Forgot your password?
typodupeerror
Communications Data Storage

Are There Any Smart E-mail Retention Policies? 367

Posted by timothy
from the don't-use-email-any-more dept.
An anonymous reader writes "In an age of litigation and costly discovery obligations, many organizations are embracing policies which call for the forced purging of e-mail in an attempt to limit the organization's exposure to legal risk. I work for a large organization which is about to begin destroying all e-mail older than 180 days. Normally, I would just duck the house-cleaning by archiving my own e-mail to hard-drive or a network folder, but we are a Microsoft shop and the Exchange e-mail server is configured to deny all attempts to copy data to an off-line personal folder (.PST file). The organization's policy unhelpfully recommends that 'really important' e-mails be saved as Word documents. Is anybody doing this right? What do Slashdot readers suggest for a large company that needs to balance legal risks against the daily information and communication needs of its staff?"
This discussion has been archived. No new comments can be posted.

Are There Any Smart E-mail Retention Policies?

Comments Filter:
  • imap? (Score:3, Interesting)

    by JeffSh (71237) <jeffslashdot@mTOKYO0m0.org minus city> on Saturday July 26, 2008 @07:33PM (#24352477)

    if your orgs exchange server has their imap connector enabled, you can use a different client that doesn't follow the commands of the exchange server to pull emails, but it sounds to me like your org is smarter than that.

    • thats what I would go for IMAP next would be pop3 if they have disabled both of those services which they would not usually...

      then connect up Entourage on a mac and simply drag and drop alternatively evolution on a linux vmware

      failing that simply forward all the mail to gmail or free email account that you can search in a instant... but no one know about...(if you are smart you will configure outlook to use the gmail (or free provider) as the sending email server so things dont go out through the exchange s

    • by OAB_X (818333)

      *most* email clients can interface with exchange servers through POP3/IMAP.

      My old place of employment used Exchange, and I saved every email in Thunderbird for years.

      If they have stopped all 3rd party POP3/IMAP access, don't allow you to export PST files, and Entourage on a Mac (w/Exchange support), all don't work, I can't think of anything you can do.

      Except, maybe just maybe finding the original PST file that outlook creates and you copy that to a flash-drive or something. If that file is not encrypted, yo

    • by vrmlguy (120854)

      I just use VBA to sweep my emails and store them someplace else.

  • Don't do anything illegal, then the company doesn't have any thing to hide right?

    I recall several big cases then went up because of someones 'little black book' in pencil and paper, so purging emails is really a waste of time anyway. Besides we could always plant emails we need on your server anyway.

  • adaptation (Score:4, Insightful)

    by Lord Ender (156273) on Saturday July 26, 2008 @07:38PM (#24352531) Homepage

    The end result of all the bullshit lawyers try to shove on people who actually produce things for a living is the same. We route around it. This policy will cause people to use webmail, alternative email clients, IM, and other technologies to get on with getting work done, while the lawyers remain blissfully ignorant.

  • by xlr8ed (726203) on Saturday July 26, 2008 @07:39PM (#24352539)
    Print every email you get, I'm sure it won't effect your bonus.
    • And I do hope you are joking.

      • by jbengt (874751)
        He might have been joking, but when we first got e-mail, and especially when the server started to fill up, our company actually had a policy that we should print out all e-mails and delete them as soon as we got them.
        Currently we have a loosely enforced policy of moving all e-mails to job folders set up on another server, so the e-mail server won't clog up.
      • by uniquegeek (981813) on Saturday July 26, 2008 @10:39PM (#24354013)
        My company gets a lot of material for jobs via email. The email gets printed out and attached to a carbonless job form. The details from the email are written on the job form (plus extra details we need to do the job). When the job is done, this paper monstrosity is sent to billing, including the email. On top of this we want to search the details of the job, so we scan the docket into the computer after the job is done. We scan the email as well. So what started out as 8KB of text ends up as 300KB-800KB of images, with a lot of extra work in between. Never underestimate to power of business to create work.
    • Re: (Score:3, Informative)

      by caluml (551744)
      If something affects you, it has an effect on you. But you can also affect a funny accent, and you can have personal effects. Hope that's cleared things up for you.
  • by SoapBox17 (1020345) on Saturday July 26, 2008 @07:40PM (#24352561) Homepage
    Cheating, as the author suggests, is a bad idea. The company is doing this for a reason... to protect themselves from extra BS when they get sued.

