There is a degree of panic at the executive level within many organisations over the numerous new pieces of legislation governing record keeping, says Andy Mulholland, global CTO at IT services company Capgemini. "It is almost as if people believe they have to run their business in a way that lawyers can understand," he says. "That is no way to be operating a business."

Today organisations find themselves regulated by a growing catalogue of regulations - some designed to protect privacy, others aimed at protecting shareholders and enforcing good corporate governance. The upshot is that corporate information - and in particular, enterprise messaging - has to be managed with appropriate levels of care.

Historically, a company's important (paper) communications were likely kept in the director's filing cabinet or a firesafe. Today, however, crucial information might be generated in email, in instant message conversations, and, as businesses migrate to voice-over-IP networks, in digitally recorded calls.

What organisations need to store and for how long to meet their compliance obligations is a grey area to many. A recent study by storage systems vendor EMC found that 46% of the UK companies were unsure about how to structure their email policy to ensure compliance, and 32% did not have a policy at all.

The twin pressures of increased regulation and the growth in the amount of corporate data that needs storing and archiving has created corporate unease on how to manage the problem, says Capgemini's Mulholland. There is a need to control enterprise messaging, but not at the expense of business process improvement, he says: "It's like the genie has been let out of the bottle - make sure you get your three wishes before you push it back in."

But it is possible to meet regulatory requirements and ensure the business has better access to quality information, says Mike Usher, group security advisor at financial services company Prudential, "through intelligent archiving." He explains: "You can't control the messages an employee wants to send but you can educate them to classify their mail in a more intelligent way, so it's easier to search for and retrieve."

With so many laws potentially applying to individual messages, different approaches may be needed for different classes of message. Emails containing personal data, for example, should, under the Data Protection Act, be erased when they are no longer in use. Yet where organisations adopt simple back-up systems rather than archiving their messages, the prospect of finding and deleting all such mail is onerous and costly. "When there's nothing that says 'these are the emails to archive', nobody knows [the real cost] until it is highlighted by a [court] case," says Jonathon Tait, the director of product marketing at content security specialist Clearswift.

This has led some vendors to propose a coalescence of email archiving and content management technologies, so that context can be applied to stored messages.

"Message archiving and records management will merge [so] a single solution is used to manage all forms of records," says Erica Rugullies, an analyst at IT industry adviser, Forrester Research. "Firms will be able to apply automated classification mechanisms and granular retention policies." Hopefully that will begin to reduce the level of 'compliance panic'.

	Message archive revenue forecast Source: Forrester Research