According to various industry surveys, 65% to 75% of companies still have no systems in place to manage email records. Based on my own observations and dialog with Knowledgeone Corporation’s customers and prospects, I would say the percentage is far higher; say 85% or more. My guess is that the industry surveys inadvertently included a number of email ‘cleaning’ systems as email management systems; thereby skewing the figures.
Given that there is now a variety of proven email management systems (like Knowledgeone Corporation’s GEM) available for most email servers (e.g., Exchange, GroupWise and Notes) and given the enormous danger of unmanaged email it is, on the surface, difficult to explain the apparent reluctance of organizations to implement email management policies and systems.
My own experience leads me to believe that the following are the major reasons organizations do not take this critical step:
1. Lack of ownership and leadership
Email management transects all of the traditional vertical organizational boundaries. There may well be an IT person in charge of the email servers but there is rarely a senior management person in charge of email organization-wide. That is, no one person actually ‘owns’ the problem and no one person has the authority to implement an organization-wide solution.
2. Lack of an understanding of the problem and of the solution
Most of the people who are senior enough in an organization to be aware of this problem do not comprehend the complexities of the problem. They have dialogs with IT people who explain the issues in technical terms, not in business or risk-management terms. Email management should come under an organization’s risk management regime because that is where a great deal of risk lies.
3. Lack of desire to solve the problem plus active opposition to a solution
There are a large number of IT people and others in every organization who simply do not want their emails managed, analysed, scrutinized, indexed and saved. This fact is never going to change and must always be addressed at a senior level by the person responsible for risk management policies and practice. Uncooperative and/or recalcitrant employees should not be allowed to put an organization at risk no matter what their position in the management hierarchy.
4. Confusion over what is involved in complying with a plethora of laws and regulations
One hundred percent of what well-meaning bureaucrats and politicians have done to ‘solve’ what they see as email privacy issues has been badly thought out, badly drafted and counterproductive; simply ill-informed, knee-jerk reactions. As you can see, I am no fan of politicians and bureaucrats who pass knee-jerk laws without understanding or caring about the full implications.
As far as I am concerned the privacy issue is secondary to the fact that every employer has to right to determine how its resources are used. Every employer has the right to protect itself. Every employer has the right to tell its employees if private emails are allowed or not. Every employer has the right to tell its employees what is acceptable and what is not acceptable in an email.
Tell employees that:
1. Private emails are not allowed and all emails will be scrutinized for inappropriate content; or
2. Private emails are allowed (in moderation) but that all emails, including private emails, will be scrutinized for inappropriate content; or
3. Private emails are allowed (in moderation) but that they MUST be identified by the keyword “Private” (or a word or phrase of your choice) in the subject line. All emails without the keyword “Private” in the subject line will be scrutinized for inappropriate content.
5. Confusing and misleading claims by companies marketing email management systems
It is a complex problem (have you ever tried to set up a multi-server email system in a large organization?) often poorly understood and poorly explained by the sales person. Add to this the fact that the sales person is usually speaking to the IT person (who lives in a different universe) who then has to ‘translate’ what he thinks the sales person said to senior management. Too often, the harried sales person, under intense pressure from the IT interrogator, will simply say “Yes” without really understanding the question or its implications.
My best advice to senior management is that if they don’t fully understand, keep asking questions until they do or, seek assistance from an independent authority. It is just plain dumb and dangerous to sign something off you don’t really understand.
6. Multiple and conflicting objectives
Is your objective to simply be aware of everything that is in your email store or is it to also meet a plethora of complex and competing regulations and certification standards?
Have you inadvertently set the goal post too high? Have you made the problem many times more complex than it should be? Has it become a “Wish List” instead of a requirement? Is the selection of a suitable product always held up by someone demanding that it has to also do something else? Has your horse now morphed into a camel?
My best advice? Why don’t you try ‘Getting wet slowly’ and review your needs again when the basic but critical email management problem is solved?
In the end it is about ownership, understanding and will. If just one senior person with the necessary authority understands the problem and commits to a solution then it will happen. The solutions are out there; they are just waiting for a committed purchaser with a clear and simple view of what needs to be achieved.
You must be aware of what is in your email store and you must be alerted to infringements before they grow into expensive problems. You can’t do this without an email management system in place.