Risk & Compliance

Computer Associates E-mail Policies Probed

Officials at the maker of E-mail backup systems are reportedly taking heat because the company doesn't back up its own message server.
Stephen TaubFebruary 13, 2004

Federal authorities are questioning officials of Computer Associates about its E-mail retention system and policies, according to Newsday. The questioning is tied to an investigation of the software giant’s accounting practices, the newspaper reported.

Investigators have reportedly already interviewed a high-level CA information officer about backup policies, including those for the E-mail system.

The government officials are questioning why CA has a long-standing policy of not backing up its E-mail server even though it routinely recommends this precaution to clients, according to the paper, which cited a person close to the company.

Ironically, CA makes products to automate E-mail backup. And Newsday points out that a Web site promoting some of CA’s software even recommends that a corporate E-mail strategy “should … encompass backup, protection and restoration” of the server.

CA’s E-mail retention policy, however, requires that all employees destroy E-mails after 30 days, according to a copy of the policy shown to Newsday. “Each employee is responsible for permanently deleting e-mails as soon as practical,” the policy reads, according to the paper. “Pursuant to CA’s Record Retention Policy, all e-mail must be permanently deleted from CA’s Information Systems within thirty (30) days of receipt, unless you are otherwise directed by CA management.”

The problem with such a policy is that investigators frequently search corporate E-mails as evidence when conducting their probes. CA spokesman Dan Kaferle told Newsday, however, that the company was “in compliance with [new securities law] requirements” for retaining E-mail. “Among other things, in accordance with its policy, CA previously instructed employees not to destroy any records that might be needed for the pending government investigation,” he added.

The company also defended its E-mail backup policies. “The claim that we don’t back up our servers is just plain wrong,” another CA spokesman Bob Gordon, told the paper. “CA has more than 1,500 servers, including mainframe and midrange computers running applications such as Exchange and our corporate Web site, and we back them up daily.”