Yet another high level executive (Boeing’s Harry Stonecipher), has lost his job over ill-considered use of email. This is an old story, or an old pattern of unintended consequences: email written in one context is often revealed in another.
A few years ago, it looked like it might be possible to create certain categories of messages that were ephemeral, i.e. designed to expire. In the post-Enron world – which is governed by Sarbanes-Oxley, Gramm-Leach-Bliley, etc - corporate email has to be retained, often for years, and it has to remain easily accessible and searchable.
As long as there is email, it’s unlikely that humans will ever quit expressing themselves privately in ways that look bad when made public. Given the new regulatory climate, mail sent on the corporate net is a corporate record that may have to be delivered on demand to a legal adversary.
So what is to be done?
The White House has shifted back to fax communication which can be shredded as necessary. Other companies hold their sensitive conversations face to face or by phone. This is not a bad idea – touchy subjects aren’t always best dealt with via email.
However these strategies still don’t answer the question of what companies should do to prevent email-based indiscretions like those that just took place at Boeing. Policy advisors and consultants suggest admonishing employees not to say bad things (i.e. training). Content filtering companies say they have a solution: scan for content in messages that might lead to lawsuits. Both approaches can help.
We suggest encouraging the use of personal email accounts in parallel with corporate accounts. This strategy isn’t completely risk-free. Just as the use of corporate systems for personal messages can cause problems, so too can anything that looks like a policy of pushing sensitive corporate communication out to personal mail accounts. Genuine effort to segregate personal and corporate mail is something that most IT departments might want to move a little higher up their list of goals for 2005.