An agency employee gets a subpoena demanding the e-mails she exchanged with a contractor last year. Can the agency produce all those messages? Can it find them quickly, or must staff spend hours hunting them down on backup tapes? Can the agency prove that the file it turns over is complete and that content is unaltered?
Questions like these indicate some of the reasons governments need policies and tools for managing e-mail.
On the whole though, few organizations - in the public or private sector - have implemented solid e-mail management strategies, said John Mancini, president of AIIM, the Enterprise Content Management Association. Failure to do so harms them in several ways, he said. "It's the legal exposure. It's the process inefficiency. It's the cost associated with storage of all this stuff."
Mancini is the author of E-Mail Management: An Oxymoron? a study AIIM published in 2006. He based his findings on survey responses from 1,043 participants, 21 percent of whom worked for government organizations.
According to the study, 35 percent of respondents' organizations hadn't even started addressing e-mail management. Another 41 percent said that although they had launched one or more e-mail management initiatives, they still have significant work left to do. Sixty-two percent reported that their organizations hadn't defined e-mail management, and they left it to individuals to delete, manage, classify and save e-mail on their desktop computers.
Responses from the public sector pretty well mirrored the population at large, or in some cases, showed that governments have made slightly less progress than other segments. For example, 70 percent of government respondents said they had no definition of e-mail management and left it to end-users to manage messages on their desktops.
When it comes to managing electronic content in general, governments tend to be savvier than many private-sector organizations, Mancini said. After all, governments produce a plethora of documents, and public-sector records managers are used to balancing competing demands for efficient access and security.
E-mail, however, is another sort of beast. "Managing large volumes of documents - which often come into a specific place and for which there is specific responsibility - is different from managing e-mail, which by its definition tends to be much more ad hoc and unstructured," Mancini said.
Among organizations that have developed some sort of e-mail management policy, most focus exclusively on what the study terms "surface-level policy issues." They address questions, such as the kinds of messages employees are allowed to send, how much privacy employees can expect, acceptable content and the maximum size of individual mailboxes.
But when it comes to deciding how long to retain e-mails, how to determine which messages to keep or delete and whether to use encryption, many organizations don't have a clue, the survey found. "When you start getting much more focused on the business documentation side, as opposed to just the policy and practice of general business usage of e-mail, that's when people fall off the charts," Mancini said.
It's a mistake to set policies that address e-mail usage but disregard e-mail content, said Jesse Wilkins, principal consultant of Access Sciences, a Houston-based firm that provides electronic content and records management consulting services. After all, e-mail is simply a medium, like legal-sized paper, he said. Format shouldn't determine how you treat the content. "Information should be managed according to its value to the organization and according to any regulatory requirements that are in place."
Unfortunately people tend to treat e-mail more casually than other forms of business communication. The reason could lie in the history of the medium. "E-mail, for a lot of people, has almost been viewed like a quasi-conversation," Mancini observed. But though it may have started out as a text-based substitute for phone chat, e-mail has evolved. "It has by and large moved into the most prominent way that people document who did something, why they did it, how they did it."
Though employees still may use e-mail for mundane functions, such as scheduling a lunch date, they're also increasingly using it for mission-critical purposes: communicating with constituents, distributing press releases, collaborating on documents, transmitting contracts. That's why governments need effective ways to store, protect and retrieve it.
And it's why e-mail management policies need to mesh with an organization's other policies for managing documents. "I've had attorneys tell me that consistency is very important," said Carl Frappaolo, AIIM's vice president of market intelligence.
Devising a content-focused policy is the first step toward creating an e-mail management strategy, said Wilkins, who is developing a course on the subject for AIIM. Second, the organization must implement the policy, giving employees the necessary tools and guidelines. "So the next step is to teach people how to distinguish an e-mail that's important and should be saved from an e-mail that's ephemeral." Then, conduct periodic audits or other follow-up to ensure people are following the instructions.
Activities that often form part of an e-mail management strategy include:
Many vendors offer e-mail management tools. Some come as stand-alone products, others as part of larger enterprise content management (ECM) solutions. "You need to ask yourself,