Simple E-Mail Retention Policy
-
We recently had a legal issue at work where the owner needed to provide email communication to and from a client who is trying to sue our company.
They needed emails that went back to when we were still on POP3 and local PST files and needed emails from an employee who is no longer here and PST files were deleted long ago.
So flash-forward to now. We are all on Office 365 Enterprise E1 plan and the inboxes all have 50GB of space and even with people with 20,000+ emails or more, they aren't even close to filling them up. Some still auto archive to a local PST but I want to get a uniform policy.
SO, looking for some tips on a simple email retention policy. We know any job related communication with a customer should be kept. Enforcing a user to keep job related emails may be tough.
And should we still auto archive to a PST considering we have so much online storage and may not run out for many years?
Thanks...
-
A good, simple policy is something like "all email is deleted after two years." Legally you are only required to keep emails as long as your retention policy states. So a key legal protection is to have that length of time be short. This also keeps people from using their email as a storage system and keeps things cleaned up. The longer you retain email, the more risk you have.
There are just two key things that you need to do:
- Set a retention policy that works for your business
- Stick to it and don't make exceptions, once you do you are liable for more
So the general rule is, make it as short as you can and make it auto-delete so that you have no responsibility for old emails legally.
-
@scottalanmiller said:
A good, simple policy is something like "all email is deleted after two years." Legally you are only required to keep emails as long as your retention policy states. So a key legal protection is to have that length of time be short. This also keeps people from using their email as a storage system and keeps things cleaned up. The longer you retain email, the more risk you have.
There are just two key things that you need to do:
- Set a retention policy that works for your business
- Stick to it and don't make exceptions, once you do you are liable for more
So the general rule is, make it as short as you can and make it auto-delete so that you have no responsibility for old emails legally.
Do you still recommend local Archive PST's if they want to keep them longer? The emails for this legal case went back about 4-5 years.
-
@scottalanmiller said:
A good, simple policy is something like "all email is deleted after two years." Legally you are only required to keep emails as long as your retention policy states. So a key legal protection is to have that length of time be short. This also keeps people from using their email as a storage system and keeps things cleaned up. The longer you retain email, the more risk you have.
There are just two key things that you need to do:
- Set a retention policy that works for your business
- Stick to it and don't make exceptions, once you do you are liable for more
So the general rule is, make it as short as you can and make it auto-delete so that you have no responsibility for old emails legally.
I am poking around out Office 365 E-Mail settings to see what options I have there...there are a lot.
-
Since your using Office 365 make Microsoft be your Retention Host. They even have a subscription feature for just this case. And the reason i say this is PST files are easily lost, as desktops or laptops will die.
And having to export those from the users system, to your network shares or archiving solution will become a burden on your behalf.
-
@scottalanmiller said:
A good, simple policy is something like "all email is deleted after two years." ..This also keeps people from using their email as a storage system and keeps things cleaned up.
I find this causes people to print out e-mails and put them in filing cabinets. Or drag messages into file directories. Both of which are less clean rather than more clean than letting people keep them forever in their mailbox.
-
I currently using GFI's archiving facility with our Exchange server. This also works with O365 and after hearing about Microsoft losing @scottalanmiller 's e-mail, I'm now inclined to keep the service when we migrate to O365. That way, as well as satisfying our retention desires, it also provides a backup in case Microsoft screw up. It's about $1.50 per user per month.
It is a bit flaky though, so I'm not sure I'd recommend it.
-
@Carnival-Boy said:
I find this causes people to print out e-mails and put them in filing cabinets.
I caught a user doing that once. Never happened again.
We also post a big notice above the printer about not printing email.
-
@garak0410 said:
We recently had a legal issue at work where the owner needed to provide email communication to and from a client who is trying to sue our company.
They needed emails that went back to when we were still on POP3 and local PST files and needed emails from an employee who is no longer here and PST files were deleted long ago.
So flash-forward to now. We are all on Office 365 Enterprise E1 plan and the inboxes all have 50GB of space and even with people with 20,000+ emails or more, they aren't even close to filling them up. Some still auto archive to a local PST but I want to get a uniform policy.
SO, looking for some tips on a simple email retention policy. We know any job related communication with a customer should be kept. Enforcing a user to keep job related emails may be tough.
And should we still auto archive to a PST considering we have so much online storage and may not run out for many years?
Thanks...
Out of curiosity what does the "C-Level" staff say about email retention. As @scottalanmiller mentioned you are only legally liable for emails outlined in your retention policy (unless you are mandated by certain laws to keep more then X years.) Does your management staff want to keep emails past a certain point?
-
Stay away from PST files. They are easily lost, in all senses of the word.
You may also find less and less support for them in Outlook and Exchange.An archive (GFI, Symantec, Microsoft etc) is the way to go.
-
@coliver said:
@garak0410 said:
We recently had a legal issue at work where the owner needed to provide email communication to and from a client who is trying to sue our company.
They needed emails that went back to when we were still on POP3 and local PST files and needed emails from an employee who is no longer here and PST files were deleted long ago.
So flash-forward to now. We are all on Office 365 Enterprise E1 plan and the inboxes all have 50GB of space and even with people with 20,000+ emails or more, they aren't even close to filling them up. Some still auto archive to a local PST but I want to get a uniform policy.
SO, looking for some tips on a simple email retention policy. We know any job related communication with a customer should be kept. Enforcing a user to keep job related emails may be tough.
