you shouldn't proceed under the assumption that government
regulators are out there giving IT staff lists of words to be used
in "full-text search" of E-mail archives. That is not the law, and
it is not how subpoenas are issued.
First: I clearly noted that legal (or compliance, if distinct) is
given all documents, including criteria for an archive search, and
that IT staff are not responsible for the search. IT is expected to
create a system that compliance officers can use independent of IT (in
turn respecting employees' privacy from sysadmins' snooping,
restricting access to those that perform that role professionally).
The full retention media must also be made available, but the
regulators will request pruned material. You seem to think that you're
really going to hit it off with regulators by coolly giving them hard
drives with terabytes of raw mbox data and nothing more. You obviously
don't know how it feels to be faced with hundreds of millions of
dollars in fines and the knowledge that every day you delay is another
day with your company name in the papers as an "ongoing
investigation." You do not mess around or play tough on producing
records; you will only go down harder. The examples are legion.
Second: last you wrote, you'd only been involved in an investigation
that was not bound to SOX or SEC regulations. I see nothing in your
new comments, though they're more verbose, that's any more
authoritative. Your isolation of SOX seems deliberately naive, since
it is commonplace for SOX's open-ended storage requirements to be
allied with SEC 17a-4 requirements to ensure coordination between
departments and guarantee prompt response to inquiries without the
perception of considered obstruction through negligence. And no
organization creates separate SOX-compliant systems and SEC-compliant
systems if bound by both.
Third: my notes are based on our work with three different clients' IT
staffs, their inside and outside counsel (two different outside
firms), and documents submitted by regulatory agencies that were
specific to the cases; it is also based on the experience of building
the original, incomplete archiving systems for these clients and later
expansions and revisions of these systems to achieve independently
verified SEC/NASD compliance.
Fourth: there were no "enemy lawyers" involved, unless you consider
those attempting to prevent criminal actions--in this case, stealing
millions from individual investors to benefit secret corporate
alliances--to be your "enemies." Yet, if those are the enemies in
question, I'm surprised you're opposed to _Ipswitch's_ recent
activity. Aren't they just following in the footsteps of Enron by
concealing their probable dead-end status while soliciting huge monies
for nonexistent products? How can a private company's secrecy and
price gouging be such an abomination, based on the insults you've used
on the IMail list, while here you encourage a public company's
destruction of records wherever you perceive a loophole?
--Sandy
------------------------------------
Sanford Whiteman, Chief Technologist
Broadleaf Systems, a division of
Cypress Integrated Systems, Inc.
e-mail: [EMAIL PROTECTED]
SpamAssassin plugs into Declude!
http://www.mailmage.com/products/software/freeutils/SPAMC32/download/release/
Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases!
http://www.mailmage.com/products/software/freeutils/exchange2aliases/download/release/
http://www.mailmage.com/products/software/freeutils/ldap2aliases/download/release/
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
