Gotta love that picture.... Keeping it for my personal laptop back ground.
I'll agree with you 99%.. I hate lawyers with a passion, and excepting the miniature French poodle and HR personnel, they are loathed beyond all else. But, in doing a risk assessment, factors like the possible cost of a possible law suit is something that should be considered. A hospital is a good example. Regardless of what the I.T. team is doing ( for good or ill ), it's a good idea to get the advice of a legal professional. Just one suit will offset the cost of hundreds of consultations. It's not always possible, especially in the smaller firms, to CYA in this fashion, but a sign off from above works just as well. As IT management, I stress that we offer the company technical solutions. What we CAN do is very different in most cases, from what we SHOULD do. The SHOULD do part comes from written company policy. Written company policy needs impartial review, from as many perspectives as possible. Medical/Legal/Financial records all have different retention requirements. This includes emails which pertain to these records ( or even have them imbedded ). So, how do you handle your archives then ? Keeping ALL the emails will get you fried if you have expunged records in your archives ( if you're an attorney ). Who sorts these emails for relevant information to determine if they even should be stored ? SOX doesn't require I keep emailed pictures of my 5 year old nieces B'day party.. So do you check each one individually ?! Yargh ! Leave it up to the end users ? Oh boy... So, why do ( or don't ) you have these records ? Company policy will be the only thing that keeps you as the email admin from getting thrown under the bus. Easy, company policy dictates it. You're off the hook. Remember, when the witch hunt ends, you don't want to be the one wearing the pointy hat. Apologies for the hijacked thread... Karl Drugge -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Monday, December 18, 2006 2:36 PM To: [email protected] Subject: Re: [Declude.JunkMail] OT: "Message" Storage Karl, The problem is assuming that keeping it 'legal' involves lawyers for instance. The Sarbanes-Oxley Act of 2002 was enacted by Congress and the responsibility for clarifying the law into workable practices was assigned to PCAOB (The Public Company Accounting Oversight Board, created by Sarbanes-Oxley), and signed off on by the SEC. It is the responsibility of independent auditors to verify compliance and report it's findings to the board of directors, who are ultimately responsible for the companies in question. . . < Lots of good stuff > . . . Matt IS - Systems Eng. (Karl Drugge) wrote: True, I'm covered by different laws.. But in regards to keeping 'legal', in all senses of the word, especially when you are discussing 'home grown' versus 'off the shelf' solutions, it would be best to consult legal advisors before implementing anything. If you aren't sure, get advice. If you are sure, get it in writing. I was private sector long before I converted to government, and still keep some of those clients. Most of my clients would much rather have a lawyers sign off, especially if it's going to help them avoid a lawsuit later. Karl Drugge -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Monday, December 18, 2006 12:48 PM To: [email protected] Subject: Re: [Declude.JunkMail] OT: "Message" Storage Karl, We were specifically talking about SOX (Sarbanes-Oxley) compliance, which have no legal applicability to your own needs. Your needs are governed by Florida's "Government-in-the-Sunshine" laws which allow for public inspection of most records. Matt IS - Systems Eng. (Karl Drugge) wrote: EXACTLY why we have the city attorney and another legal specialist helping to formulate our own new policy. Best to invest some real $$$ now, before we get sued for our ignorance ( and $$$$$$$$$$$$$$$$$$$$ ) later. Karl Drugge -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sanford Whiteman Sent: Sunday, December 17, 2006 1:46 PM To: Matt Subject: Re[2]: [Declude.JunkMail] OT: "Message" Storage </snip> In summary: you still don't know about e-mail archival for compliance purposes. Thanks for sharing. --Sandy --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
