Home > Ask the Data Storage Experts > Questions & Answers > Email retention policy: A step-by-step approach
Ask The Storage UK Expert: Questions & Answers
EMAIL THIS

Email retention policy: A step-by-step approach

Bill Tolson EXPERT RESPONSE FROM: Bill Tolson

Pose a Question
Other Storage UK Categories
Meet all Storage UK Experts
Become an Expert for this site


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


>
QUESTION POSED ON: 09 June 2006
Can you offer a step-by-step approach to creating a records retention policy for email? What are the most important things to consider?

>
When creating a records retention policy for your company's email, you need to take several things into consideration.

First, the mistake most companies make when creating an email retention policy is not involving all areas of the company in the construction/review process. An email retention policy is not just a legal document, it will effect employee productivity company-wide. So, the first step is to create a policy group with representatives from all major areas of the company. It is important that you understand how employees use the email system. Do they create their own personal archives? How often do they reference old emails? Understanding these things will ensure you don't put in place procedures that will adversely affect employee productivity.

Second, you need to understand what regulatory or legal factors you are subject to. Is your company in a heavily regulated industry that has existing data retention requirements? For example, banks and other financial institutions have data retention requirements under the Gramm-Leach-Bliley Act, brokers and traders have data retention requirements under the SEC and NASD regulations, hospitals and other medical institutions need to worry about regulations under HIPAA and all publicly traded companies in the U.S. have data retention requirements under Sarbanes-Oxley. These regulations all have retention requirements which include email. Legal considerations mainly revolve around your company's current legal status, i.e., are you in the midst of a court case which could include discovery of company email. It is always best to have an email retention policy in place before legal proceedings.

Third, you need to decide how you will enforce the email retention policy. Are you planning to put an automated email archiving system in place, or will you rely on manual procedures? If you will rely on manual procedures, you will need to include step-by-step email retention instructions that employees can follow and employee training to ensure the policy enforcement. In most cases, an automated email archiving system will ensure policy enforcement and raise employee productivity.

Also, you must communicate the new policy to the employees. Employee communication and training can lower your compliance and legal liability.

Lastly, a good email retention policy should have the following topics:

  1. Effective date
  2. Last change date and changes made
  3. Person or department responsible for the policy
  4. Scope/coverage
  5. Purpose of the policy
  6. Policy statement: This can include a company philosophy statement about the business/legal/regulatory reasons for records retention
  7. Definitions
  8. Responsibilities
    • Procedures
  9. Other retention policy guidelines
    • Duplicate copies/convenience copies
    • Consequences if the policy is not followed
  10. Appendix A: Litigation hold/stop destruction policy including a backup procedure

Do you know…

The benefits of CAS for email archiving?

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



RELATED CONTENT
Related information
Why you should perform data classification
Data classification is end users' job
Buyer's Guide: Data classification tools

Email archiving and compliance initiatives
Mimosa NearPoint email archiving software cuts PST file sprawl at BAM Nuttall
Symantec plans Data Insight software to link storage resources with data owners
Data storage compliance in the UK
Iron Mountain Digital spends $112 million on Mimosa Systems for on-premise data archiving
Training and education key to IT compliance, says Hillingdon's Bearpark
Microsoft Exchange 2010 adds email archiving and high availability features
Dexrex Gear offers cloud instant messaging and social media data archiving
EMC lays out data archiving and eDiscovery plans
Data storage management case studies from SearchStorage.co.UK
The difference between data backup and data archiving

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
Data Protection Act 1998  (SearchStorageUK.com)
Freedom of Information Act 2000  (SearchStorageUK.com)
Information Commissioner's Office (ICO)  (SearchStorageUK.com)
MiFID  (SearchStorageUK.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
Browse our Expert Advice



Enterprise Storage Solutions - SAN or NAS
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2008 - 2010, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts