View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
January 11, 2007

More email woe for Morgan Stanley

Morgan Stanley is in trouble again over its historical emails, having been accused of inappropriately deleting millions of emails it claims were lost in the 9/11 attack. Although many of the facts are in dispute, the bank is clearly unsure which emails it had back-ups of, the periods they covered, and where they were stored, which highlights yet again the importance of email management strategies.

By CBR Staff Writer

The US National Association of Securities Dealers (NASD) has claimed that the bank inappropriately deleted millions of emails, which Morgan Stanley claims were lost in the 9/11 terrorist attack. However, the company did not disclose that the email records still existed.

Although many of the facts in the case are in dispute – for example, Morgan Stanley claims that it did disclose the existence of the back-up tapes, while the NASD states that it did not – the fact remains that Morgan Stanley was not sure which emails it had back-ups of or where they were kept. This emphasizes yet again the importance of implementing an email management strategy, part of which must include the retention of emails.

Each time there is a story relating to an indiscretion regarding email, it provides IT security analysts with an opportunity to get on one of their hobby horses, and, over the past few months, there have been plenty of opportunities. Instances such as these emphasize the importance of putting in place effective email management systems that ensure that an organization knows exactly which emails it has and that they are discoverable.

The only effective way of achieving this is by implementing an email archive, and ensuring that emails are archived directly from the journal as soon as they are received by the organization and before an end user can delete them. This is particularly important for organizations in regulated industries such as the financial sector, where emails should be retained for several years.

However, implementing an archive alone will not guarantee a successful email retention policy. Organizations should also consider appointing a person with ultimate responsibility for managing the retention of information (not just emails), and ensuring that it is discoverable.

The number of companies that fail to implement email archives because they claim that they do not have the resources required to manage the archive, yet are forced to call in external consultants to help them locate the information, including emails, when they receive a discovery request is quite astounding.

In many cases, including that of Morgan Stanley, even after this discovery process has been completed at a very high cost, the company is still unable to state categorically that all relevant emails have been discovered, resulting in large fines being levied – fines that would have more than paid for an email archiving system, and a person to manage it.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

While companies fail to react to the threat of litigation or the increasing number of regulations that require the retention of information, including emails, we will continue to see companies such as Morgan Stanley face ever-larger fines, in some cases caused by a lack of email management many years ago. This calls for a policy to not only put future emails into an archive, but all the historical emails that reside on back-up tapes located in the vaults of an external storage facility.

Claiming that email back-ups were destroyed in a disaster several years ago is no longer a defense, as it can never be guaranteed that all copies were in fact lost or that there are not copies surviving on laptops or other mobile devices, which Morgan Stanley is discovering to its cost.

Source: OpinionWire by Butler Group (

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.