Companies ignoring compliance
Research claims that businesses are unaware of what even constitutes a breach of legislation
More than 87 per cent of the UK’s blue chip companies have admitted to breaching current email compliance legislation, according to a study by Corporate VAR SCC.
The study questioned FTSE-listed organisations across vertical markets including financial, legal, insurance and retail, at SCC’s recent email compliance conference, held in partnership with Sun.
Results also revealed that none of the organisations had a fully compliant email policy in place and lacked confidence in their ability to comply with requirements set out in the Data Protection Act and Sarbanes-Oxley. More than half experienced compliance-related issues in the past but none of those questioned planned to resolve the situation by implementing an email management system.
Paul Eccleston, UK business solutions director at SCC, said: "Organisations need to take a more assertive approach towards tackling compliance. Liability in most cases remains with the data owner, so it’s in a businesses interest to ensure senior staff implement secure email management systems. With fines of up to £3m and criminal penalties of up to 20 years, this issue should be at the top of businesses agenda.
"The issue will continue to escalate as companies face up to more stringent regulations, such as Sarbanes-Oxley, Data Protection Act and Freedom of Information. Despite providing the mainstay of business communication, organisations must be made aware of the full exposures and liabilities that they face from email," he added.
Stephen Mason, legal director at email compliance vendor Cryoserver added: " As a starting point organisations need to understand what constitutes misuse. Email is now the life blood of business today, for both commercial and public organisations. Many senior people avoid making themselves aware of their legal position and how to protect themselves.
"Education will continue to be a significant part of the process. Working w ith the regulators, legal experts and technology providers, organisations can ensure that they do not leave themselves in a vulnerable position. Despite a lack of knowledge around the area of email compliance, ignorance will not be accepted as an excuse by the regulators."