Email Communications of a Security Management Office - Coursework Example

Running Head: Email as Legal Evidence A Plan to Ensure That Email Communications Of A Security Management Office Are Not Used as Negative Legal Evidence Abstract The objective of this research is to present updated discourse on the use of the electronic mail as legal evidence in the courts of law. In addition, one of the goals of any corporate entity, especially of a security management office, is to ensure that their organization is protected from negative evidence brought about by email correspondences. This paper would propose a plan of action to assure its safety on using email as legal evidence. Introduction The extensive use of electronic mails (emails) through the internet brought about by advancement in technology in this decade pervaded the boundaries of law. The origins of the internet dates back to as early as 1960s. Its evolution changed the course of communication and computer technology spanning a diversity of people and cultures. The benefits that the email has accorded are so enormous and innovative that the generation today could not imagine a world without it. The objective of this research is to present updated discourse on the use of the electronic mail as legal evidence in the courts of law. In addition, one of the goals of any corporate entity, especially of a security management office, is to ensure that their organization is protected from negative evidence brought about by email correspondences. This paper would propose a plan of action to assure its safety on using email as legal evidence. Email as Legal Evidence In an article written by Bruhahn (2003), “email is considered a legal document in the court’s eyes, and can either help vindicate you or help convict you in a legal battle”. There are government regulations requiring organizations to archive electronic data to ensure easy availability and accessibility in times of legal battles. Bruhahn continued to aver that “thousands of U.S. businesses fail to meet government regulations regarding the secure archiving of electronic data, despite possible penalties that include imprisonment and heavy fines. Sometimes businesses put themselves at risk because theyre cavalier about the consequences of noncompliance, experts say -- but they also do so, in many cases, because they dont understand the regulations or because theyre unable to make compliance a priority within their organizations”. Besides archiving problems, organizations are aware that email as legal evidence also faces problems of authentication and hearsay rules. O’Donnell and Lincoln stressed in their article on Authenticating E-Mail Discovery as Evidence that “authenticating an e-mail presents issues not faced with a traditional letter with its formal letterhead, paragraph structure and signature block… e-mails are arguably more susceptible to after-the-fact alteration.” (2007) The hearsay rule is presented by O’Donnell and Lincoln (2007) to wit: “the second major hurdle for getting an e-mail into evidence is the hearsay rule. By definition, hearsay is an out-of-court statement" offered in evidence to prove the matter asserted." The first way, therefore, to overcome a hearsay challenge to the admission of an e-mail is to claim that its not hearsay at all”. They also presented exceptions to this rule making emails reliable in context. These cases are : (1) using emails as business records for corporate entities (“An e-mail might fit this "business records" exception if the company -- not just the individual, but the company itself -- has a reliable practice of sending, receiving and storing that kind of e-mail. A company might have that kind of practice if it takes and records purchase orders via e-mail. Notably, an e-mail that fits into the "business records" exception may also be self-authenticating, under Rule 902(11), if its authenticity is supported by an affidavit”.); (2) e-mails used on the basis of "present sense impressions," or even as "excited utterances,"(“ if one can show that an e-mail was written while perceiving an event or immediately thereafter, or while under the stress caused by a startling event, it might meet the "present sense impression" or "excited utterance" standards of rules 803(1) and803(2)”) ; and (3) if an email is written within 10 minutes after the event.