    If you don't want to have to go through that extra BS (believe me, you don't) and/or you don't want your company or yourself getting in even more legal trouble when they deny something exists (because it shouldn't according to their policy) when it really does (because you didn't follow the policy) then don't be an ass. Do what they tell you like a good little minion.
    • by HitekHobo (1132869) on Saturday July 26, 2008 @07:57PM (#24352731) Homepage

      The IT staff at my former employer saved copies of all email that went through the server... indefinitely. No, they didn't tell employees they were doing it. And yes, they had a search engine so they could do across the board searches of whatever terms seemed interesting at the time.

      I find it interesting that different companies are going to different extremes. Some are limiting their exposure by trying to delete all mail and others are saving all mail in order to be able to comply with court orders (or perhaps just get a bit big brother-ish.

      For a REALLY strange twist, the company I'm speaking of forced employees to maintain mailboxes under 100MB... while the server admins never deleted a single email that hit the server.

      • Re: (Score:3, Interesting)

        by truesaer (135079)

        My former company began archiving all email permanently due to some lawsuits, and it was the best thing that ever happened to me. FINALLY that 12MB limit on email disappeared. I never could figure out how a major tech company couldn't manage a quota higher than 12MB in this area of cheap storage...

        • It's IO. If you don't use a database driven e-mail program, large inboxes hit the disk really hard. Thus you need major IO to have large quotas. We have this problem at work currently. We run sendmail for a number of reasons, the main one being that we got e-mail waaaaaaay back in the day when it was pretty much it. Regardless, we are still on it and thus IO is a significant problem in terms of large inbox quotas. We need to move to a database driven solution, but such a move isn't easy and isn't free and t

    • by Boricle (652297) on Saturday July 26, 2008 @08:10PM (#24352847) Homepage

      Here is the thing I don't understand...

      This is a double edged sword.

      It is nice that you won't have incriminating emails around so that people can find them during discovery.

      but what happens when you need those same emails that are over 180 days old that would have EXONERATED you?

      I guess you just have to say... "oh well, sorry, we don't have a copy of the [warning/caution/acceptance] that puts us in the clear..., I guess we're screwed".

      • by caluml (551744)

        what happens when you need those same emails that are over 180 days old that would have EXONERATED you?

        It doesn't matter, because you're innocent until proven guilty, right. Right?

        • by Bazar (778572)

          That's the criminal courts your thinking about.

          The civil courts are more then happy to award judgment on evidence that is less then concrete. As such loosing a letter that exonerates you could cost your company quite badly in the pockets.

      • by radarjd (931774) on Saturday July 26, 2008 @09:16PM (#24353433)

        but what happens when you need those same emails that are over 180 days old that would have EXONERATED you?

        I guess you just have to say... "oh well, sorry, we don't have a copy of the [warning/caution/acceptance] that puts us in the clear..., I guess we're screwed".

        It's a fair question, and one I've certainly struggled with. Ultimately, you have to come up with a balancing of the possibilities. On one hand is the possibility that an email over 180 days exonerates you and on the other is an email over 180 days old that sends your executives to prison. The calculation may be that it's harder for someone to prove you guilty, than to be forced to prove yourself innocent. Apparently the balance for this company is at 180 days. That's a bit short for my taste, but that's what this company has decided.

      • by Vengie (533896) on Saturday July 26, 2008 @09:18PM (#24353451)
        This is why some investment banks save everything. They create a rebuttable presumption that if they don't have it, it doesn't exist. (Often helpful when the other side alleges there is a "smoking gun")
      • Absolutely... (Score:3, Insightful)

        by raftpeople (844215)
        I recently came out of a bankrupt company, e-mail was critical in a variety of cases including disputes with the liquidators, the records saved us many, many dollars.
      • by thsths (31372) on Sunday July 27, 2008 @04:02AM (#24355953)

        > but what happens when you need those same emails that are over 180 days old that would have EXONERATED you?

        Well, obviously this company has decided that old emails are much more likely to work against them, and this even overrides the loss of productivity due to important emails going missing etc. I really wonder what kind of business this company is in, and what their business strategy is :-(

        Or maybe it is just one CEO that knows something funny went on, and now he/she is trying to destroy the evidence whatever the cost.

