17 May 2008
ANS Group Plc Headquarters

Storage Solutions - Archiving


Data Protection has become an increasingly hot topic in recent years, particularly in EU states where legislation has tightened up responsibilities of 'Data Controllers' and given significant powers to 'Data Subjects'.

With respect to the UK 1998 Data Protection Act the Information Commissioner provides guidance that an organisation that operates an email system falls within the definition of a data controller if the emails are stored within its system. The subjects of the emails - the 'Data Subjects' - have the right to access information about the storage and access to their personal data and to request accurate copies of information held on them. This includes email correspondence or documents held on a mail server.

The implications of this for email retention are significant, though complex: At any time, any employee, ex-employee, customer etc. has the right to request a copy of emails held by your organisation relating to their personal information ("containing information about identifiable living individuals"), and you MUST deliver them up within a short period of time.

The UK Compliance advice notes that "a 'deleted' file or email may still constitute personal data if it can be retrieved, albeit with some difficulty, by the data controller". That means you have no option but to deliver up the file or email, even if you have to trawl through endless back-up tapes of multiple servers.

There have been numerous high profile dismissals concerning sending inappropriate or illegal content by email. HP recently dismissed 15 staff and suspended more than 100 on full pay pending an investigation into the misuse of its corporate email system to circulate pornographic material.

  • Disciplinary action for new technology-related offences (email and internet abuse) now exceeds the combined total for dishonesty, violence, and health and safety breaches. The most common single reason for disciplinary action is the sending of unauthorised emails (Chartered Institute of Personnel & Development)
  • 27% of Fortune 500 companies have fought harassment claims concerning email (IDC)
  • 42% of staff are unaware that actions such as email harassment of fellow employees could land their employer in court (DataSec)

To deal effectively with a case of email abuse, an organisation requires the ability to rapidly and easily investigate and prove what offence was committed when by whom, be it for internal disciplinary proceedings, or as evidence in an industrial tribunal or court case. All too often it is too difficult or expensive to restore email records from back-up tapes, and employees know this and exploit the weakness.

Responsible management have a duty to be able to investigate the facts of any potential wrong doing and either make suitable amends quickly or defend wrongful claims rigorously. The situation is more acute for larger organisations with more valuable brands and with responsible senior executives intermediated by more layers of management.

IT Departments are finding the performance of email and file systems increasingly stretched as data retention requirements continue to grow. With email availability now mission critical, technical teams are also finding increasing time taken up with file and email management and administration duties.

Tasks include

  • Off-line archiving
  • Storage optimisation
  • Disaster recovery, such as recovering files from back-up systems in the event of mail server issues, corrupt mailboxes, user errors etc
  • Retrieving specific files or emails, for example after someone has taken over the responsibilities of an employee who has left the organization and requires access to old email for handover purposes
  • Dealing with storage overheads inherent in PST files and managing user quotas
  • Involvement in HR and investigatory matters

Archiving solutions which appear helpful for addressing the needs of growing server sizes are often not appropriate for the information retention and search requirements of the wider organisation. ANS have a range of solutions to ensure companies can enforce appropriate data retention policies in the correct manner from fully managed off-site archives to in-house managed costs and management efficient solutions.