It’s 2 AM. Do You Know Where Your E-Mails Are?
Written by Evan SchumanOne of the nation’s largest investment firms had disciplinary complaint filed against it this week because, at best, it wasn’t sure what E-mail was backed up. The worst case scenario has Morgan Stanley telling investors that their E-mail records were destroyed in the New York City terrorist attack, while they knew the backup records of those transactions were intact.
Although the central facts of the case are in dispute?Morgan Stanley’s position is that the existence of the backup tapes was disclosed while the National Association of Securities Dealers says the disclosure was not made?the big-picture message is Morgan Stanley wasn’t really sure what E-mail copies existed, what time period they covered and where they were.
Legal technology experts say the Morgan case barely touches the surface of the problem. Consider this scenario: For various legal reasons, you need to produce copies of E-mails sent between March 8 and March 20 dealing with the acquisition of the Smith Construction Company.
Due to a fire, the servers were destroyed. For whatever reason, the backup records were also destroyed. Do you have the right to say to the court, “Sorry. We don’t have them anymore”? Are you obligated to conduct a search for those E-mails?
What if some copies still exist on an employee’s laptop? Or an employee’s home PC? Maybe on some portable media, such as one of those little 2-GByte Sandisk drives or burned CDs (or DVDs) or an external hard-disk? Don’t forget those PDA/smartphones, too.
For that matter, what about looking beyond your firewall, outside your LAN’s limits? Your Sentmail files may provide a trail to dozens of partners, contractors, suppliers, consultants and customers that your employees E-mailed those messages to. Those sought-after files may exist those servers, too. In an endless loop, it could then exist on those other companies’ backup servers and home PCs, etc.
The typical E-mail system today does not provide a link to a single copy of the message sitting on a central E-mail server. The systems generate hundreds and sometimes thousands of full copies of these messages, either as straight text or attachments.
That’s not the problem of IT when it comes to preserving backups. But as federal rules change with legal discovery requirements, it’s going to become a very key issue for IT execs, as corporate attorneys will be relying on them to know about every possible copy of every E-mail. (Next step: voicemail, IM and Web comments.)
Corporate attorneys and IT executives “need to understand where they keep their electronic information. There can be a lot of negligence in this area,” said Stan Gibson, partner at Los Angeles-based law firm Jeffer Mangels Butler & Marmaro. “As an inhouse lawyer, you very well may not know exactly what is out there, especially if you don’t communicate with IT well.”
Communicate with IT well? Isn’t that one of those oxymorons, like jumbo shrimp or “the server is a little big”? There’s an old corporate motto that when a non-IT exec start feeling like she’s communicating well with IT, it’s probably time for her to cut back on her liquor.
But Gibson’s point is still quite sound. As companies get more sophisticated technologically, the databases that IT commands are going to become more essential. That goes beyond CRM and ERP data and extends into E-mail and other data files.
Data can no longer be viewed as something concrete that needs to be stored and protected. It’s information to be shared, but also tracked. Companies view their ideas as intellectual property and yet few place any restrictions on where that property can go. Forget restrictions. How about settling for simple awareness?
Another concern showcased by the Morgan Stanley situation is the amorphous area of reputation. Whether it’s reasonable or not, company executives expect IT managers to have control over all company data. That expectation is now being extended to judges, juries and governments.
Two elements in establishing credibility with legal data disclosures: competence (a belief that IT has a professional mastery over its data) and honesty (that it’s saying everything it knows). When data status changes and reasonable steps to pursue data are not taken, that credibility is at risk. With judges, juries and government regulators, that can be something that will prove very costly to lose.
“This will probably cause opponents of Morgan Stanley to constantly question the bona fides of their disclosures,” said Michael Gold, a Gibson colleague who is also a partner at Jeffer Mangels Butler & Marmaro. “These disclosures require a measure of candor.”
As a practical matter, the emergence of personal mobile media makes it many orders of magnitude more difficult to control where information is going. On the plus side, it also makes it so much more likely that almost any piece of corporate communication can be found out there, if you’re willing to look hard enough.
Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code.
-Marc
