Cool application of Rights Management Server

You probably already know about the Windows Rights Management Server. It allows users to apply controls to their documents and messages; for example, you can tag an email as “do not forward”, and Outlook won’t allow it to be forwarded or copied. This capability is being called Information Rights Management, or IRM. IRM isn’t ironclad– after all, someone who wants to leak information can always find a way– but being able to specify that documents expire, or that they can only be accessed by certain people, is a powerful tool for the documents’ owners. (For more on IRM in Office 2003, see this.) One of the coolest IRM features is that by writing your own XrML templates, you can cusotmize which rights users can grant and how they apply. Sling a little XrML, and next thing you know your users can tag messages with things like “do not forward for 7 days” or “only full time employees can read this”.
The problem is that getting people to use this technology may be difficult. IRM can offer a good way to ensure that sensitive material isn’t accidentally forwarded, disclosed, or kept beyond its lifetime, but only if people use it. Enter Omniva, which makes a nifty server-side product that takes Exchange messages (including those sent with OWA and OMA) and adds XrML to them on the store side to make them IRM-protected. You define a policy once (e.g. “members of the Legal OU should have all mail encrypted, and it should expire after 180 days”) and Omniva does the rest.
For more details on Omniva’s product, see this. They have two white papers (one on the product and one on general retention issues). Check it out.