Auto deletion of emails after 3 months

[Rover321]

My company is implementing the compulsory auto deletion of emails after 3 months. They say one of the reasons for this is that there's a possibility the company could have to pay a charge per saved email for some third party to go through all of a person's emails or something, in certain circumstances. Or if someone hacked into our email system, large quantities of emails means large cost or large risk or something. My company also claims that auto deletion after 3 months will save on IT resources.

Are these risks real? Has anyone heard of companies that do this?

 

[BarkingGhostar]

Sounds like BS. I bet it is more of a case that email cannot be used against them in court of it doesn't exist anymore. Without knowing your email client it is not so easy to make a recommendation, but I can tell you what I do.

My employer uses Outlook for the email client and Exchange for the server. I create a PST file an drop all of my email into it, routinely backing up the PST file. This began because of an absurdly low Exchange allotment of 30-35MB when in my line of work wouldn't last me a week.

Now my employer has changed and the allotment is something much greater, with a vault storage, including for PST files. But there is nothing keeping one from becoming creative in their efforts.

 

[maxi007]

May be the main aim to security purpose is good , is there any option to backup mails separately ?

 

[KB]

Storing emails takes storage and storage is cheap, but not free. We auto delete after 30 days.

 

[Jumpem]

They are deleted after 60 days at my employer. You need to manually save them to a .pst file.

 

[Rover321]

May be the main aim to security purpose is good , is there any option to backup mails separately ?

Nope. Backup and pst files are not allowed.

 

[Fanatical Meat]

I'm going to guess its still archived somewhere, just not easily accessible

 

[Jumpem]

Nope. Backup and pst files are not allowed.

Oh. That's insane then. I regularly review emails sent months prior. It is not uncommon to find forgotten, but useful, information in a years old emails.

 

[mikeymikec]

Bizarre arbitrary policy, IMO it's like deciding that any company files over x days of age should be deleted.

Doesn't this company ever communicate any useful information over e-mail?

 

[Rover321]

Oh. That's insane then. I regularly review emails sent months prior. It is not uncommon to find forgotten, but useful, information in a years old emails.

Well, actually they can be moved to special folder where they get auto deleted after one year instead of 90 days.

I'm trying to find out if auto deletion is standard practice and what the reasons for doing it are. If the reason is to minimize company liability in a criminal prosecution, does a company have the "right to remain silent" and can it require its employees to remain silent.

 

[brianmanahan]

companies do this for legal protection and legal cost reduction. my previous company did this a few years ago, and communicated it as follows:

if a company gets involved in a lawsuit, the court can require them to have a lawyer go through all their emails in search of evidence, related information, etc. if the company doesnt have a lawyer who has time to do it, they have to pay one at an outside legal firm to do it.

this is what had happened to the company - they had so many emails going so far back that they had to pay a lawyer to go through old emails for EIGHT MONTHS. that costed some big $$$.

since there is nothing legally preventing a company from having an email purge policy, they can do it to decrease this type of risk.

the other reason they mentioned is so that dumb things you emailed in the past can't cause personal liability. supposedly there was a guy who had sent an email about the fire alarm system for a building projects. he wanted it to be a better one, and in an email argument he said "if some little kid dies when that building burns down, it'll be all your fault!" were that email to be discovered in a lawsuit, it could have had some serious implications.

 

[Rover321]

companies do this for legal protection.
this is what had happened to the company - they had so many emails going so far back that they had to pay a lawyer to go through old emails for EIGHT MONTHS. that costed some big $$$.

If the company isn't guilty then the cost should be paid by the other party, otherwise the company is being effectively fined without justification. A court shouldn't have the right to impose that kind of cost to a company.

 

[lxskllr]

If the company isn't guilty then the cost should be paid by the other party, otherwise the company is being effectively fined without justification. A court shouldn't have the right to impose that kind of cost to a company.

Why do you hate freedom?

 

[brianmanahan]

If the company isn't guilty then the cost should be paid by the other party, otherwise the company is being effectively fined without justification. A court shouldn't have the right to impose that kind of cost to a company.

well they might have been guilty, i am not sure

but if there is potentially incriminating evidence and you can systematically get rid of it to minimize risk, why not? it doesn't make sense not to.

