Office 2003 sparks data retention row
The launch of Microsoft's Office 2003 has led to calls for more awareness and enforcement of corporate email usage policies.
The launch of Microsoft's Office 2003 has led to calls for more awareness and enforcement of corporate email usage policies.
Link: Microsoft launches Office 2003
The new Information Rights Management functionality in the latest version of Microsoft Office is designed to protect against the unintended proliferation of sensitive information.
New features include the ability to limit which recipients can open, edit, copy or even print emails or documents.
But industry experts have warned this could lull employees into a false sense of security about the management of sensitive corporate information.
Simon Stokes, head of ecommerce law at Tarlo Lyons, told VNU News Centre: ‘The fact the Microsoft technology allows you to manage email is good, but it does stress the need to have proper data retention and email usage policies and make sure that employees’ email use is consistent with that.’
The Financial Service Authority said it was aware of the issues the technology raised: ‘This is a far wider issue – not just for us and not just for corporate use. We don’t envisage issuing guidelines on how the technology should be used, but regulatory authorities have to keep pace.’
Jamie Cowper, senior technology consultant at messaging specialist Mirapoint, said if it encouraged complacency then it would be a step backwards. And simply including email usage policies employment contracts was not enough, Cowper added.
‘You need a separate policy. You also need to make it clear to people what is and isn’t allowed and that there will be an element of electronic supervision.’
The prospect of increased controls over sensitive information has benefits in the light of corporate governance regulations such as Basel II, and even incidences involving personal email correspondence such as the Claire Swire case.
But although the features may make it more difficult for sensitive emails to drop into the wrong hands, it does not delete them from hard drives or mail servers. They can still be viewed by administrators and companies are still liable if the content is incriminating.
‘People also have an uncanny knack of overcoming technical limitations if the information is valuable enough,’ Cowper added.
A Microsoft spokeswoman said: ‘This functionality is to help control the flow of information. But IRM can be defeated by any determined individual and in no way should it interfere with email and document retention policies.’