Four years have passed since President Bush signed the Sarbanes-Oxley Act and most analysts agree the law is working as larger companies are finally getting their accounting books in order.
The act was formulated to strengthen accounting oversight and corporate accountability. It did this by increasing accounting and auditor regulations, enhancing disclosure requirements, creating new federal laws and increasing penalties under existing federal laws.
An important aspect of the act focuses on the details of data security, retention and protection. So the question is, how does the Sarbanes-Oxley legislation impact email retention policies?
Surveys indicate that 93 percent of all business documents are created electronically and that has forced most corporations to address their retention policies. Businesses, small or large, can no longer consider email retention a non-priority.
Companies must develop a classification of data for off-site storage, such as an online storage service that encrypts and protect the data.
The Sarbanes-Oxley Act includes three provisions that deal with electronic documents, such as those communicated through emails. They include document alteration or destruction, mandatory document retention and obstruction of justice.
* In terms of document alteration or destruction, the Sarbanes-Oxley law states that people who knowingly alter, destroy, mutilate, falsify or conceal any document (electronic or paper) with the intent to impede proceedings involving federal agencies may be fined or imprisoned up to 20 years, or both. How does this impact email retention policies? If a company has an email retention policy in place, it must include a security plan. Only certain individuals should be given clearance to access the archived emails. A report with that person's name and purpose should be produced every time a certain email is accessed, and documentation of change to the existing document should be noted.
* The Sarbanes-Oxley provision of mandatory document retention forces businesses to keep records readily for review for a period of up to five years. The penalty for knowingly and willfully violating this provision imposes fines and a maximum sentence of 10 years in prison, or both. How does this impact email retention policies? A business must generate a data-retention policy with archive history periods included. According to Sarbanes-Oxley, the time period for such retention should be at least five years. The emails should be classified by dates (months and years) to make it less complicated for auditors to access such information. If the emails are disorganized, the auditors may have to dig deeper and they might find improprieties.
* The obstruction of justice segment is similar to the document alteration provision under the Sarbanes-Oxley Act, but it includes a statute that prohibits tampering with witnesses. The legislation states that acting or attempting to alter or destroy a record or other object "with the intent to impair the object's integrity or availability for use in an official proceeding" can be punishable with fines, imprisonment for up to 20 years, or both. How does this impact email retention policies? Again, any company that has a data retention policy must enforce a security plan such that data can be accessed by only the proper personnel. An online data backup service with strong encryption and user tracking helps eliminate the chance of human intervention with whatever email data has been stored. With certain managed backup services, online backups are performed automatically, so data is protected without manual intervention. Data moves through an existing network connection, using state-of-the-art data security including AES encryption to a secure remote data center.
Clearly, the document-retention regulations implemented by the Sarbanes-Oxley legislation sends a signal to businesses that they must institute a policy regarding their data and documents, including those transmitted through email. Businesses must realize that they can be held liable for retained and deleted electronic documents. The policies these businesses put in place should include an inventory of all the electronic hardware and software that can store emails (including cell phones and laptops), all locations and storage formats of archived emails, and all the methods that email documents can be transferred into and out of the company. The next step should include classification of such emails, and then a secure off-site online backup storage plan.
The days of simply keeping emails in a folder at each workstation are part of the past thanks to businesses that have put forth a solid data retention plan. The Sarbanes-Oxley Act has served as an effective means to help push the creation of such plans.
Thursday, November 30, 2006
Subscribe to:
Posts (Atom)
Blog Archive
Categories
- 4 Things You Should Know About Hard Drive Crashes (1)
- A Complete Data Recovery Solution (1)
- back up for laptops (1)
- Backing Up Data on CD's and DVD's (1)
- Backing Up Your Data Frequently Can Save You Money (1)
- Bare Metal Server (1)
- Can I Recover Deleted Files? How to Retrieve Deleted Files (1)
- Consumers and Communications (1)
- Data Recovery (3)
- Data Recovery Freeware - Take Advantage of the Freeware Available to You (1)
- Data Recovery Help (1)
- Data Recovery Situations (1)
- Data Recovery Software (1)
- DBX File Corruption (1)
- Defragmenting Your Hard Drives (1)
- Diagnostic Tips For Hard Drive Data Recovery (1)
- Do You Back Up Your Website (1)
- Do You Know Where Your Data Is (1)
- Ease the Headache of Saving Files (1)
- File Recovery - 3 Ways I Prevent Hard Drive Crashes (1)
- Formatted Data Recovery (1)
- Fully Utilize the Full Benefit of a SAN With Automatic Defragmentation (1)
- Hard Disk Data Recovery - How to Restore Deleted Data (1)
- How to avoid data loss and data recovery (1)
- How to Backup Your Computer Hard Drive (1)
- How to Create an Offsite Data Backup and Restore Plan (1)
- How to Recover Lost Data From a Flash Drive (1)
- How to Recover Photos Deleted From SD Disk Or XD Card (1)
- How to Retrieve Deleted Data From Your Computer (1)
- How to Retrieve Deleted Files From Your Computer (1)
- Identity Theft by Selling a Used Computer (1)
- iPhone Data Recovery Advice (1)
- IT Disaster Recovery - A Finance Perspective (1)
- Laptop Backup Software Program (1)
- need laptop back up software (1)
- Online Backup and the Consequences of Data Loss For Business (1)
- Outlook Express Recovery (1)
- password finders (1)
- PDF Password Finder Tips (1)
- RAID Arrays (1)
- RAID Data Recovery (1)
- Recover Deleted Files - Vista (1)
- Recover Hard Disk Files - How to Recover Deleted Files (1)
- remove a password (1)
- Remove a Password From Your PDF Files (1)
- Restore Deleted Data (1)
- Restore Deleted Files - Vista (1)
- Retrieving Deleted Files From Your Computer (1)
- SQL Data Recovery (1)
- SQL Server Snapshot (1)
- SQL Servers (1)
- The Role of This Software Tool (1)
- Understanding Data Loss and Data Recovery (1)
- website back ups (1)
- What to Do When Everything is Lost (1)
- Why to Buy Online Data Back Up Services (1)
- Will Data Recovery Work (1)