      • by mpe (36238)
        but what happens when you need those same emails that are over 180 days old that would have EXONERATED you?

        Or simply that the emails in question contain information you need more than 180 days later...
  • Let it be deleted (Score:4, Insightful)

    by jolyonr (560227) on Saturday July 26, 2008 @07:52PM (#24352657) Homepage

    Seriously.

    Let the 180 day limit on email remain as 'someone elses problem'. How many times do you really need to get an email six months old? You'll end up with a cleaner, faster and less stressful mailbox.
     
    Of course, there may be the odd email you need, so every week why not look at the oldest week's worth of mail in your mailbox, and anything you REALLY have to keep, just forward it to yourself. Then it will stay in your mailbox for another 180 days. But try to only forward the things that are vital.
     
    Of course you may be able to forward to an offsite mail account, but I'm assuming that isn't allowed. No company is going to restrict you from forwarding emails to your own company account.
     
    Jolyon

    • by jd (1658) <.imipak. .at. .yahoo.com.> on Saturday July 26, 2008 @08:04PM (#24352783) Homepage Journal
      I often find I need e-mails that are 10-15 years old. I haven't retained everything over that time, but what I've retained is both interesting and useful. Frivolous emails are certainly deletable. But the non-frivolous stuff? That leaves a lot of stuff whose value does not deprecate with time. In the end, knowledge is its own currency, and those who choose to throw that currency away simply make themselves poorer.
      • Email, you're doing it wrong.

        Email is not a store for information - it's a means of communication. I admit that I also archive email (well since Gmail opened anyway) but if someone emails me a phone number - it goes in the address book, if I get emailed a solution to a problem, it goes in a wiki. Email has not been easily tagged/searchable till recently - most clients are still terrible!

        I do not understand this mentality of people who use email as a 'to do list' or 'archive of information'. It excels at

        • Re: (Score:3, Insightful)

          by shawn(at)fsu (447153)

          I save emails for the same reasons I would save regular mail. If I think it's something that I will need later to CMA then I'm saving it. I should imagine that saving the whole email and not just the text will lend credibility to my side if someone tries to say they never sent/received "that" email.

          Since I don't what will come back up 5 years from now I tend to save all of it.

          • by sumdumass (711423)

            Speaking of five years from now, I settled on a debt about 4 years ago that I was a cosigner on and got stuck with. I negotiated the settlement over email and while there were hard copies mailed, I had the emails where the account manager said everything was received, cleared, and everything was completely settled. About 8 months ago, the same debt came back up and while I couldn't find the snail mail letters, I did have the emails and presented them for the record. They were a little hesitant but ended up

        • by Dan541 (1032000)

          I do not understand this mentality of people who use email as a 'to do list' or 'archive of information'. It excels at neither of these.

          It's because we're lazy.

          It's just easyer to leave it where it is than to move it elsewhere. Ill admit I have used email as a notepad while on the phone and emailed it to myself on numerous occasions.

      • by Shados (741919)

        Step 1: get OneNote (part of Office 2007... in office 2003 it was a stand alone product and it sucked anyway)

        Step 2: Print to OneNote (think of it as a PDF printer that lets you organize stuff).

        Problem Solved.

    • by barzok (26681) on Saturday July 26, 2008 @08:59PM (#24353283)

      How many times do you really need to get an email six months old?

      It's saved my ass more than once. There are few things more satisfying than having a project manager start an email tirade against you because she thinks you didn't tell her about a change that needed to be made later in the year, and being able to forward that old email to her and tell her "yes, I did tell you about it, I even sent you the documentation for it way back when."

    • by jbengt (874751)

      How many times do you really need to get an email six months old?

      I regularly work on projects that last more than a year, and often work on projects that last as long as seven or more years. The longer ones often start and stop or even go on hold for months at a time (or longer). Having the old emails that I can read through often helps me manage the job. Also, if issues come up, being able to definitively say, e.g., "I sent you such-and-such on this date" can settle things quickly, and even allows me to

    • How many times do you really need to get an email six months old?

      Approximately twice a month. Any project manager would probably have the same experience. Email is my primary repository for project information, and for a fair amount of system configuration information. I store passwords, addresses, system configurations there. Why? Because it's password protected by a password that I know is solid, is accessible from anywhere I need it, (via Outlook Web, yeah, I know, shudder, go fuck yourself), and I

  • by unassimilatible (225662) on Saturday July 26, 2008 @07:52PM (#24352661) Journal
    Destroying e-mail - something that used to be a good idea - can now be a crime even absent an active criminal investigation. For firms affected by Sarbanes-Oxley, you'd better comply with e-mail retention rules [s-ox.com].

