Ross, Suzanne. Find Your Lost Data. Microsoft Research

Find Your Lost DataMore on Stuff I've Seen (SIS) research initiative at MSR ... with new info on Stuff I Should See and a link to Phlat project. Stuff I Should See is somewhat along the lines of the Memigo portal. Interesting ...

Germain, Jack M. E-Mail and Instant Messaging Face Compliance Challenges. TechNewsWorld. Sept. 21, 2004.

Technology News: Trends: E-Mail and Instant Messaging Face Compliance Challenges Interesting quote from R.W. Smith brokerage in which they state a requirement to store all IM and e-mail in searchable format for 3 years. Also info on compliance deployment at Akonix and reference to FDIC statement concerning management of IM solutions in "Guidance on Instant Messaging" warning.

Hartman, Thomas E. The Impact Of Sarbanes-Oxley On Private Companies. Foley & Lardner LLP. Sept. 14, 2004.

Foley & Lardner - United States - The Impact Of Sarbanes-Oxley On Private Companies (14/09/04) from Mondaq Well-written article from a legal perspective detailing SOX impact on private companies. Great reference detailing survey results of good cross-section of privately-held companies.

Stone, Amey. Hardly Ready for Sarbanes-Oxley. BusinessWeek Online. Sept. 20, 2004.

BW Online | September 20, 2004 | Hardly Ready for Sarbanes-Oxley The scramble to comply continues ...

Johnston, Michelle. Executing and IT Audit for Sarbanes-Oxley Compliance. informIT. Sept. 17, 2004.

Articles Part 2 of 2.

Johnston, Michelle. Planning an IT Audit for Sarbanes-Oxley Compliance. informIT. Sept. 10, 2004.

Articles Part 1 of 2.

BBC News. Hard drive secrets sold cheaply. BBC. Jun 9, 2004.

More about security policies than compliance, but illustrates the risks associated with mobile devices and has implications on e-mail policies and PST control.

Sidener, Jonathan. Portable pilfering. SignOnSanDiego.com. Sept. 6, 2004.

Really insightful and thought-provoking article on the risks associated with thumbdrives, USB memory sticks, iPods, etc. from a corporate security and information management perspective. Some good examples including Morgan Stanely VP who sold a used Blackberry on eBay containing unprotected yet sensitive e-mails.

Harrison, Marion Edwyn Esq. E-Mail: When Convenience And Danger Collide. American Daily. Aug. 24, 2004.

Multiple examples of how e-mails have come back to haunt various companies. Touches on (directly or by implication): zeroing out e-mail data; malicious use of others' e-mail; ISP staff reading e-mail relayed through their network; risks of e-mail vs. oral discourse; risk of misinterpretation associated with hastily typed e-mail, and finally; risks of personal use of business e-mail systems, including inadvertant buty apparent actions as an authorized agent and associated liability. Very good article.

Paul, Brian P. Is your employee handbook evolving with technology? Wisconsin Technology Network. Sept. 20, 2004.

Examples of risks posed by technology (i.e., e-mail, IM) from an HR perspective. E-mail threads create a documented history of communications amongst employees, which can end up in court as part of discrimination or harrassment charges, for example. Recommendations include creation of a corporate instant messaging policy that addresses retention policies and appropriate usage for IM.


Ramasastry, Anita. The Proposed Federal E-Discovery Rules. FindLaw's Legal Commentary. Sept. 15, 2004.

Great article written from a legal perspective addressing the age old question of e-mail deletion along with some example case history and discussion of proposed new e-discovery rules.

IDG News Service. Microsoft lawsuit leads to e-mail destruction questions. Storage.itworld.com May 24, 2004.

Older article concerning Burst.com case against Microsoft. Interesting example of a company having to undergo discovery operations to locate e-mails meeting certain criteria.

Riley, James. Protecting Smart Property. Australian IT. Sept. 21, 2004.

Discussion largely centered around strategic importance of Microsoft digital rights management technologies.

Enderle, Rob. How To Justify New PC Hardware or Get Your CIO Fired. TechNewsWorld. Sept. 20, 2004.