(O’Donnell & Lincoln 2007) Security Management Office A security management office’s basic responsibilities are ensuring safety and protection of all the resources of the organization. The function entails detection of any kind of intrusion and initiating appropriate actions to ward off and prevent harm or damage to the organization, as a whole. Using this underlying role of security management, any correspondence (including electronic mails) from internal and external sources which are deemed harmful or risky, or violating the rules of privacy and poses intrusion to the organization should be properly screened, evaluated, assessed and endorsed to proper authorities. The objective of security management in terms of email correspondences would be to preserve their authenticity and adhere to the utilization of electronic mails as routinely undertaken for business purposes only. “Under Federal Rule of Evidence 803(6), however, only ‘if it was the regular practice of that business activity’ to make that record can a document come into evidence under the exception of ‘business records’”. (O’Donnell & Lincoln 2007) The security management office should seek the assistance of the company’s information technology department for screening, assessing and archiving the necessary data in preparation for any legal issues in the future. Plan of Action Compliance to Government Regulations. With proper coordination of top management and the information technology department, the security management office can work in complying with regulations imposed by the government regarding archiving electronic data. As advised by Bruhahn (2003), the company should include the following features for email archival solution: (1) ongoing inventorying and analysis of email is required; (2) compliance against alteration; (3) storage efficiency; (4) consideration for other system variables such as server utilization, amount of email traffic and heavy email users; (5) platform and configuration independence. New Policies on Email Correspondences. Due to the significance of any repercussions which might ensue from irresponsible emails, security management office should take the initiative of recommending to top management that new policies on email correspondences should be disseminated to all personnel. As evidenced from several lawsuits using email as legal evidence, Bruhahn (2007) noted the following: “Merrill Lynch is once again cautioning its staff to watch what they write in e-mails. E-Mails and other writings composed with little forethought, during a period of frustration...have the potential to cause enormous damage.” In this regard, internal email correspondences which do not promote regular business activity should be prohibited. Actually, in some organizations, the numbers of personnel who are given access to emails or to the Internet have been limited to higher levels. By doing this, traceability and accountability would be easier to manage. Regular Orientation, Training and Monitoring of Employees. The Human Resources Department should include in its programs for personnel development, the regular orientation and training for ways to properly correspond using electronic mail. Employees should be made aware of the risks associated with irresponsible emails. In close coordination with the Information Technology Department, quality assurance checks and surprise reviews of electronic data on employees’ hardware should be made to evaluate compliance to policies regarding email correspondences. New rules on infractions and violations to these policies should be incorporated in the company’s code of discipline. Utilize registered Email According to Pearlman, a company can ensure receipt for their sent messages through RPost. “RPost protects the sender with proof of their entire e-mail transaction by providing a registered receipt (which is legally valid evidence) that your registered email was sent; that it was received and when that took place. It also verifies the content of the e-mail message sent, including all the attachments!” More importantly, Pearlman added that, “the Federal Government has tested, approved, and accredited RPost, and they use it in the arm of Congress known as the GAO (Government Accountability Office).” (Pearlman 2007) Conclusion The importance of recognizing that individuals should carefully think and evaluate whatever they plan to write would be a first requirement for responsible emails. With the prevalence of lawsuits utilizing emails as legal evidence, more and more organizations are obliged to adhere and comply to email retentions regulations and maintaining appropriate archiving solutions. These means additional capital expenses for the companies in terms of integrating new applications for both software and hardware products to cater to the company’s needs. However, instead of facing the risks, penalties and possible imprisonment for noncompliance, organizations should make strategical plans to ensure that emails, if used as legal evidence, would be for the benefit of the company, rather than, its conviction. Security management, in cooperation with all the departments and personnel of the organization, can help prevent negative issues on email being used as legal evidence if they would jointly protect the standards of excellence that the organization stands for. Works Cited Bruhahn, B.R. (2003). Email – What will you do when the subpoena arrives? Sandpiper Data Systems, San Diego, CA. Retrieved on April 8, 2009 from O’Donnell, B. & Lincoln, T.A. (2007). Authenticating E-Mail Discovery as Evidence. The Legal Intelligencer. Incisive Media US Properties, LLC. Retrieved on April 8, 2009 from Pearlman, A. (2007. ALM LAW JOURNAL NEWSLETTERS©   ). How Good Is Your e-Mail Evidence? RPost® Registered E-mail® Gives You the Courtroom Edge LAW.COM. Retrieved on April 8, 2009 from Read More