    And for those of you libertarian-for-yourself, statist-for-big-companies types out there, this is what happens when the government pokes its nose into regulating business; they don't just make Microsoft's life miserable. All aspects of life and business will be intruded upon. That's just how Big Nanny works.
    • Re: (Score:2, Interesting)

      by Anonymous Coward

      Never mind SOX. We ran into this at a company I used to work for. Afer getting hit a few times they decided to implement a 30 day clean out. Important messages were to be printed out. (Oh yeah, they were so cheap that most departments were stealing paper from other departments)

      Then someone mentioned that email was used to track changes to military contracts and when dealing with government stuff, had to be retained as well as backed up.

      The lawyers were literally sending out memos on this hourly with one gro

    • by Anonymous Coward on Saturday July 26, 2008 @08:55PM (#24353249)

      Destroying e-mail - something that used to be a good idea - can now be a crime even absent an active criminal investigation.

      Unless the email is destroyed on an ongoing basis as part of a clear and documented policy, which makes it perfectly legal.

      Sounds exactly like this "ask slashdot" question.

    • As I understand it, you have to have a policy that is compliant with the law, and be able to show that you've consistently followed that policy.
    • Re: (Score:3, Informative)

      by Tuoqui (1091447)

      Just say you misplaced the emails. It worked for the Whitehouse and President Bush.

    • Bring in a lawyer and ask about Sarbanes Oxley, the changes to federal e discovery requirements and your industry specific requirements. Computerworld had a good article about the changes to federal e-discovery here: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9001219 [computerworld.com] For an example, the FAA has the opinion that copies of all written communications to them should be maintained in the format it was sent. So, a fax would be held on to and an email to them would not be deleted.

      "The organization's policy unhelpfully recommends that 'really important' e-mails be saved as Word documents." By that logic, any disgruntled ex-employee can create a Word document with outlandish claims. Then claim it's a copy of an email. Your organization's written policy just opened that avenue of legal attack.

      You said large company. Why not capture and archive all e-mail messages -- incoming, outgoing and internal? This approach provides the strongest assurance that all relevant e-mail messages are being captured. It will help increase the confidence of internal and external auditors and regulatory authorities in the integrity of the resulting audit trail. If not, then you do run the risk of a judge impsing a fine because you could not produce evidence.

  • by ScrewMaster (602015) on Saturday July 26, 2008 @07:54PM (#24352695)
    Are There Any Smart E-mail Retention Policies?

    Retain (store) email just long enough to forward it on to the destination server.
  • Not a bad idea? (Score:4, Insightful)

    by Xest (935314) on Saturday July 26, 2008 @07:55PM (#24352709)

    I tend to see e-mail as something you use for temporary exchange of messages and tasks/information held therein, not something to be used to archive material.

    I'd argue the company's policy isn't actually far wrong, surely anything over about 180 days is something that is more suited to permanent archiving anyway?

    I'll admit when I was working in tech support and I had our corporate Microsoft keys e-mailed me I kept them in my personal folders for a couple of years but realistically I have to admit I think these would be better placed in an information repository suited to more permanent store of information.

    The company does then of course run the risk of people storing data that puts them at legal risk in that information repository instead however!

    I'm not sure though that there are many circumstances where an e-mail client needs to act as a long term information store. I find it's generally the case that if you need to store it for a long while, it'll almost certainly be something that others in your company will need access to should you get hit by a bus tomorrow and as such, maybe shared folders (with appropriate permissions) are a better choice than personal folders?

  • by toxic666 (529648) on Saturday July 26, 2008 @07:55PM (#24352711)

    You left out something very important. Is your large company publicly traded in the US? If yes, it could be looking at violations of Sarbanes-Oxley if they really are purging (and not retaining) e-mail "in an attempt to limit the organization's exposure to legal risk."

    But that is likely not the case. It is more likely the company is trying to limit the amount of data stored on its Exchange system. Adding storage and additional backup capacity is expensive. Implementing a policy that requires end users to keep the size of their mailboxes down does not work, because many people insist they need every bit of those six years of archived e-mail; people use e-mail as much for CYA as doing real business. So, this solution was selected. If it really is important, make the end users do some work to keep it and don't force the company to re architect its storage system to keep years of CYA and personal mail.

