I'd like to revisit Stephen Garner's observation as it echos my primary
concern with these systems. In and of itself, DRM can be useful within
an organization for implementing retention periods. The primary
impediment internally is if you have the email, but no longer have the
key. AFAIK, there is no case law on this. What I worry about is the
subpoena asking for all "deleted" emails and how the response would go.
"I'm sorry, but our system deleted the key for the "Shred, baby, shred'
email in question. We cannot produce it." I would expect that the
courts would tend to infer spoliation and bad intent if one of those
came to light. I also wonder if you would be compelled to attempt to
decrypt the message. So I guess I'd like to understand how the
documents are removed from the system once the key has been expired.
When communicating between companies, the fact that another
organization can control your retention periods is troubling. This has
been my concern with similar products from Disappearing, Inc. (now
Patrick Cunningham, CRM
List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance