Recognizing and addressing the dangers of the casual nature of electronic messaging will minimize organizational risk. Putting an electronic communications plan in place is vital to protecting a company's reputation, its business interests, and its compliance success.

In any single day, millions of e-mail messages are sent and received by organizations - and nearly every day the media breaks the details about the latest scandal to be uncovered through evidence in those messages.

Protecting the organization by ensuring regulatory compliance is paramount in today's business environment, and many organizations start by securing e-mail. This is a necessary step - but a tactical one - that pursues only the "e-mail-as-evidence" pain point. Forward-thinking organizations are only at the cusp of realizing the magnitude of this quandary. The risks are not married solely to business regulations or to e-mail as a messaging medium.

Compliance

Stringent securities and Exchange Commission and National Association of Securities Dealers regulations on managing e-mail and instant messages have forced U.S. financial service providers to the forefront of adopting compliance practices. Other vertical industries have been equally affected. For example, within the U.S. healthcare community, the Health Insurance Portability and Accountability Act set the standards for securing the privacy of patient information.

A dynamic influx of U.S. and non-U.S. regulations and legislation - vertical and horizontal - has paralyzed business activities. For example, according to a June 16, 2005, Wall Street Journal article, the cost of complying with the U.S. Sarbanes-Oxley Act of 2002 was then ranging from $1.6 million to $4.4 million per company each year. As a graduate student at the University of Rochester in 2005, Ivy Xiying Zhang gained global media coverage of her event analysis of the July 2002 House and Senate debates over competing versions of the bill. Zhang postulated that the debates led to investor uncertainty resulting in falling stock prices and market losses of $1.4 trillion.

However, the total cost of compliance for any mandate will differ wildly based on the type of analysis used. Undisputable, though, is the potential financial drain to become compliant, as well as the financial drain should an audit reveal areas of noncompliance.

Many argue that although the cost of becoming compliant is high, the upside is well-structured accountability, improved organizational creditability, and customer protection. Capitalizing on that premise, vendors across-the-board have declared that they have the solution. In the case of e-mail and instant messaging management, the solution may take the form of policy-based filtering, categorizing, indexing, archiving, document management, or record management software - which turns the unstructured message body into a "record." Outsourcers can host all or part of the solution. Professional services firms can design the implementation of the technical and business processes. The e-mail and instant messaging compliance market is undergoing tremendous consolidation; however, no vendor today can provide a holistic, integrated solution.

Privacy

Federal and regional privacy legislation dictates the degree of privacy required for customer- and employee-sensitive information. For example, student-record information is protected in many school districts. Communications held between an attorney and a client are protected as privileged information. Federal and local Freedom of Information Acts control the processes by which citizens can obtain government-held information about themselves. Organizations that wish to do business globally must understand how to get through the maze of complex and changing privacy mandates.

Civil Actions

Amid confusion about best practices to manage messaging for compliance, organizations must also mitigate the risks of civil lawsuits and corporate embarrassment - often initiated by employees exhibiting poor judgment. The following examples indicate the types of risk e-mail can pose to an individual or business.

Love on the Internet. In December 2000, Claire Swire sent a sexually explicit e-mail message to her boyfriend, Bradley Chait. Chait, a lawyer with the London-based law firm Norton Rose, forwarded the e-mail message to several friends, who forwarded it to several of their friends, and so on. What Swire intended as a private message found its way, according to the media, to 10 million mailboxes across the Internet. Swire suffered personal embarrassment, to be sure, but beyond that, Norton Rose's reputation was victimized by global ridicule because Chait forwarded the original message from his Norton Rose e-mail account. (Chait was suspended temporarily and his year-end bonus, along with those of nine of his friends, was revoked.)

Love Leads to Federal Indictment. The case of the United States v. Kammersell, 196 F.3d 1137 (10th Cir. 1999) examines an incorrect method for dating. Utah resident Matthew Kammersell wanted to spend some time with his girlfriend, who also lived in Utah. So Kammersell used America Online (AOL) Instant Messenger (AIM) to send a bogus bomb threat to his girlfriend's AIM account. His goal was to cause her office to close for the day so they could enjoy some time together. Kammersell never imagined that he would be in violation of U.S. Interstate Commerce Commission (ICC) regulations, but his instant message traveled the Internet through AOL's servers in Virginia. Kammersell was indicted and found guilty of violating of ICC 18 U.S.C. § 875(c), which makes it a crime to transmit a threatening communication through interstate commerce.