    • Re: (Score:2, Informative)

      by Anonymous Coward

      I'm posting as AC because I'd probably end up fired for mentioning this.

      We keep emails essentially forever. Our company uses its own email system, though it used to use exchange (and people still want to keep using it, despite the fact that it sucks ass). Everyone has 25GB of email space, with more if you request it (and, I assume, are approved for it).

      If there's something you don't want potentially showing up in a court room you shouldn't be emailing it in the first place. You don't know if the other perso

    • I've got to tell you, I think you're incorrect here. I work for a Fortune 500 company and I happen to manage the storage and backup group (in addition to some other responsibilities). It's true that backups cost something, especially if you'll retain them for a while (and we retain things 'forever', because our legal people actually like to be able to go back and find email -- it's been more helpful to our defense than the other side's case). At this point, backing up Exchange makes up 25% of our total b

      • by Rakishi (759894)

        However, there's a very easy way around that, that the original poster mentions -- you can keep your own PSTs. Doing so shifts the responsibility for backing up that email from the backup group to the user. For example, I copy everything to PSTs on my laptop, which (intentionally) does not get backed up.

        Except that most user laptops/desktop should be backed up and not having a backup policy in place seems just idiotic to me. In other words the backup group STILL has to deal with the data except now it's in a different format. As you pointed out in the end this will result in using even more space for backups (that 10mb file will take up 100mb of backup space).

    • by Anonymous Coward on Saturday July 26, 2008 @08:26PM (#24353021)

      Deleting email is just fine with Sarbanes Oxley as long as you have a specified policy and follow it to the letter. It would be okay to have a policy that email is auto-deleted after 30 days, if your company wanted to do that.
      What is specifically NOT okay is deleting email once an investigation is underway or if there is reason to believe you will be investigated. In those cases, you have a duty to preservce evidennce. if you delete email under these circumstances for example, the judge may instruct the jury to assume that the email was incrimating or may rule summarily against you. Either way, your company is hosed.

      • by sumdumass (711423)

        Lets not forget that this isn't just a criminal or regulatory matter. (Investigation seems to limit it that way. I don't know if that was intentional or accidental or just the way I read the post.)

        It goes for civil cases too. If your best client decides to sue or you think he will, you have to preserve the same too. It can be criminal, regulatory, or civil action or the potential of any or all of them that triggers the preservation rule.

        Otherwise I agree with everything you said.

  • by st0rmshad0w (412661) on Saturday July 26, 2008 @07:56PM (#24352723)

    That email belongs to the company, not you. As someone who accumulates 90% of his work stress from dealing with employee email usage atrocities (please don't email an mp3 mix cd image to 150 of your closest friends from your workstation, kthx), let me tell you what's wrong with your plan.

    Its company property, governed by the policy in place for whatever reason, feel free to violate the policy if you don't want your job.

    Not to mention what will happen if it comes to light that you are violating policy during a discovery proceedure, especially if it comes to light because you brilliantly decided to forward critical confidential company correspondence to somewhere like a Gmail account.

    Brilliant. Really. Good luck finding a job after that.

    • Re: (Score:3, Insightful)

      by mschuyler (197441)

      Ha ha not funny. I had to laugh at this. A few years ago I was still mapping drives. I had the "H" (Home) actually-network drive for everyone mapped to one of my servers (huge drives, the server was named Moby Fred) which allowed me to backup everyone's stuff every day pretty nicely on autopilot at night. Also, if someone's box failed I could swap it out with a standard install and not worry about their saved stuff being lost 'cept for maybe bookmarks too bad eat shit. But my nightly backups started to fail

    • by carlzum (832868)
      The parent is a little abrasive but his advice is spot-on. Seriously, don't try to circumvent your company's email retention policy. If an email contains information or attachments that may be of value for some remote reason, save it in another format. Add every contact to your address book and you won't have to search your messages for an address. If you're continually inconvenienced and it's making your job harder, you won't be alone. In that case the policy should be relaxed eventually.

