General discussion


Email Retention Practices/Policies

Looking for a good resource for common/best practices for email retention policies.
I am currently in the process of trying to develop new Email retention policies. Currently the different divisions are handling this in a variety of ways .I have to bring hem all together under one policy. The more I look for industry best practices the more I realize that there are still a lot of companies that do not have a retention policies specific to email.

There is so much to consider:
Legal requirements
Backup and storage
PST file management
Sarbanes Oxley
Instant messaging
Etc, etc?

Is an email archiving solution really the best way to go?

If anyone of you has gone through this process, I would appreciate any resource or insight on this subject you may have.



This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Take my advice, I'm not using it.

by faradhi In reply to Email Retention Practices ...

Your electronic document (which includes email) should match your paper retention policy.

However that is as far as I have gotten. I am still trying to convence management they need an electronic retention policy.

Collapse -

Different situations, different solutions

by amcol In reply to Email Retention Practices ...

First, you may be putting the cart before the horse. You don't say in your post but it's important to consider where the motivation for such a policy is coming from. If this is something you've unilaterally and independently decided is a good idea, you're right...and you must immediately stop. Document retention is a policy that MUST have senior management buy-in, and you MUST get the highest levels of your organization to take on sponsorship of your effort if that's not already the case. If you don't, you'll go down in flames.

The previous poster is correct. Electronic and paper documents should be treated the same. Documents are documents are documents.

Many organizations are going to a one year retention policy. In the most extreme case all documents are deleted after one year, with the exception of those that are required by law to be retained longer (such as tax returns). Less extreme is a formal and enforced policy that all documents must be reviewed after one year and certified for retention. Those that aren't are deleted.

If you're in private industry you have a lot of choices, if you're in government you don't. NARA (National Archives and Records Administration) has a boatload of rules about how to handle documents. Their basic policy is nothing gets deleted ever, since everything is part of the historical record.

Generally speaking organizations have become acutely aware of what the lawyers call discoverability, which means if a document exists you can be required to produce it in the event your organization is the subject of a legal action. You can avoid the bullet if the subpoened document has been deleted.

You have a cultural issue to deal with as well, which is the natural human/professional desire to hold onto everything. Most people think there are two kinds of documents...useful, and potentially useful. We hate throwing away anything because, of course, the moment you shred something is the exact moment you'll actually need it. This is a mindset you can't ignore and will be your biggest problem implementing your policies.

Even if you're not in government you might want to check out the NARA guidelines. They've done a very thorough job researching and promulgating all kinds of policies with regard to document retention, deletion, and management.

Collapse -

Not Your Call...

by f-4076287 In reply to Email Retention Practices ...

You may only bring the subject up to your upper management, specifically the CFO and CEO. They will decide whether you retain email at all, and for how long. If you retain mail without telling them about it, you open them and your company up to problems larger than you can imagine.

Related Discussions

Related Forums