|
A Policy Primer
While there are no standard guidelines for email retention outside regulated industries, there are some basic considerations. Gable recommends that organizations make retention decisions based primarily on content rather than time frame or employee function.
James Geis, director of integrated solutions development for Forsythe Technology Inc., an IT consulting firm based in Chicago, recommends that a retention policy examine why information is created in the first place, how the information is relevant, and whether the information is a legal or a business record. Then, based on how frequently the information needs to be accessed and by whom, policy authors -- a cross-sectional group representing legal, compliance, end users and IT -- should determine how long the information should be retained.
You may want to establish different time frames for different kinds of information. Business records may need to be kept for five years, but a presentation for the quarterly sales meeting -- or any item needed for reference only in the short term -- can be kept for two years. Finally, there needs to be a deletion strategy. Should every single copy of an email be purged after a certain amount of time, or do you want to keep a copy of everything on tape for the foreseeable future?
Ultimately, practice makes perfect. A retention policy is only as airtight as the processes that ensure it's adhered to.
A three-year retention policy won't keep 5-year-old messages stored on a user's hard drive free from the prying eyes of opposing counsel. That's where archiving systems come in. "The reason people buy email archiving," says D'Arcy, "is to minimize risks associated with legal, downtime and compliance."
Megan Santosus, a former senior editor at CIO Decisions, is now a features editor for SearchDataCenter.com. Write to her at msantosus@techtarget.com.
|