      If you're worri
  • by StandardCell (589682) on Saturday July 26, 2008 @08:04PM (#24352797)
    A balance needs to be struck between the negatives of two strategies:

    * Perpetual archiving of e-mail - wastes server disk space, increases tape backup volume, and (more notoriously) can leave "clues" that predatory litigators salivate over.
    * Non-archival of e-mail - internal accusations and decisions can't be resolved, difficult to track decisions and their history, circumventable by printing the e-mail with headers.

    The solution is as follows:

    1. Digest only the final decisions of e-mails and the essential reasoning thereof, or make a digest of the decisions in a collaborative project wiki where buy-in from the stakeholders can be tracked.

    2a. Upon project completion (ISO9000-type project gating), archive all project files, documentation and essential digest e-mails.
    2b. Simultaneously destroy all other e-mails using secure forensically-unrecoverable techniques to prevent accidental recovery by thieves.

    3. Any other e-mails regarding general architectural or administrative decisions which have implications for future development in the company should be digested, placed on a company wiki, and then the remainder securely destroyed.

    Using this method, any questionable or potentially illegal decisions can be greatly avoided or reduced from a purely legal perspective while retaining sufficient information to continue operations and development. This policy won't end all legal issues, but the key is to have procedures that are centered around the guise of IT efficiency and operational simplicity to purposely dispel any other alleged intent by third parties that expressed or implies destruction of future evidence.
  • "A strange game. The only winning move is not to play. How about a nice game of IMAP?"

  • by empesey (207806) on Saturday July 26, 2008 @08:19PM (#24352931) Homepage

    I don't know how often I've saved my own can by retrieving an email from someone denying one thing or another or if a project goes south due to additional requests. By demanding that all requests be in written form or in email, I can produce a paper trail of all the requirements for a given project. As developers, we do nothing unless we have an official request. This limits our responsibility when things go over budget or behind schedule.

    Deleting emails when a project is over is not necessarily a good idea, either. Patterns of irrational and poorly thought out requests can be produced over a long time period and this can also be used to cover one's caboose or even to give priorities to scope creep during crunch time. If things are going slow and they want some feature added in, we might be more inclined to meet that request. But if we're facing hard deadlines, we can push back and make the requester decide which are the most important features to add.

  • by duffbeer703 (177751) on Saturday July 26, 2008 @08:19PM (#24352937)
    Email != a document repository. If you need to keep something, print as a PDF or store it somewhere more appropriate.
    • by acvh (120205) <geek@msciAUDENgars.com minus poet> on Saturday July 26, 2008 @10:00PM (#24353747) Homepage

      Email != a document repository. If you need to keep something, print as a PDF or store it somewhere more appropriate.

      Perhaps in your parochial world. I'm on assignment in a company that uses Lotus Notes as it is intended to be used, and email is just one more document in a database that is accessible through many views, some of which are not a mail box. Works quite well.

      On my last assignment the company routed EVERY email to an archive database, on the advice of their lawyers (not in house, real lawyers).

    • Re: (Score:3, Insightful)

      by binaryspiral (784263)

      Email != a document repository. If you need to keep something, print as a PDF or store it somewhere more appropriate.

      I couldn't agree more. If you got interesting or useful data - make a wiki, use sharepoint, or get it somewhere that will make it useful.

    • Email != a document repository. If you need to keep something, print as a PDF or store it somewhere more appropriate.

      I disagree.

      Once you remove email from the mail server, you loose quite a bit of it's (informational) value.
      * the header information is lost.
      That includes information like:
      * when
      * from who
      * who else got the email
      * the text and attachments tend to g

    • Re: (Score:3, Interesting)

      by Degrees (220395)

      Just a funny/sad story here. So an email in GroupWise is just a record in a database. The space left in the record is greater than 2,000 bytes after the pointers and subject line are filled in. If the body of your message is less than 2,000 bytes, the whole message is just one database record. If the body of your message is greater than 2,000 bytes, the first chunk is stored in the database record, and then an overflow file is created.

      BTW - I hate HTML email. Doubles the size of every message, practical

  • Go with the flow (Score:4, Insightful)

    by dave562 (969951) on Saturday July 26, 2008 @08:19PM (#24352941) Journal
    If the information is important enough to keep around after six months then it should be documented either as a policy or white paper. It seems that what your organization is attempting to do is to limit email to functioning as a communications medium. They don't want your Exchange servers to be an information repository. I can see the logic in what they are doing. In all seriousness if you haven't acted on information in an email in six months it either wasn't that important, or you're not staying on top of your responsibility. If it is information that needs to be kept because it is integral to the functioning of your department then there are better places than email to keep that information.
    • by CAIMLAS (41445)

      I agree with you, but...

