Two years ago, Gary Loveridge had a sudden realization — the bad kind. As general counsel for Sutter Health, a nonprofit health-care network, he realized that the way his organization handled growing volumes of E-mail posed a risk. Sutter Health is a highly decentralized group with 40,000 employees spread across Northern California. Hundreds of thousands of E-mails flow daily across multiple systems, and back then, the only formal copies were stored on hard-to-search backup tapes that were regularly overwritten. In an industry rife with lawsuits, that was a problem. And without an easily searchable E-mail archive, discovery was extremely labor-intensive. “I looked at the costs involved in trying to respond to subpoenas, and it seemed it was going to be extraordinarily expensive without a new system,” says Loveridge.
Sutter Health is now rolling out a new program that will automatically capture and store E-mail in a centralized, nonrewritable repository that can be explored using a powerful search engine. From a risk-management point of view, CFO Bob Reed says the $1 million investment was a no-brainer. “We live in a very litigious society, and it’s obvious to me that as a high-profile organization we will have lots of lawsuits,” says Reed. “This seems like a pretty straightforward way to lower those costs.”
From Wall Street to Silicon Valley, companies in a wide range of industries have seen E-mail emerge as critical evidence in legal and regulatory matters. Motivated by those concerns and the desire to improve data-storage and retrieval capabilities to enhance internal operations, companies are formulating new policies and investing in electronic records management (ERM) technologies to tackle what can be a dauntingly complex chore. Gartner Inc. says the market for E-mail archiving technology grew 104 percent last year, and Forrester Research puts the compounded annual growth rate for records-management software at 159 percent from 2002 to 2006.
The concept is hardly new: as core IT competencies, storing and finding data have long loomed near the top of the list. But changes in the way business is done necessitate a fresh approach. Electronic information continues to mushroom. A University of California, Berkeley, study found that 92 percent of all new information is stored in digital format.
E-mail, the most troublesome source of electronic records, is growing not only in volume but also in business importance. In a recent survey conducted by the Association for Information and Image Management, 70 percent of respondents said they use E-mail to negotiate contacts, and nearly half use it to respond to formal regulatory inquiries. “Today businesses regularly execute contracts with a click, amend them with a voice-mail message and breach them with a blog,” says Randolph Kahn, founder of Khan Consulting Inc., which specializes in compliance, policy, and legal issues related to information management.
At the same time, recent regulations have upped the stakes. Sarbanes-Oxley and the Health Insurance Portability and Accountability Act (HIPAA) both include fines or prison sentences for mishandling certain types of records. Violations of retention rules from the Securities and Exchange Commission, the National Association of Securities Dealers, the Federal Drug Administration, the Occupational Safety and Health Administration, and myriad other federal and local bodies also carry stiff penalties.