E-mail – Take Control or Count the Cost

April 30, 2003

The Problem – e-mail is beginning to undermine the existing investment in expensive centralised document and knowledge management systems, and place unreasonable pressure on fee earners. The root of the first half of the problem is that e-mail employs a ‘user-centric’ access model,- e-mails are associated with users rather than the firm itself or clients of the firm, and can only be accessed through an e-mail client, such as Outlook, together with the relevant logged-in user id. Most other firm-wide systems on the other hand, employ a ‘firm-centric’ approach,- the data is not tied to any individual, but is filed and accessed according to relevant business processes. Law firms, as with most businesses, have invested heavily in centralised databases and document management systems to ensure that everyone with the relevant permissions can access any client file (including the client himself on occasions), and be sure in the knowledge that such electronic file is complete. This has been a key move away from the ever more burdensome paper file, with its associated inefficiencies and long term costs. We are all aware of the liabilities and inconveniences that an incomplete file brings, whether paper or electronic, and yet few appear to have appreciated that the current generation of e-mail systems and the sheer volume of e-mail are making it increasingly likely that not all e-mail is being filed centrally, or indeed at all. E-mail is being ‘allowed’ to operate in a way that runs quite contrary to the core systems and standards of law firms and businesses generally, such that it is now threatening to seriously undermine those systems and standards.

Solicitors’ Practice rule 13(1)

Arguably, the bigger the firm the bigger the issue. Firms will not only see their expensive document and knowledge management systems fatally undermined and the pressure on fee earners increase, but the controls on which law firms rely to maintain standards and protect against negligence claims, bypassed, at a time when PI premiums are generally on the increase. Solicitors’ Practice rule 13(1) requires that the principals in a practice must ensure that their practice, their admitted and unadmitted staff, together with all clients’ matters, are properly and adequately supervised and managed. E-mail is currently the number one challenge to that principle, in a way that post, fax, and (by virtue of its non-permanent nature) telephone, have never been.

The Pressure on Business Processes

I am not aware of much having been written about the ‘user-centric’ nature of e-mail, and the pressure that e-mail has brought to bear on business processes. When the use of e-mail was relatively limited, this didn’t appear to be a problem. The standard written communications policy instructed staff to print out all e-mails and append them to the file, and some no doubt asked that, in addition, every e-mail be save against the firm’s document management system. As the use of e-mail has grown, and indeed reached levels far in excess of the paper-based communications it is supposedly replacing, our files have become thicker and thicker. Fee earners or their assistants are having to make value judgements about when to print-off their e-mail and save the same against the firm’s document management system. The task of accurately capturing the chargeable time associated with e-mail is ever harder. The ‘one liner’ e-mail should be saved centrally along with longer correspondence, and yet no doubt the inclination is to wait for the ‘conversation’ to end before filing the e-mails. Moreover, I suspect that fee earners perceive there to be less concern with e-mail, because we all ‘know’ that there will be a backup if really necessary, and anyway, “I don’t delete any e-mails just in case!”. This is the key point. If the e-mail is not stored against a document management system or in some other centralised system which can be integrated with the rest of the electronic file, the electronic file ceases to be of much use for it will be incomplete. One is unlikely to find out however until too late, when the mistake has been made, the inefficiency shown up.

One solution – Ensure Legal

On the basis that e-mail is here to stay, one way or another it must now be made to ‘fit’ with the existing technologies already implemented by firms, as opposed to just requiring existing applications to be updated to ‘accommodate’ e-mail, with people carrying out the additional administrative tasks where the integration between e-mail and other applications breaks down. It cannot remain the case that this increasing administrative burden surrounding e-mail is levied against fee earners and secretaries,- some automation is required. That will mean a new breed of application to take the largely generic, ‘off-the-shelf’ e-mail software from the two market leaders, Microsoft’s Exchange Server and IBM’s Lotus Notes, and tailor them for the relevant market place. Ensure Legal from Open Orchard, is one such new breed application for the legal market.

Active Policy Management

E-mail has, of course, brought a series of benefits (some of which are more perceived than real), for example ease of use, improved speed of written communication, the ability to exchange documentation digitally, often less formality, and lower costs. Indeed, e-mail has become another business critical application which when it is unavailable, causes serious business interruption. With the reward however comes the potential liabilities and issues of reputation of which most of us are aware. They range from the vicarious liability of an employer for the acts of its employees, poignantly felt by Norwich Union Healthcare in 1997 (£450,000 and an apology), to Claire Swire type infamy, to the rising tide of employment tribunal cases involving bullying and various other types of office harassment, to the increasing use of e-mail in the litigation discovery process. The raft of legislation introduced over the past few years, such as the Data Protection Act 1998, the Regulation of Investigatory Powers Act 2000, the Electronic Communications Act 2000 and so forth, have raised the profile of the legal issues surrounding e-mail. All these issues are of very real import, and organisations should be taking specific, active steps to protect themselves and their employees.