Discussion of a new report available from The Institute of Internal Auditors Research Foundation called "PC Management Best Practices: A Study of the Total Cost of Ownership, Risk, Security, and Audit." Report is available for purchase here: http://www.theiia.org/iia/bookstore.cfm?fuseaction=product_detail&order_num=482

Lauchlan, Stuart & Divina Paredes. Legally bound. MIS Magazine.

Some good rationale listed for close relationship between IT departments and other business units in a given company (esp. legal) from a compliance perspective.

Sinclair, Andrew. Professional Brief. The Herald. Aug. 30, 2004.

Some good examples of e-mail retention ... with a few useful guidelines e.g., keep e-mails "authorising expenditure, policy or negitiotiations" among other things.

Mullaney, Timothy. The Irrelevance of Frank Quattrone. BusinessWeek Online. Sept. 10, 2004.

More on the single e-mail that cost Frank Quattrone his reputation, and alot of money.

Copple, Robert F. Firms must pick which data to save. The Republic. Sept. 12, 2004.

Really simple and well-written discussion of e-mail and electronic document retention. Key points: discovery can be expensive; litigation can be debilitating; illegal destruction of e-mail is a bad thing; saving data that doesn't need to be saved can be a bad thing; retention policies need to be simple; complex policies get ignored; document categories for retention purposes should be broad for simplicity; retention time periods should also be simple; selective and automated destruction is a good thing. Mention of Intel's "Pack Rat Day". Great mention of oft-overlooked backup tapes with some good suggestions for backup rotations. Overall a great article!


[Vendor Press Release]. Symantec to Acquire @stake. Sept. 16, 2004.

Interesting announcement by Symantec to acquire this application security software vendor.

Chen, Raymond. A visual history of spam (and virus) email. Sept. 16, 2004.

A visual history of spam (and virus) emailThanks to one of my colleagues for pointing this one out ... interesting visualization of SPAM metrics. (It's been suggested that someone had alot of spare time on their hands and I concur!)

Sengupta, David. Storage Management Considerations Pertaining to Compliance and Exchange. You Had Me At EHLO ... Sept. 16, 2004.

Storage Management Considerations Pertaining to Compliance and ExchangeThe Exchange Team just posted my blog submission on storage management considerations from a compliance perspective. Have a read and let me know what your thoughts are! I wrote this back in August based on my related blog posting here, ... stay tuned for news of a white paper on a related topic ...

Joyce, Erin. Equant Throws Hat Into E-Mail Archiving. Enterprise IT Planet. Sept. 1, 2004.

Equant Throws Hat Into E-Mail Archiving Equant, a provider of Exchange hosting services, has just announced that archival will be part of their outsourced solution. More information on Equant's offerings can be found here.

Muse, Dan. Detect and Block IM - for Free. Enterprise IT Planet. Sept. 15, 2004.

Detect and Block IM - for Free Looks like this article was largely influenced by IMLogic, however still some good information on managing and/or blocking IM usage in the enterprise. References a free tool to block all IM usage. Emphasizes that SOX and HIPAA require archival (under certain conditions) of corporate e-mail "and similar communications".


Barnako, Frank. Microsoft reverses blog decision. CBS MarketWatch. Sept. 16, 2004.

Microsoft reverses blog decision: "Microsoft reverses blog decision". Interesting story illustrating the momentum that's growing around Blogs and RSS. Will be very interesting to see where these technologies go ... companies will have an increasing interest in controlling and managing these types of technologies over the years to come.

Jacques, Robert. IT failing to cope with compliance demands. Forbes.com. Sept. 16, 2004.

Forbes.com: IT failing to cope with compliance demands Article discusses UK survey in which 39 percent of respondents said they were not doing well in supporting regulatory requirements from an IT management perspective.


Sengupta, David. [Vendor News] Beta Availability of PST Management Solution. Sept. 14, 2004.

