Exchange Server 2010: Voicemail Compliance and Data Retention is a technical document recently released by Microsoft, that discusses the impact of Exchange Server 2010 on compliance an data retention.
This paper analyzes whether the use of Exchange would result in any change in legal obligations for companies with Sarbanes-Oxley obligations, SEC-regulated entities, auditors, educational institutions, or entities that store protected health information. The paper also provides an overview of other more general document retention issues that may arise from litigation, government investigations, or law enforcement requests. The paper concludes that the use of Exchange is unlikely to alter organizations’ record-retention obligations in the U.S. or E.U.
Here’s a summary of the conclusions:
- For the securities industry, the SEC requires regulated companies to retain business-related communications. This requirement applies to written communications, e-mails, instant messages and in some cases, voicemails. Based on these requirements, Exchange 2010 could act as a highly useful compliance tool and generally does not alter an organization’s obligations to retain voicemail messages.
- In the event of litigation, it is routine to order the preservation of e-mail, voicemail, and fax messages that an organization has maintained. Exchange 2010 does not add to nor subtract from that obligation. Exchange 2010, however, offers several advantages over legacy systems in meeting retention obligations by offering voicemail preview, cross-mailbox searching, legal holds, and fine-grained control over retention policies. These features, as well as others, make it easier for organizations to comply with their litigation-related obligations by reducing the compliance burdens (and costs) associated with preserving and producing messages or documents.
- Exchange 2010 provides enormous flexibility that allows organizations to customize their document retention policies. Because of Exchange’s unified structure, an organization may implement a single uniform retention policy that covers e-mail, voicemail, and fax messages. Conversely, an organization can create separate retention policies for different types of messages, different folders, or even specific messages.