Office 2003 sparks data retention row

The launch of Microsoft Office 2003 has led to calls for more awareness and better enforcement of corporate email usage policies.

The new information rights management functionality in the latest version of Office is designed to protect against the unintended proliferation of sensitive information.

New features include the ability to limit which recipients can open, edit, copy or even print emails or documents.

But industry experts have warned that this could lull employees into a false sense of security about the management of sensitive corporate information.

Simon Stokes, head of e-commerce law at Tarlo Lyons, told vnunet.com: "The fact that the Microsoft technology allows you to manage email is good, but it does stress the need to have proper data retention and email usage policies and to make sure that employees' email use is consistent with that."

The Financial Services Authority confirmed that it was aware of the issues raised by the technology. "This is a far wider issue, not just for us and not just for corporate use," it stated.

"We do not envisage issuing guidelines on how the technology should be used, but regulatory authorities have to keep pace."

Jamie Cowper, senior technology consultant at messaging specialist Mirapoint, said if it encouraged complacency then it would be a step backwards. And simply including email usage policies employment contracts was not enough, Cowper added.

The prospect of increased controls over sensitive information has benefits in light of corporate governance regulations such as Basel II, as well as in personal email correspondence such as in the Claire Swire case.

But although the features may make it more difficult for sensitive emails to drop into the wrong hands, it does not delete them from hard drives or mail servers.

They can still be viewed by administrators, and companies are still liable if the content is incriminating.

"People also have an uncanny knack of overcoming technical limitations if the information is valuable enough," warned Cowper.

A Microsoft spokeswoman said: "This functionality is to help control the flow of information.

"But information rights management can be defeated by any determined individual and in no way should it interfere with email and document retention policies."