Karl,

If you want to buy the poster, you might try this link:

   http://www.thinkgeek.com/homeoffice/posters/58fc/

BTW, I wasn't suggesting that you hijacked the thread, rather I and others did from William Stillwell when he asked about E-mail archiving that doesn't cost an arm and a leg.

Your point about keeping baby pictures is a valid one. Technically you are not required to keep such things under SOX...only "business communications" and more specifically, ones that pertain to the finances and operation of the business, are covered. There are even solutions that do filtering to determine if a message should or shouldn't be archived, though being somewhat risk adverse, and knowing that such filtering isn't perfect, I would not recommend such a solution. At the same time though, keeping unnecessary messages can be a detriment to a company as these things can come out and burn you years in the future. How many times have we heard side comments from Microsoft execs that their competition or detractors used against them. Here's one such example where a MS executive told others that he would be using a Mac if he didn't work for Microsoft. Here's the blog that tries to explain what he meant...

http://windowsvistablog.com/blogs/windowsvista/archive/2006/12/12/title.aspx

People are caught having affairs with others in the office, partying, and other things that represent private comments. The fact is that none of that stuff is required to be kept and it shouldn't be archived if one can help it. The SEC doesn't care about such things and they are the ones requiring retention, but having a massive stash of E-mail covering anything and everything actually increases the possibility of needing to spend money fulfilling a court order to produce such things. You can likely blanket exclude certain classes of employees since they never deal with anything the SEC is concerned with, and that is wise. Retaining all such E-mails is another example of risk-aversion as well as complication, but the retention itself should be approached with some degree of risk-aversion as well.

Matt




IS - Systems Eng. (Karl Drugge) wrote:

Gotta love that picture.... Keeping it for my personal laptop back ground.

I'll agree with you 99%.. I hate lawyers with a passion, and excepting the miniature French poodle and HR personnel, they are loathed beyond all else.

But, in doing a risk assessment, factors like the possible cost of a possible law suit is something that should be considered. A hospital is a good example. Regardless of what the I.T. team is doing ( for good or ill ), it's a good idea to get the advice of a legal professional. Just one suit will offset the cost of hundreds of consultations. It's not always possible, especially in the smaller firms, to CYA in this fashion, but a sign off from above works just as well.

As IT management, I stress that we offer the company technical solutions. What we CAN do is very different in most cases, from what we SHOULD do. The SHOULD do part comes from written company policy. Written company policy needs impartial review, from as many perspectives as possible. Medical/Legal/Financial records all have different retention requirements. This includes emails which pertain to these records ( or even have them imbedded ). So, how do you handle your archives then ? Keeping ALL the emails will get you fried if you have expunged records in your archives ( if you're an attorney ). Who sorts these emails for relevant information to determine if they even should be stored ? SOX doesn't require I keep emailed pictures of my 5 year old nieces B'day party.. So do you check each one individually ?! Yargh ! Leave it up to the end users ? Oh boy...

So, why do ( or don't ) you have these records ? Company policy will be the only thing that keeps you as the email admin from getting thrown under the bus. Easy, company policy dictates it. You're off the hook. Remember, when the witch hunt ends, you don't want to be the one wearing the pointy hat.

Apologies for the hijacked thread...

Karl Drugge

-----Original Message-----
*From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] *On Behalf Of *Matt
*Sent:* Monday, December 18, 2006 2:36 PM
*To:* [email protected]
*Subject:* Re: [Declude.JunkMail] OT: "Message" Storage

Karl,

The problem is assuming that keeping it 'legal' involves lawyers for instance. The Sarbanes-Oxley Act of 2002 was enacted by Congress and the responsibility for clarifying the law into workable practices was assigned to PCAOB (The Public Company Accounting Oversight Board, created by Sarbanes-Oxley), and signed off on by the SEC. It is the responsibility of independent auditors to verify compliance and report it's findings to the board of directors, who are ultimately responsible for the companies in question.
.

.

            < Lots of good stuff >

            .

.

.

Matt




IS - Systems Eng. (Karl Drugge) wrote:

True, I'm covered by different laws..
But in regards to keeping 'legal', in all senses of the word, especially
when you are discussing 'home grown' versus 'off the shelf' solutions,
it would be best to consult legal advisors before implementing anything.
If you aren't sure, get advice. If you are sure, get it in writing.
I was private sector long before I converted to government, and still
keep some of those clients. Most of my clients would much rather have a
lawyers sign off, especially if it's going to help them avoid a lawsuit
later.
Karl Drugge -----Original Message-----
From: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> [mailto:[EMAIL PROTECTED] On 
Behalf Of Matt
Sent: Monday, December 18, 2006 12:48 PM
To: [email protected] <mailto:[email protected]>
Subject: Re: [Declude.JunkMail] OT: "Message" Storage
Karl, We were specifically talking about SOX (Sarbanes-Oxley) compliance, which have no legal applicability to your own needs. Your needs are governed by Florida's "Government-in-the-Sunshine" laws which allow for public inspection of most records. Matt IS - Systems Eng. (Karl Drugge) wrote:
EXACTLY why we have the city attorney and another legal specialist
helping to formulate our own new policy. Best to invest some real $$$
now, before we get sued for our ignorance ( and $$$$$$$$$$$$$$$$$$$$ )
later.
Karl Drugge -----Original Message-----
From: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> [mailto:[EMAIL PROTECTED] On 
Behalf Of
Sanford Whiteman
Sent: Sunday, December 17, 2006 1:46 PM
To: Matt
Subject: Re[2]: [Declude.JunkMail] OT: "Message" Storage
</snip> In summary: you still don't know about e-mail archival for compliance
purposes.
Thanks for sharing. --Sandy ---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED] <mailto:[EMAIL 
PROTECTED]>, and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED] <mailto:[EMAIL 
PROTECTED]>, and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED] <mailto:[EMAIL 
PROTECTED]>, and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED] <mailto:[EMAIL 
PROTECTED]>, and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.


---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Reply via email to