Outbound E-mail = Inbound Issues

A story on Law.com entitled "Outbound E-Mails Spell Inbound Legal Trouble for Corporations" points to a recent study from Proofpoint.com on how corporations are concerned about the content of their outbound e-mail.

outbound email This is Proofpoint’s fifth annual study of outbound e-mail and is designed to examine the level of concern about the content of e-mail and how large organizations are mitigating the risks associated with outbound messaging. This year’s study also expanded to include a look at Web-based e-mail, blogs, social networking sites, etc.

The study received responses from a total of 424 "IT decision makers" including CIOs and IT directors from the US, UK, Germany, France and Australia.

Here are a few highlights that perked up my e-discovery ears:

"In non-compliant e-mail messages leaving your organization, what is the most common form of inappropriate content?"

  • 30% – Adult, obscene or potentially offensive content
  • 26% – Confidential or proprietary business information about your organization
  • 17% – Personal healthcare, financial or identity data which may violate privacy and data protection regulations
  • 13% – Valuable intellectual property or trade secrets which should not leave the organization

"Using your best estimate, what percent of your organization’s outbound e-mail contains content that poses a legal, financial, or regulatory risk to your organization?" Answer – 12%.

56% of US respondents indicated that they are "concerned" or "very concerned" about e-mail sent from mobile devices (smartphones or other wireless, Internet-connected devices) as a potential conduit for exposure of confidential or proprietary information.

56% of US respondents indicated that they are "concerned" or "very concerned" about Web-based  e-mail (i.e. services such as Google Mail, Yahoo! Mail, Hotmail, etc.) as a conduit for the exposure of confidential information.

Regarding Policies:

  • 98% of US companies (100% in UK) have an "acceptable use policy for e-mail" that includes personal use rules, monitoring and privacy policies, offensive language policies, etc.
  • 84% of US companies (75% in UK) have an "e-mail retention policy" that defines what information sent or received by e-mail should be retained and for how long.

24% of US companies reported that they produced employee e-mail in the past 12 months subject to a civil or criminal subpoena. In US companies with 20,000 employees or more, that number rose to 34%. Elsewhere in the world, employee e-mail was subpoenaed less frequently – 6% in UK, 10% in Germany, 10% in France, and 3% in Australia.

"How important to your organization is reducing the legal and financial risks associated with outbound e-mail in the next 12 months?" Answer – 57% of US companies answered that it is "important" or "very important" for their organizations.

"How important to your organization is reducing the legal and financial risks associated with outbound HTTP traffic (e.g., Web-mail, blog postings, etc.) in the next 12 months?" Answer – 51% of US companies answered that it is "important" or "very important" for their organizations.

Survey can be downloaded here or Rob Robinson has posted it here on his Complex Discovery blog.

Leave a Reply

Your email address will not be published. Required fields are marked *