 

[Rover321]

Why do you hate freedom?

37000 posts!!!!! Why do you hate sunshine?

 

[lxskllr]

37000 posts!!!!! Why do you hate sunshine?

I probably have more hours outside than everyone currently browsing this forum put together. Don't be wise and beautiful woman. If you don't like email policy, get a job somewhere else, or start your own company.

 

[KK]

I think my PST file is 10-12 GB with a 11+ year retention.

 

[sdifox]

It may actually contravine SOX.

 

[Rover321]

I probably have more hours outside than everyone currently browsing this forum put together. Don't be wise and beautiful woman. If you don't like email policy, get a job somewhere else, or start your own company.

If you don't like my response then confine yourself to making constructive comments instead of silly comments. I never said I didn't like the email policy, I'm trying to find out the reasons for it and what standard practice is.

 

[unokitty]

My company is implementing the compulsory auto deletion of emails after 3 months. They say one of the reasons for this is that there's a possibility the company could have to pay a charge per saved email for some third party to go through all of a person's emails or something, in certain circumstances. Or if someone hacked into our email system, large quantities of emails means large cost or large risk or something. My company also claims that auto deletion after 3 months will save on IT resources.

Are these risks real? Has anyone heard of companies that do this?

Court decisions, cost concerns drive growth in business for e-discovery firms

 

[mikeymikec]

I probably have more hours outside than everyone currently browsing this forum put together. Don't be wise and beautiful woman. If you don't like email policy, get a job somewhere else, or start your own company.

Initially I thought you two were sharing an inside joke... now I'm just going to back away quietly...

 

[ultimatebob]

It may actually contravine SOX.

Yeah, doesn't Sarbanes-Oxley require publicly traded companies to store their mail for 5 years?

 

[lxskllr]

Initially I thought you two were sharing an inside joke... now I'm just going to back away quietly...

He was positing a fantasy scenario. There's no guarantee of winning court costs in adversarial proceedings. The way things /should/ be isn't reflected in reality. The reality is you're lucky if you don't end up in jail, and your assets remain mostly intact.

 

[Mark R]

Are these risks real? Has anyone heard of companies that do this?

There are genuine risks like this in some jurisdictions.

For example, in some areas, there are regulations which require that a company hand over any personal data about a specific person, to that person on request for no charge (or a minimal charge, like $10 max). That could include e-mails about them, etc. So, theoretically, it could be a business risk to have to search tons of e-mail, search backups, etc. In practice, most regulations like this, only apply to "active" data - stuff that could be searched or pulled up in "reasonable time", and they don't apply to long-term archive tapes held off-site.

At the same time, there may be privacy laws that prevent a company from holding private data about a person after it becomes "irrelevant", and that it may be a crime for the company to continue to hold that data. Where laws like this are implemented, the guidance is that no personal data should be kept after the point when a legal claim would be time barred. For example, if you are a customer of a bank, the bank can keep your statement data for as long as you are a customer, but when you leave, they can only keep the statements for as long as they need to defend a law-suit from you - if your state puts a limit of 6 years on a lawsuit, then they need to delete the data after that time.

In practice, this type of policy is usually put in place to try an minimize the amount of "damaging" data that could be released in certain events. This can include a malevolant or disgruntled employee publishing large e-mail archives which could be a PR disaster, "discovery proceedings" in law suits (which can require the company to turn over anything and everything, including retrieve historical archive tapes, etc.), etc.

Historically, the "responding comapny" in a lawsuit had to pay the costs of "discovery" requested by the other side, e.g. retreiving data from backup tapes, restoring old IT systems (e.g. if a company migrated from Novell mail to MS outlook), technically if they had the old Novell mail on tape backups, they could be required to build a new Novell server and import the old tapes, so that they could turn over the e-mail for use by the other side as evidence against them). In practice, there are now legal systems in place so that "requester pays" in certain circumstances. Even so, however, the costs of a law-suit can be massive in terms of man-hours needed to provide the relevant data.

 

[Rover321]

There are genuine risks like this in some jurisdictions.
[snip]

Awesome information. Thankyou.