      Sometimes, email really is the best way to track things, especially when your email client is being used as an information "portal" by people other than yourself. For instance, feature requests, bug reporting, and project discussions. Each department, and sometimes even people within a department, use their email differently due to the different roles they hold.

      Such a policy can be very disruptive for people such as, say, front end support, employee satisfaction, HR, and so forth whi

  • by PhearoX (1187921)
    My company has been doing this for years, but our policy is only 90 days. I do go ahead and copy any 'really important' emails into OpenOffice documents, but these are few and far between.

    I find that the best way to get policies changed is to emphasize their faults. When my company started docking pay for not submitting a change request to reboot a broken production server, I basically started submitting change requests every time I had to take a shit. This policy hasn't changed yet, but I guarantee it w
  • Have the corporate lawyers tell you what you need to save.
    That's the simple part for you

    Save it. Not so easy, often, but there are plenty of tools. I'm not paid by anybody to market them to you.

    If you're with a business that has clear legal needs to save electronic correspondence, I'm surprised you haven't already been getting the sales pitch. Or maybe your executive team has been.

  • by iminplaya (723125) <iminplaya.gmail@com> on Saturday July 26, 2008 @08:30PM (#24353055) Journal

    Yes. I save them in notepad.

  • Retention policies are generally set by counsel. If you violate that it's generally at your own risk.

  • You need to consider what information is in these emails and what needs to be done with that information. Example, from my last job in a Helpdesk/IT Officer for a small business:

    Email Type -> Where it goes
    Request for help from IT -> Send to our helpdesk system
    Serial number from supplier for appliction -> Save to our IT Auditing software, print out and file
    Information on fixing a program -> Print out if needed soon, and copy information to our procedure manual folder on the network.

    Look a
  • Document retention policies ought to follow the IRS document retention guidelines. 5 years at a minimum.

    Avoiding liability under SOX by failing to report the improper operation of the corporation and destroying the evidence is a bad, bad idea.

    I expect spoilation sanctions for any document destroyed before the IRS standards.

  • by Anonymous Coward

    Are there any good retention policies out there? No. The good retention policy is to save what you need, delete what you don't. Which is not a policy at all.

    What would I recommend for a corporation? Don't use e-mail at all. If you refuse to follow that advice, use a system that deletes on first read and cannot be used to create copies (harder than it seems).

    There are several reasons for keeping mail. At the top of everyone's list is self-preservation. It's important to be able to prove that this or t

  • Several enterprise content management systems (like LiveLink, that I hate) support almost transparent email integration. You could forward your mail to an "email folder", and let whatever records management module (and retention policy etc) take place.

    I saw someone mention forward mail to wiki, that you can also do with LiveLink discussion boards (not an endorsement for LiveLInk).

    Point is, moving it into an ECM brings it to whatever corporate records management has re policy and such.

  • Horrible policy (Score:5, Insightful)

    by agpc (1083779) on Saturday July 26, 2008 @09:52PM (#24353677)
    As an attorney who practices e-discovery, I can tell you that any company which implements the policy described above better hope to god they never find themselves embroiled in multi-state class action litigation. Sooner or later, they will run into a judge who views the destruction of evidence for the express purpose of avoiding liability as a bad thing and they will lose the case. A policy designed to protect the company from litigious plaintiffs will have the opposite result and create huge awards for the plaintiffs. If you work for a large company which has been sued in major litigation, you should probably assume that all of your e-mails will be read by an attorney at some point and write your e-mails accordingly.
    • I am not an attorney but in a past life I was a computer consultant who did e-discovery for litigation plaintiffs attorneys. Although not in the field, its become my understanding that as of late it is actually required under recent Federal rules to retain your e-mail.

