General discussion


Email Archiving Retention Standards

By jkrebs ·
Hello All - I have been given the task of researching and creating our email archiving retention policies (as well as creating our records retension policies) in preparation of our SAN deployment in the coming months. We are a Engineering and Environment firm here and California an work closely with state and local agencies, so I am assuming that we would have to retain the same policies/regulations that the State must follow. With all the data and info out there, I've become overwhelmed with the task. Has anyone out there dealt with this project before and can give examples of their retention policies? If not, can you point me in the right direction? Thank you in advance as it is much appreciated!!!

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Don't take anything for granted.

by stress junkie In reply to Email Archiving Retention ...

The most important point here is that in the past several years this has become a legal issue. We are not attorneys. Only an attorney can say what does or does not comply with laws and regulations.

Okay so that doesn't help you right now. We certainly can look up requirements but we simply cannot say that this or that policy will comply with regulations. If we give any opinion about regulation compliance that is considered practicing law.

You should be able to ask the IT departments at the agencies that you work with for more information about what they do. I would call them if I were you. Hopefully you will talk to a friendly system administrator.

You could also go to the web sites or call agencies that regulate your business. You could go to a search engine and enter a search for something like "regulations+email" or something like that.

In a lot of cases your email is going to be on your backups along with your financial data. If you are doing data retension based on that then you are keeping backups for seven to ten years. That will probably satisfy email retension requirements as well. In that case your only gap is regarding the emails that are received and deleted between long term backups. (Monthly?)

Collapse -

Standards and Real World

by NoStaff In reply to Email Archiving Retention ...

I'd suggest you search for California Historical society records retention. In Ohio, the Historical society sets forth standards for both electronic records retention and e-mail retention. Finding those standards though is really on a small part of the problem. The real challenge lies in identifying an archiving solution capable of meeting those guidelines.

I agree that you must defer to legal for establishing the policy, but IT must be able to provide legal advice on the praticality of any Policy. Saying, retain all e-mails related to such and such for 5 years is nice, but how is compliance ensured?

This will really come down to a business decision which will have to balance a certain amount of risk versus cost. I can tell you that even at the Government level there is no consensus on compliant solutions. Prepare yourself to explain the capabilities of your existing technology....we can backup nightly...retain tapes for xxx days...force/prevent archive settings...retain deleted for xxx....individual mailbox backup....etc.

I am convinced, that a fully compliant system is one that errors on the side of retaining messages longer than perhaps the companies would like and is truly only possible when the users can be removed from the equation. Therefore, a separate archiving system that is managed by policy rather then individual user actions is required. Even then, there will be risk, retain all for xxx and keyword search messages for yyy will still be open to excpetional cases and will put the company at risk from ahving an e-mail that they would prefer there was no record of.

In the end, I think that is the goal of the compliance standards, retain even if it is bad for your business!

Collapse -

E-Mail Archiving and Records Retention

by LizSeal In reply to Email Archiving Retention ...

These requirements should be coming from your Legal Dept. in writing. In addition to the normal Corporate Records Requirements, which would include how e-mail is treated, there are Discovery Issues that impact retention, and a new law that goes into effect Dec. 1st 2006 called Rule 26.

As long as you are there you might share with them an overview of your current environment and in particular the 'media' for backups and storage and make sure that they understand the impact of recovery on your systems.

You can find more information at Sedona Conference (Education for lawyers), and the 'Encase' website to mention 2 of a number of helpful sites.

Collapse -

Email Rention

by gario In reply to Email Archiving Retention ...

These work for me....

Under Security and Exchange Commission regulations, broker-dealers must keep all correspondence with customers, including email, for 3 years. But, this requirement does NOT apply to anyone else.

Email Retention Guidelines
Email sent and received by an agency can be considered to be state records. It is the content and function of an email message that determines the retention period for that message. Each message must be retained or disposed of according to the retention schedule. Email generally falls into one of the following record series categories:

(1) Administrative Correspondence,
"Incoming/outgoing and internal correspondence, in any format, pertaining to the formulation, planning, implementation, interpretation, modification, or redefinition of the programs, services, or projects of an agency and the administrative regulations, policies and procedures that govern them. Subject to Archival review."

Retention: 3 years.

(2) General Correspondence,
"Non-administrative incoming/outgoing and internal correspondence, in any media, pertaining to or arising from the routine operations of the policies, programs, services, or projects of an agency."

Retention: 1 year.

(3) Transitory Information,
"Records of temporary usefulness that are not an integral part of a records series of an agency, that are not regularly filed within an agency's recordkeeping system, and that are required only for a limited period of time for the completion of an action by an official or employee of the agency or in the preparation of an on-going records series. Transitory records are not essential to the fulfillment of statutory obligations or to the documentation of agency functions. Examples of transitory information are routine messages (can be recorded on any medium, such as hard copy message slips or in an electronic format on email and voice mail); internal meeting notices; routing slips; incoming letters or memoranda of transmittal that add nothing of substance to enclosures; and similar routine information used for communication, but not for the documentation, of a specific agency transaction."

Retention: AC (AC = after purpose of record has been fulfilled).
No Disposal Request is required to dispose of transitory records.

Related Discussions

Related Forums