The New York Times revealed earlier this week that former US Secretary of State Hillary Clinton used her personal email account to conduct government business, in violation of several government policies. Furthermore, according to The Times reporting, Clinton did not have an official government email account.
Several subsequent reports have indicated that Clinton's personal email account did provide government-grade security. However, using a personal account avoided recording of her correspondence, an important and legally-mandated procedure that provides a record of everything from future investigations and oversight, to allowing future generations of historians to study government policy based on the correspondence of our elected and appointed officials.
This revelation is likely all-too-familiar for IT leaders, who might be dealing with hundreds of staff, some of whom may use everything from Dropbox to Gmail to circumvent IT policies.
Preserving the "historical record"
While companies are unlikely to turn over troves of executive correspondence to historians at some point in the future, email is still the de facto means of communication between internal and external parties. If you doubt the importance of email archives, review any court case involving a large company in the past decade, and you'll likely find emails as key evidence in the proceedings. Email archives can also be critical internally, for everything from resolving vendor disputes to fairly investigating HR-related matters.
The leading email platforms all support archiving functionality, and with cheap storage and powerful search capabilities, the technical aspects of archiving are straightforward. However, be aware of the legal and reputational aspects of archiving. While it may be technically simple to activate archives for everyone in the company and retain all emails for decades, there are concerns well beyond hard drive space.
In the case of Clinton, as a public official there is a clear motivation to capture and preserve all communications, but for most companies an extensive archive can be a liability as much as it can be an asset. At a minimum, after consulting your legal team, work with HR to educate employees about what is being archived, and proper email etiquette.
Perhaps the greatest challenge for IT departments is that employers are no longer the technology provider of choice for most employees. During the rise of corporate IT, it was simply not cost effective or possible for a single person to equip themselves with a half-dozen highly connected computing devices, or to provision everything from an email account to a full CRM system with little more than five minutes and some basic information.
With many of these services being easier to use than the company equivalent, you'll likely experience employees who don't even request a company account, lest they give up their preferred email system. Furthermore, many employees are becoming increasingly like politicians in that they migrate between jobs every few years, avoiding too much attachment to their current employer's infrastructure. Just as the State Department seems to have assumed Clinton would acquire a government email account, many companies are likely making similar assumptions to their detriment.
Enforcing compliance can seem like a heavy-handed affair, but in most cases it can be done relatively painlessly, especially when you treat employees like trusted adults and avoid creating a hundred-page manual of "Thou Shalt Not" policies and procedures. Build basic IT-related checks and balances into your employee onboarding and offboarding procedures. If your company frequently deals with contractors and temporary workers, much of this work may already be complete, and can be adapted to employees who look increasingly like temporary workers. Explain to new employees that the archiving and record-keeping abilities of company email are just as important as the ability to exchange messages, and that a record of their communications is as critical to protecting the company as it is to providing employees with security badges and expecting them to lock the front door.
It is incumbent on the IT department to ensure that each new employee is provided with an email account, and receives the message that company-provided email is an important tool, both for facilitating communications and providing a historical record of communications made on the company's behalf. We can no longer assume that employees will happily adopt company tools, as many will arrive at your doorstep with preferred email accounts and other IT tools in tow.
While you may not be dealing with a possible Presidential candidate, you'll likely face strong personalities who question why they must use a potentially inferior company-provided tool. By using thoughtful policies and treating your employees respectfully, you'll likely avoid key gaps in your own "historical archive."
- Hillary Clinton takes shadow IT mainstream (ZDNet)
- Pro tip: Archiving email in the Android Inbox app (TechRepublic)
- Download: Electronic Data Retention Policy (Tech Pro Research)
- Ebook: IT Professional's Guide to Policies and Procedures, 4th Edition (Tech Pro Research)
Disclaimer: TechRepublic, ZDNet, and Tech Pro Research are CBS Interactive properties.
Patrick Gray works for a global Fortune 500 consulting and IT services company and is the author of Breakthrough IT: Supercharging Organizational Value through Technology as well as the companion e-book The Breakthrough CIO's Companion. He has spent over a decade providing strategy consulting services to Fortune 500 and 1000 companies. Patrick can be reached at firstname.lastname@example.org, and you can follow his blog at www.itbswatch.com. All opinions are his and may not represent those of his employer.