    • Re:Horrible policy (Score:4, Interesting)

      by magusnet (951963) on Sunday July 27, 2008 @04:10AM (#24355991)
      One reason companies implement retention policies is to reduce the "e-discovery" costs. A 12-36 month retention does not mean a company is try to hide anything. It just means they don't want to pay $1,000-$10,000 per Gigabyte of data that has to be examined for inclusion and exclusion in the lawsuit. The discovery phase costs of a lawsuit can financially cripple a company event if they are innocent. Peoples uneducated responses on this topic that "they must be guilty if they're deleting emails" are about as valid as the Bush administration's claims that only criminals and terrorists should be concerned about wire tapping.
  • You're a Microsoft shop, using Outlook and Exchange. Setting up a sane retention policy on top of that is nightmarish, especially for people whose business memory is stored in email. Data security isn't just protectng yourself from lawsuit issues, it also involves protecting your users from storage failures and database corruption. Exchange is notorious for these issues, and throwing more money and hardware and failover equipment at it doesn't solve the fundamental problem of corruption of years of work in

  • I am sorry as hell to put it like this but I have seen basically 80% of the responses stating that you should break the policy, ignore the policy, inane comments like "dont work for criminals" or that the legal team is stupid.
    Okay - having implemented one of these from being someone on a cyber security team, I know first hand what goes on behind the scenes and everything that goes on. Our company implemented one of these projects. 180 day retention for USER email boxes. If you need to keep something fo
  • Can you just set up filters for any messages you want to save for more than 180 days, then forward them to an address you use to archive them? There are lots of emails I want to keep for more than 180 days, but not too many I need to respond to after that time, so I wouldn't care if they were actually in Exchange or not.

    Forgive me if there's some kind of group policy that restricts doing something like this, but I've worked at some pretty large orgs and never run into it. I'm sure it runs counter to company

  • The purpose of the policy is to protect the company. This may be from litigation or from the cost of a fishing expedition -- think of the cost of having to pull everyone's every email *from backup*. Discovery permits the lawyers to go through your every backup because there just might be an email in there that proves their case and you might have deleted it.

    If you have a policy that is generally followed that states when emails are deleted, you save yourself a lot of grief. But. You also need to have a proc

  • 21 day mail retention and a 30 Meg mailbox size. It is great for booking holidays because after the first 21 consecutive days, it doesn't matter how much longer you are gone because the volume of email will never really get that much greater.
  • by TheLink (130905) on Sunday July 27, 2008 @03:41AM (#24355889) Journal
    How many cases have there been where email evidence was used out of context or misinterpreted by the courts/jury so that the innocent got hurt?

    How many cases have there been where email evidence was used to nail the guilty bastards?

    So tell me, is it really a good thing for emails to be deleted?

    What does it tell you about the company? It has lots of guilty bastards? Do you want to continue working in such a company? They could blame _YOU_ for something and if you're innocent where's the evidence to protect you? If you're keeping your evidence against company policy have a nice day ;).

    As for personal emails, I try to keep most personal emails. Hard disk space is cheap, so why bother taking the time to figure out whether an email is important or not?

    You might not even want to bother deleting spam - some people keep a store of spam so that they can test/tune antispam systems/filters.

    Lastly, I think many people do work with projects that last more than 6 months. Sometimes your memory might fail, sometimes your boss's memory might fail, sometimes your colleagues forget.

    And sometimes when people ask the same questions it's convenient to just dig out the reply/explanation and resend it (email programs should have a decent and fast search - kmail is too slow). If it keeps happening maybe you put it in a FAQ somewhere and then you might add a link to it ;).
  • what e-mail isn't (Score:3, Interesting)

    by Tom (822) on Sunday July 27, 2008 @06:15AM (#24356379) Homepage Journal

    Frankly, examine your work-processes. E-Mail is not a general filing system, or a task-management system, or anything else that would require you to keep stuff around forever. In fact, doing so is - according to my observation - the #1 reason why most people can't use mail productively.

    A tiny fraction of mails actually needs to be kept around for a long time, and I have a folder for those. It's on the order of 0.01% of the total volume. If I had to export that in some format, be it word, .txt or whatever, it would be a tiny hassle.

    For everything else, I'd be happy to get the stuff I haven't needed for the past six months automatically deleted, because the chance is 99.99% that I won't need it anymore, anyways, and looking through the pile to check for things that I might still need takes away my valuable time.

  • My policy (Score:3, Interesting)

    by stewbacca (1033764) on Sunday July 27, 2008 @10:22AM (#24357713)
    My policy is read the damned email then delete it. If it has something important in it, I put it in my calendar or contacts or I do what the email is requiring to be done. Is that really hard? People who hoard email aren't half as important as they think they are.

"Just Say No." - Nancy Reagan "No." - Ronald Reagan

Working...