E-mail retention policies..

S

Sasiki

2[H]4U
Joined
Apr 10, 2005
Messages
2,818
I have heard from 2 people this week that the Government has passed some kind of email retention policy law. I've "googled" it and didn't come up with anything that caught my eye. Does anyone know any details on this or should I just ignore it?

They said something about keeping e-mails for 1 year. If that's the case, there's my excuse to build a new e-mail server for the company :)
 
Hmm.. interesting. I've got like 70 e-mail users in the company and we rotate backup tapes every 2 weeks. The only tracks of e-mail we have are those tapes and whatever the user doesn't delete off of their system. This doesn't sound like it's in compliance, does it? Or is it really something to worry about?
 
I think this is going to be bigger than anyone can imagine.

A quote from the article. "In addition to e-mail, companies will need to know about things more difficult to track, like digital photos of work sites on employee cell phones and information on removable memory cards, he said." and "The change makes it more important for companies to know what electronic information they have and where." So now ANY electronic data needs to be stored in a fashion that is organized.

This almost deserves a repost or a title change. I breezed by this posting the first time, because I know we have a strict policy in place for E-mail already, but taking a look at ALL E-data and the ability to reference it is another story.

Looks like it's time to buy stock in Harddrive and SAN manufactures. If you add this up for the total US, it has the potential to be huge.
 
Yeah I'm now having to look at bringing one of my clients hosted exchange service in house and buying quite a few hard drives for storage. they aren't too happy about the money they need to spend.
 
but like i said before, this is only going to happen if the case goes to federal court.
 
we had a over 100 million dollar lawsuit concerning some ex employee vs the company go to court. there was some legal discovery process going on, and the CTO of the company was telling me "please... do what you can to find this email database... if you cant hundreds of millions of dollars are at stake..." long story short... i found it... and i never heard about us paying out for some lawauit.

on the flip side, im sure retaining this information can do just as much legal damage in the other direction as well. *shrug*

we also have an indefinate retention on all email backups. we might spend 200 grand a year just in LTO tapes, but the amount it saved us last year makes it look like nothing.

last, its also funny how when people quit, they delete everything in their email database. i guess they dont know how nightly backups work :)
 
Problem I'm running in to... My clients are small businesses one has 20 employees the other has 4. They don't want to spend the start up money to fit this new law.
 
im sure it doesnt mean that there has to be indefinate retention for all US business. the main point of pretty much all SARB-OX legislation is accountability. you have to have a documented policy on your method of retention. if you have a 2 week retention, and you get sued, you better have a damn good reason as to why you are only able to produce 1 week of evidence that has been sopenaed.

changing your internal policy to 1 week the day before your trial isnt going to look good either.

it really all just boils down to accountability.
 
RiDDLeRThC said:
They don't want to spend the start up money to fit this new law.
Click to expand...

Why would they need to spend any money? These rule changes do not require you to make backups of your email, they have to do with discovery requests
 
pigster said:
Why would they need to spend any money? These rule changes do not require you to make backups of your email, they have to do with discovery requests
Click to expand...

the bulk of legal discovery, focuses on emails.
 
 
This may get a little interesting. I don't understand all of that legal writing mess though. Hopefully one of us will find it in plain English somewhere. From what I've read though, they aren't saying you have to keep documents for "x" number of months / years. It seems that you just have to reproduce documentation when it is requested, which could mean several years back.

Well, I also saw something that said as long as your data retention policy states 2 week retention, as long as you have 2 week retention, you're good to go, but that it could lead to losing a case if an important document from last year could have waivered it one way or the other.
 
This is an important issue and I would love to see a detailed discussion on the topic. Everything I've read has been fairly glossed over. For instance, what constitutes mail that has to be archived? Do we have to save every message, including SPAM for X number of years.

Any tech-lawyers scanning the board want to help? ;)
 
Is this thread worthy of a temporary sticky with a renaming of the subject? This is an issue that directly affects a lot of the board members' internal networks as well as clients, and has the potential to save one of us millions of dollars in a federal court case.
 
You must log in or register to reply here.
Back
Top