Some organizations have a firm grasp of the regulatory landscape that affects them. They have systems and processes in place to ensure that data is protected and that their I.T. infrastructure and business processes are compliant with the respective mandates and guidelines that impact them. Throwing unified communications into the mix might add some complexity and confusion though. Voicemail may not be required to be retained, but what about when the voicemail is sent to the user as an email attachment. Instant messaging may be a separate issue from email, but when the conversation history from the instant messaging is stored on the email server, the rules may change. Companies also need to be aware of how UC might expose additional risk of data leakage or theft of intellectual property. The risk is nt pervasive in my opinion, nor does it represent a reason to not deploy UC. Unified communications delivers benefits that outweight the risks, and the security issues are really more of a shift in focus than a new threat. Voice communications that were previously separate are now part of the data network, but sound data network security practices remain the same.