Mitigating the risks of messaging: recognizing and addressing the dangers of the casual nature of electronic messaging will minimize organizational risk. Putting an electronic communications plan in place is vital to protecting a company's reputation, its business interests, and its compliance success.

• Author: Grey, Maurene Caplan
• Position: Management Wise

In any single day, millions of email messages are sent and received by organizations--and nearly every day the media breaks the details about the latest scandal to be uncovered through evidence in those messages.

Protecting the organization by ensuring regulatory compliance is paramount in today's business environment, and many organizations start by securing e-mail. This is a necessary step--but a tactical one--that pursues only the "e-mail-as-evidence" pain point. Forward-thinking organizations are only at the cusp of realizing the magnitude of this quandary. The risks are not married solely to business regulations or to e-mail as a messaging medium.

Compliance

Stringent Securities and Exchange Commission and National Association of Securities Dealers regulations on managing e-mail and instant messages have forced U.S. financial service providers to the forefront of adopting compliance practices. Other vertical industries have been equally affected. For example, within the U.S. healthcare community, the Health Insurance Portability and Accountability Act set the standards for securing the privacy of patient information.

A dynamic influx of U.S. and non-U.S. regulations and legislation--vertical and horizontal--has paralyzed business activities. For example, according to a June 16, 2005, Wall Street Journal article, the cost of complying with the U.S. Sarbanes-Oxley Act of 2002 was then ranging from $1.6 million to $4.4 million per company each year. As a graduate student at the University of Rochester in 2005, Ivy Xiying Zhang gained global media coverage of her event analysis of the July 2002 House and Senate debates over competing versions of the bill. Zhang postulated that the debates led to investor uncertainty resulting in falling stock prices and market losses of $1.4 trillion.

However, the total cost of compliance for any mandate will differ wildly based on the type of analysis used. Undisputable, though, is the potential financial drain to become compliant, as well as the financial drain should an audit reveal areas of noncompliance. Many argue that although the cost of becoming compliant is high, the upside is wall-structured accountability, improved organizational creditability, and customer protection. Capitalizing on that premise, vendors across-the-board have declared that they have the solution. In the case of e-mail and instant messaging management, the solution may take the form of policy-based faltering, categorizing, indexing, archiving, document management, or record management software--which turns the unstructured message body into a "record." Outsourcers can host all or part of the solution. Professional services firms can design the...