Network admins.. What is your policy on E-mail retention?

[DnetMHZ]

I was asked to develop a corporate policy for email retention/deletion. What I am looking for
is a general idea on what is a good time period for forced deletion or archiving of E-mails.
Can anyone who has a policy like this in place give me some suggestions as to where to start?


Thanks
DnetMHZ

 

[SarcasticDwarf]

I know that Pinnacle West has a policy of NOT retaining any e-mails. It will be a liability if you do so.

 

[Garion]

90 days for us.

- G

 

[Soybomb]

It sounds like quite a pain to keep them, and as dba said, an additional liability. I realize it may not be an option in all companies, but my personal preference would be to allocate each employee a certain amount of space, let them be automatically notified as it fills, and for it to be their responsibility to keep enough free space. When an employee leaves, change the account password and keep the account active for say 3-6 months and forward that mail on to the appropriate people. I suspect larger companies may not have as much flexibility in policy though.

 

[MysticLlama]

I keep e-mail 45 days after it's deleted just in case someone deletes something (the most recent being a whole folder of client communications) and then needs it back.

Since the VPs and up here tend to go on long vacations or trips to trade shows, it has happened before that they've been gone just a hair over 30 days, so I bumped it to 45.

 

[wlee]

If you are not required by some policy, don't keep Archive Email. If it's known that you retain it, then it can be Subpoenaed.

 

[dbwillis]

Exchange and Outlook at my work.
We have Exchaneg automatically delete any item over 90 days and put it into the Deleted Items folder, then once thats emptied it can be recovered for 7 days, then after thats its gone forever...

 

[chsh1ca]

Originally posted by: wlee
If you are not required by some policy, don't keep Archive Email. If it's known that you retain it, then it can be Subpoenaed.

Where do you work that you have to worry about that sort of thing?

We do indefinite here, but we're a smaller company, and principally I am the offender when it comes to large amounts of email (I receive more emails in a single day than the rest of the company does in a week -- thank you SecurityFocus!).

 

[Smilin]

Our policy is 60 days then it gets deleted. This has been told to us by HR and our lawyers. You want something pretty short so emails can't come back to haunt you in a court case - just ask Mr. Gates.

 

[Smilin]

Originally posted by: chsh1ca

Originally posted by: wlee
If you are not required by some policy, don't keep Archive Email. If it's known that you retain it, then it can be Subpoenaed.

Where do you work that you have to worry about that sort of thing?

We do indefinite here, but we're a smaller company, and principally I am the offender when it comes to large amounts of email (I receive more emails in a single day than the rest of the company does in a week -- thank you SecurityFocus!).

Where do you work that you DON'T have to worry about that sort of thing? This has been standard policy for most corporations since the MS Antitrust case revealed how damaging old emails can be. You might want to ask your corporate lawyer (or CEO if you don't know who the lawyer is) what he thinks of this.

 

[piasabird]

We use lotus notes and basically all Email is on the server by default. We limit storage by the physical size of the storage. Of Course anyone can archive their own on their hard drive.

It is misleading to say you do not have a storage of email on your server. I was under the misconception that all email goes to a server and then you retrieve it. Under microsoft, you can set options of whether to remove email from a server or leave it there. Also whether to delete it after so many days, mark it read, etc.

Keep in mind that if you back up the server, you may be backing up the Email!

If you do not want the email backed up exempt the email from the backup, and only back up the applications.

In some networking environments when you delete something on a server it goes to a special part of the server like a network trash can and is not really deleted yet! This is kind of like an emergency recovery system.

 

[hagrin]

45 days as well here.

 

[spidey07]

Um...there are laws that require you to retain certain computer information and archive it. Check with your legal department first because it is different for different industries.

Also the new Sarbanes Oxley act (spelling?) changed a bunch to include even more retention.

-edit- pulled a snipit from an article on how to prepare for it. I'd highly recommend speaking with your autitors and lawyers.

An archiving and auditing process for retention, archiving and destruction policies. (Documentum launched a records management practice a few weeks ago.) Such corporate policies are at the heart of SOX legislation, Miller says, and related requirements for internal and external auditors and organizations to retain appropriate records including email. The solution includes physical records and all electronic records, (e.g. PowerPoint, Web pages, xml files, email, all managed as records).

 

[DaiShan]

We have all of our users archive their .pst's to a server drive and it is stored indefinitely, pst's can't generally exceed 1.5 or 2gb (depending on system) before needing to be split, and most users don't keep anywhere near that ammount of mail saved.

 

[randal]

I work at an ISP and we keep zero copies of any email. IMAP stuff is at your own risk, and POP3 is never cached on any server -- once it's downloaded, it's gone from us forever.

randal

 

[SLEEPER5555]

personally in my opinion 30 days or earlier if deleted from outlook for larger companies 10 days

 

[chsh1ca]

Originally posted by: Smilin
Where do you work that you DON'T have to worry about that sort of thing? This has been standard policy for most corporations since the MS Antitrust case revealed how damaging old emails can be. You might want to ask your corporate lawyer (or CEO if you don't know who the lawyer is) what he thinks of this.

Canada, and in a company that as far as I'm aware isn't doing anything underhanded that old emails could cause problems for, which is what I'm getting at.

Originally posted by: SLEEPER5555
personally in my opinion 30 days or earlier if deleted from outlook for larger companies 10 days

Umm, I need to keep that mail longer than that, as I've had customer support requests that I need to keep record of last longer than 10 days.