Slashdot Mirror

← Back to Stories (view on slashdot.org)

Document Retention And E-mail

Posted by ryuzaki0 on from the what-goes-around-comes-around dept.

innocent_white_lamb writes "An interesting column by Jim Carroll about email within companies, document retention, how hard it is to actually get rid of an email, and how all of this can come back to bite you later on. "

2 of 174 comments (clear)

  1. Offshore email servers (not just with HavenCo) by rdl · · Score: 5, Informative

    (Disclaimer: I'm cofounder and cto of HavenCo, an offshore colo and supporting services company on Sealand)

    This is one of the main reasons people put email servers offshore now, even if they're operating onshore. This got started with HavenCo's gaming clients, but we now have general-purpose mail server customers who just want to company with their existing onshore document retention policies without the risk of someone subpoenaing their mail server and then trying to recover the disk.

    One of the features I'm working on now is some basic intelligence to detect out-of-character behavior by a mail server client -- such as attempting to download all messages, which would indicate they've been subpoenaed. If that happens, then we would attempt to contact the customer and get positive confirmation that they are *not* being investigated before allowing the transaction to continue. It's a trade-off between allowing normal function and protecting against legal attacks.

    Perhaps an extension of normal document retention policies for companies can be to keep them locally for 3-6 months, then move them to offshore "cold storage" where they will only be released when the offshore agent holding the files is certain a request is not due to legal duress. Trade a bit of latency for a lot of security, and otherwise the documents get destroyed anyway.

  2. Government email by Eric+Damron · · Score: 4, Informative

    The email for my State government is covered under the freedom of information act.

    What this means is that anyone can walk into any State agency and under this act require that the agency provide copies of it's email.

    There is a charge to cover costs and a waiting period to allow the information to be gathered.

    This can cause real problems for agencies that delete email without a policy covering the removal of this information. Basically, if the agency deletes email without such a policy they can be required to "recover" their email. If they don't have the expertise to do so they can be required to contract out to a company who does have the ability. This could cost them tens of thousands of dollars.

    Better to have a policy and to stay within the guidelines!

    --
    The race isn't always to the swift... but that's the way to bet!