And should we still auto archive to a PST considering we have so much online storage and may not run out for many years?
Thanks...
Out of curiosity what does the "C-Level" staff say about email retention. As @scottalanmiller mentioned you are only legally liable for emails outlined in your retention policy (unless you are mandated by certain laws to keep more then X years.) Does your management staff want to keep emails past a certain point?
My boss lives and dies by her email. She constantly reminds me how how he went back 8+ years in email to find something she talked about with someone, etc, etc...
-
@Dashrender said:
@coliver said:
@garak0410 said:
We recently had a legal issue at work where the owner needed to provide email communication to and from a client who is trying to sue our company.
They needed emails that went back to when we were still on POP3 and local PST files and needed emails from an employee who is no longer here and PST files were deleted long ago.
So flash-forward to now. We are all on Office 365 Enterprise E1 plan and the inboxes all have 50GB of space and even with people with 20,000+ emails or more, they aren't even close to filling them up. Some still auto archive to a local PST but I want to get a uniform policy.
SO, looking for some tips on a simple email retention policy. We know any job related communication with a customer should be kept. Enforcing a user to keep job related emails may be tough.
And should we still auto archive to a PST considering we have so much online storage and may not run out for many years?
Thanks...
Out of curiosity what does the "C-Level" staff say about email retention. As @scottalanmiller mentioned you are only legally liable for emails outlined in your retention policy (unless you are mandated by certain laws to keep more then X years.) Does your management staff want to keep emails past a certain point?
My boss lives and dies by her email. She constantly reminds me how how he went back 8+ years in email to find something she talked about with someone, etc, etc...
Good grief, she must have a massive mailbox.
Is she a grudge keeper by any chance? -
@nadnerB said:
Good grief, she must have a massive mailbox.
Is she a grudge keeper by any chance?I probably shouldn't, but I archive her mailbox out yearly to PST files that I keep on the network. Her live mailbox is around 2-3 gigs.
Grudge keeper - nah, she's pretty good about that kinda stuff. She just constantly looking up old questions she's posed to lawyers, staff, etc. And by constantly, I'd say once or twice a month.
-
@Dashrender said:
My boss lives and dies by her email. She constantly reminds me how how he went back 8+ years in email to find something she talked about with someone, etc, etc...
Yeah, I'm the same. I have pretty much every e-mail I have ever sent or received since I first got e-mail in the late nineties. So that's nearly 20 years. I will occasionally delete e-mail I have received, but I never, ever, delete e-mail I have sent. You never know when it will come in handy
Mind you, some of my outstanding helpdesk tickets (the ones with the lowest priority) are over 10 years old.
-
Ah ha, I see. If it's Lawyer related, definately an advantage keeping everything.
I really don't like PST files. I have found them prone to corruption. -
Yes, but as previously mentioned, keeping email for the sake of keeping email is pretty bad, especially if it's likely to be subpoena'ed.
If this information needs to be saved for some other purpose, a better solution has to be out there. Granted - I'm not sure what it is. There probably is no better solution for the email chain than the email system itself.
I considering is one of the major issues with data today - how to store and sort it all. Google has made decent strides in their updates to Google Photo, making it easier to find specific people in photos, create timelines in photos, etc. But the mass of data that can exist in email is much more difficult to remove from email and put into another system, yet maintain the integrity of the email stream, etc.
-
At another company, all inbound/outbound emails are logged into an archive which are then searchable by the team, excluding emails used by Directors.
So for us support guys, if client says "you promised me bla 6 months ago" we can quickly find it.
Or if they say they never asked us to block Facebook, boom, here is the mail showing that they did request it.
Email archives are incredibly useful.
-
@Dashrender said:
Yes, but as previously mentioned, keeping email for the sake of keeping email is pretty bad, especially if it's likely to be subpoena'ed.
This is assuming that your company is or will do something bad, so let's make sure there is no evidence lying around.
It sounds like, let's get rid of the CCTV in case our CEO is caught on film doing something naughty. Don't understand the logic behind this.
-
@Breffni-Potter said:
@Dashrender said:
Yes, but as previously mentioned, keeping email for the sake of keeping email is pretty bad, especially if it's likely to be subpoena'ed.
This is assuming that your company is or will do something bad, so let's make sure there is no evidence lying around.
It sounds like, let's get rid of the CCTV in case our CEO is caught on film doing something naughty. Don't understand the logic behind this.
That's one way to look at it, another way is just not having to deal with the excess storage, or search requests (which can be time consuming). Keeping less email can also cause less need for CYA for the sake of CYA, sometimes creating a better work environment.
-
@Breffni-Potter said:
@Dashrender said:
Yes, but as previously mentioned, keeping email for the sake of keeping email is pretty bad, especially if it's likely to be subpoena'ed.
This is assuming that your company is or will do something bad, so let's make sure there is no evidence lying around.
It sounds like, let's get rid of the CCTV in case our CEO is caught on film doing something naughty. Don't understand the logic behind this.
Not quite. It's that there is little good but lots of risk to come from having old emails. Why increase liability if you don't need to? Why store old emails if you don't need to? Why retain records that are potentially dangerous for no reason?
Keep in mind, that if you store too much email, the risk might not be that you did something bad, but that someone accuses you of it and you are not liable for storing, retrieving and searching all of that email. Proving you didn't do something is harder the more email you have to verify to do it.
