Slashdot Mirror

← Back to Stories (view on slashdot.org)

Are There Any Smart E-mail Retention Policies?

Posted by timothy on from the don't-use-email-any-more dept.

An anonymous reader writes "In an age of litigation and costly discovery obligations, many organizations are embracing policies which call for the forced purging of e-mail in an attempt to limit the organization's exposure to legal risk. I work for a large organization which is about to begin destroying all e-mail older than 180 days. Normally, I would just duck the house-cleaning by archiving my own e-mail to hard-drive or a network folder, but we are a Microsoft shop and the Exchange e-mail server is configured to deny all attempts to copy data to an off-line personal folder (.PST file). The organization's policy unhelpfully recommends that 'really important' e-mails be saved as Word documents. Is anybody doing this right? What do Slashdot readers suggest for a large company that needs to balance legal risks against the daily information and communication needs of its staff?"

4 of 367 comments (clear)

  1. How about the reverse problem? by HitekHobo · · Score: 4, Interesting

    The IT staff at my former employer saved copies of all email that went through the server... indefinitely. No, they didn't tell employees they were doing it. And yes, they had a search engine so they could do across the board searches of whatever terms seemed interesting at the time.

    I find it interesting that different companies are going to different extremes. Some are limiting their exposure by trying to delete all mail and others are saving all mail in order to be able to comply with court orders (or perhaps just get a bit big brother-ish.

    For a REALLY strange twist, the company I'm speaking of forced employees to maintain mailboxes under 100MB... while the server admins never deleted a single email that hit the server.

    --
    A couple of 30-somethings embark on the ultimate roadtrip
  2. Project Completion and Architectural Decisions by StandardCell · · Score: 5, Interesting

    A balance needs to be struck between the negatives of two strategies:

    * Perpetual archiving of e-mail - wastes server disk space, increases tape backup volume, and (more notoriously) can leave "clues" that predatory litigators salivate over.
    * Non-archival of e-mail - internal accusations and decisions can't be resolved, difficult to track decisions and their history, circumventable by printing the e-mail with headers.

    The solution is as follows:

    1. Digest only the final decisions of e-mails and the essential reasoning thereof, or make a digest of the decisions in a collaborative project wiki where buy-in from the stakeholders can be tracked.

    2a. Upon project completion (ISO9000-type project gating), archive all project files, documentation and essential digest e-mails.
    2b. Simultaneously destroy all other e-mails using secure forensically-unrecoverable techniques to prevent accidental recovery by thieves.

    3. Any other e-mails regarding general architectural or administrative decisions which have implications for future development in the company should be digested, placed on a company wiki, and then the remainder securely destroyed.

    Using this method, any questionable or potentially illegal decisions can be greatly avoided or reduced from a purely legal perspective while retaining sufficient information to continue operations and development. This policy won't end all legal issues, but the key is to have procedures that are centered around the guise of IT efficiency and operational simplicity to purposely dispel any other alleged intent by third parties that expressed or implies destruction of future evidence.

  3. Re:imap? by Skrapion · · Score: 5, Interesting

    It's not unreasonable in such a litigious society.

    In a litigious society, wouldn't it be best to save all of your email, so you can use it to protect yourself in court?

    If you're deleting all your email, then the only evidence that will come out in court will be from the people suing you.

    --
    The details are trivial and useless; The reasons, as always, purely human ones.
  4. Re:Horrible policy by magusnet · · Score: 4, Interesting

    One reason companies implement retention policies is to reduce the "e-discovery" costs. A 12-36 month retention does not mean a company is try to hide anything. It just means they don't want to pay $1,000-$10,000 per Gigabyte of data that has to be examined for inclusion and exclusion in the lawsuit. The discovery phase costs of a lawsuit can financially cripple a company event if they are innocent. Peoples uneducated responses on this topic that "they must be guilty if they're deleting emails" are about as valid as the Bush administration's claims that only criminals and terrorists should be concerned about wire tapping.