. The solution is to create and enforce a stringent policy of no personal use of company E-mail facilities, and to monitor traffic to assure compliance. Doing so would be considered due diligence on the part of the employer, assuring compliance with Sarbanes-Oxley, and would also give the company legal standing in terminating any employee who used company E-mail to communicate personal matters (e.g., with his doctor about a workplace injury). It's a very Draconian approach, to be sure, but in these hyper-litigious times, very necessary. One of my clients does exactly what I have described and to date, their policy has survived legal challenge.

The Sarbanes-Oxley Act is a prime example of our legislators reacting to a perceived problem without fully understanding the consequences of their actions. Sarbanes-Oxley also somewhat contrevenes case law regarding business E-mail, in which it has been established that a company has the right to monitor and, if necessary, censor E-mail that passes through its facilities. In that respect, E-mail should be treated no differently than the office telephone system: it is a company asset and therefore its use can be regulated by company policy.


Printer Friendly Version

Have you tried Searching this site?

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us

Printer Friendly Version

That's the thing about people who think they hate computers. What they really hate is lousy programmers. (Larry Niven)

Linux posts

Troubleshooting posts

This post tagged:



Unix/Linux Consultants

Skills Tests

Unix/Linux Book Reviews

My Unix/Linux Troubleshooting Book

This site runs on Linode