FYI in case anyone is interested, Quest Software has recently begun beta testing on a PST management solution branded "Quest Archive Manager for Exchange". This product is positioned to assist companies interested in getting control over PST usage in their environment ... especially of interest to companies concerned with e-mail compliance issues. Many of the cases blogged on this site illustrate the risk that e-mails can pose from a liability perspective. If you read my blog awhile back on "Factors to Consider in Implementing an Exchange Compliance Solution. [Aug. 25, 2004]" you'll recall that PSTs (and other offline data) were one of the four major areas that need to be managed as part of a compliance solution for Exchange. Once installed in your environment, Quest Archive Manager for Exchange will automatically discover all PSTs defined in all MAPI profiles on all computers in your environment. These PSTs will be migrated to new mailboxes created on a central "nearline" Exchange server that has been allocated to lower-priority message retention. The MAPI profiles are rewritten to replace PSTs with (a) secondary mailbox(es) of the same name, so the end user will only see the change in icon within Outlook's folder listing. User ability to create new PSTs will be limited/blocked; the net result is (i) removal of all active PSTs across your environment; (ii) centralization of all data that was in PSTs to (a) central Exchange server(s) where it can be managed, analyzed, backed up, etc. and; (iii) control over all future PST creation across the environment. If you are interested in being part of this beta, send me an e-mail at david dot sengupta at quest dot com and I'll forward this on to the appropriate parties.


Deutsche Bank and Thomas Weisel settle securities case for $100M. San Francisco Business Times. Aug. 26, 2004.

Deutsche Bank Securities Inc. fined $87.5M and Thomas Weisel Parnters LLC (Merchant banking) fined $12.5M as part of SEC charges that they failed to provide timely evidence. They ended up scouring over several hundred thousand emails as part of the investigation.

Sorkin, Andrew. Verdict looms for famed US banker. The Age. Sept. 8, 2004.

Today Frank Quattrone will be sentenced for his role in obstruction of justice investigation against him while at Credit Suisse First Boston. Hinges on an e-mail he sent saying simply "clean up those files".


Butzel Long - Sarbanes-Oxley Info Center

Just stumbled across this info center maintained by Butzel Long (leading Michigan law firm). Some really useful documents here notably the docs on SOX impact in private companies ... see Sarbanes-Oxley Act: Overview and Impact on Private Companies PPT and PDF and browse the rest of the docs in the library. Great stuff!

Rose, Michael. Experts try to resurrect SAIF files. Statesman Journal. Aug. 28, 2004.

Excellent article that inadvertently showcases various elements of e-mail forensic recovery specific to allegations against the former president of SAIF Corp. Discussion includes: e-mail as public record; violation of retention policy; forensic discovery of e-mail; backups & policy; cost of forensics; inappropriate disposal of data media; etc.

Kirkpatrick, Katherine. USC Web mail deletes e-mails 180 days old. Daily Trojan Online. Sept. 3, 2004.

According to this article the USC just recently implemented a 180-day e-mail retention policy. All e-mail across the USC e-mail environment will automatically be deleted after 180 days. The article suggests this was driven by the Office of the General Counsel of the University and is related to search costs, security and privacy issues.

Wagner, Jim. Microsoft Faces Lawsuit Over Caller ID for E-Mail. Aug. 11, 2004.

F. Scott Deaver (Owner, Failsafe Designs) has recently announced plans to launch a lawsuit against Microsoft concerning Caller ID technologies, claiming patent infringement.

Casey, Mike. How Sarbanes-Oxley will affect privately held companies. SearchStorage.com. Dec. 5, 2003.

Some good responses from a fellow TechTarget expert on how Sarbanes-Oxley could affect privately-held companies.

NASD Press Release. NASD Orders First-Ever Suspension of Mutual Fund Business and $600,000 in Sanctions Against National Securities Corp. Aug 19, 2004

NASD press release concerning fine and prohibition against National Securities Corp. NASD charged that National was using deceptive market timing and ordered National "to correct supervisory and email retention deficiencies" along with issuing numerous fines (corporate fine of $300,000; president and COO each fined $25,000; president supervisory suspension for 1 month; COO supervisory suspension for 4 months).


Microsoft Corporation. Working with the Exchange Server 2003 Store. Aug. 25, 2004.

Microsoft just published this great resource on working with the store within the context of Exchange Server 2003. Great read.