It is from this angle that the Ensure Legal product referred to above approaches the market place. Active Policy Management is the term commonly used which in its most basic mode means taking a firm’s written communications policy (as it relates to e-mail and Internet use), and embodying the rules of that policy into software which sits invisibly alongside the e-mail and Internet client on every pc, such that it serves to guide employees away from breaching the policy, whilst simultaneously protecting them from receiving material that breaches the same. In this way the incriminating e-mail never leaves the pc, nor can the inappropriate e-mail be read (if that is what the firm decides). The firm sets and maintains the rules.

“We liked it so much we bought the .. product”

I became aware of Open Orchard and its Ensure product at its launch at the end of October last year. On sitting down with Open Orchard post launch in my professional capacity, it became clear that Ensure was ideally suited to solving some of the issues which I was experiencing as a solicitor using our e-mail and document management systems, issues which I thought were probably facing the profession generally.

“At its core..”

What makes Ensure so different is that it was written to solve the problems outlined above. At its core is an encrypted, JDBC compliant SQL database which can be set to ‘capture’ every e-mail in and out of the organisation, including attachments. The database can therefore be queried, exported and fully reported upon, the e-mail header information viewed, together with, if required, the e-mail and any attachment. Such a database provides a complete, tamper-proof audit trail, a searchable knowledge repository and an activity log, all of which could be exported (subject always to a user’s authority) to merge with or compliment existing document management, practice management, knowledge management, conflict checking and money laundering systems, extranet facilities and so forth.

At this point, one can begin to see the power, security and benefits that this product would bring to a firm. Retention of certain e-mail in compliance with relevant legal obligations (US tax law for example, or statutory limitation periods). All e-mails which contain a certain term can be identified. E-mails specifically categorised as personal can be identified in the database as such, retained for evidential purposes if required, but protected from being returned in search results except where required for formal investigation purposes (data protection obligations).


The technology incorporated in Ensure Legal, such as its ability in real time (and whether a user is at home or in the office), to examine and seek out in every e-mail and attachment, both sent or received, any text string, whether it be a certain disclaimer type, a profanity or a client/matter number, probably makes the Ensure product unique. It is this technology that powers the Active Policy Management aspect of the product.

A firm sets its own ‘policies’, everything from a generic e-mail usage policy which might encompass the requirement for every business e-mail to include a full client reference, a certain disclaimer and set information about the sender, through to requiring certain e-mails to certain parties or in respect of certain transactions to be encrypted, or digitally signed etc. Chinese walls can be certified as being in place for the relevant periods, regulatory compliance issues managed, trainee e-mails checked prior to sending, team leaders (Heads of Departments etc.) either copied or given access to all e-mails sent and received by their team (automatically), whichever department they may be located in throughout the firm. The list is limited by the ideas of the firm.

Block and Warn

As part of the Active Policy Management Ensure will block or warn a user about the breach of a relevant policy, as required, and copy or route the e-mail to a selected partner or manager, and so forth. The use of a scoring system which can be made as sophisticated as required enables the subtle detection and classification of e-mail types, and can avoid the irritating blocking of e-mail due to the inclusion of one word which in certain contexts might be offensive, but which in others is quite legitimate. All of these functions are fully configurable. The benefit is knowing that fee earners and others are being actively warned before making a possibly costly mistake.

Internet Access

What can be done for e-mail is also covered by Ensure for internet access, making it more flexible than a list-based system which, if not entirely comprehensive, will fall down if a site has not previously been categorised.

Other solutions

Prior to purchasing Ensure I trawled the market for similar products and at the same time considered how it might be possible to utilise our virus, e-mail filtering and exchange server capabilities to achieve the same. Certainly, SufControl and similar products such as MimeSweeper do offer some control over e-mail and web content, but in terms of providing practice-wide visibility and policy control of both inbound and outbound mail, the functionality is somewhat limited. In essence these products satisfy a different need and are quite complementary.

In relation to Exchange Server whilst it is possible to develop multiple rules to effect pseudo policy, managing such a solution is time-consuming, cumbersome and impractical. In contrast the Ensure Legal product provides a cost effective and highly efficient solution.

Take Control

Cumberland Ellis Peirs, as a medium sized practice, is exposed to many of the issues which face the vast majority of the profession. Indeed, whilst the issues set out above are genuine concerns in terms of the maintaining of high standards by the practice, and the retention of the benefits which we already enjoy from our existing IT systems (instant access in the office or at home, by those that require it, to all relevant client information and documentation), such issues must become the ‘stuff’ of nightmares the larger the firm. In a competitive market with ever greater upward pressure on PI premiums, a product that goes straight to the core of helping to manage a relatively unmanaged part of the business, a part with such a wealth of information within it, is welcomed with open arms. To this end Cumberland Ellis Peirs became the first user of Ensure Legal when we signed in February. I hope to be reporting favourably on our experiences in a few months time.

Adam Edwards


Cumberland Ellis Peirs