Usability - Productivity - Business - The web - Singapore & Twins

eMail Retention Policies

David Ferris, principal and founder of Ferris research sums up The State of Email Retention Schedules. It seems to me, that a lot of organisations follow the motto: Ignorance is bliss. However when looking closer it doesn't look like ignorance anymore, rather confusion on many forces/interests pulling into different directions:
  • IT management likes to keep retention periods short. Short periods require less storage, less computing power to search and analyze the stored data and offer less data (read cost) that might get subjected to a discovery phase (which in Anglo-Saxon jurisdiction typically has to be paid for by the company)
  • Legal likes to keep retention periods short. Less data stored means less risk in a discovery phase.
  • Legal likes to keep retention periods long. Since the opposite party might be able to produce electronic communication, having retained the other end can help to verify if that exhibit is genuine.
  • Record keepers like to keep business records as required by law. Now this is a big discussion. Are eMails business records? This is actually the wrong question (it is the same as: is paper a business record - depends what is written on it). The right question: What emails are business records and how to (auto) discover their business record nature? Also: most acts covering electronic transactions require non-repudiation provisions. Means: emails (given their content makes them business records) need to be retained before users can touch them (for incoming) or after they are finished composing them (for outgoing). So retention ideally happens at the router using proper rules.
  • Knowledge Management likes to keep retention periods long. A lot of corporate knowledge is stored (or would "is hidden" be more accurate?) in email systems. With the right tools that can be harvested easily. However outdated information isn't KM relevant, so retention should not be too long.
  • User don't want to be bothered. They have enough work to do and want systems that are fast (which would call for short retention) and can produce any information (calling for long retention). In an ideal world the system would take care itself.
  • IT vendors love long retention periods. They mean: more customer attention, more budged, more consulting, more hardware. But well: dentists like rotten teeth too.
In any case: without an retention policy in place corporate management stays liable for any violation of compliance. With an implemented policy (where implemented means: defined, communicated, taught and enforced) it turns into the individual employees responsibility. One important aspect: I believe eMail has reached is zenith as corporate communication tool. Social software like blogs, wikis, discussion boards, team sites and instant communication (SMS, Twitter, online chat, etc) needs to be included in retention policies.
What is your policy?

Posted by on 15 January 2009 | Comments (1) | categories: Software


  1. posted by David Killingsworth on Tuesday 17 February 2009 AD:
    This is the number one issue from a messaging management position in our environment and it differs from country to country.

    No matter what we do, we are always running out of disk space on servers.

    We have someone on our team working full time on implementing operational archiving with AXS-One. Compliancy capturing was put in almost 2 years ago, but it's taken almost 2 years to get operational archiving in place.

    We have another someone on our team who is pretty much working full time on manually creating mailbox archives for users on various servers. He typically contacts 5 to 10 users a day and asks then if he can create a server archive for them and suggests a retention date, and depending on whatever they agree on, he manually creates the archive and sends them the archive database link to add to their desktop. This has also been going on for quite a while with no end in site.

    In the meantime, we are in the midst of planning and about to begin desiging our migration to a global AD and Exchange. One good thing about the ability to start fresh is having an archiving solution place from the beginning.

    We'll use Exchange with Symantec Enterprise Vault. Comparing Symantec to AXS-One, they seem to be pretty similar, though Symantec's e-discovery interface looks easier to use. There still has a decision to be made of what to do with the existing data. I have a feeling, we will migrate the Notes mailboxes (using the new email retention policies that will be implemented with Exchange) to Enterprise Vault. But this still leaves the AXS-One data that may or may not be converted to Enterprise Vault.

    In addition, we'll be implementing Office Communication Server for chat only (I don't see our network being able to handle voice/video - and I don't see anyone willing to pay for the network upgrade required). We'll also be implementing Facetime which is an IM archiving solution, since our company is a trading organization, and much of the way that traders do business is through Instant Message. At that time, we'll force all AOL, MSN, and Yahoo traffice through gateways so that the traffic is logged.

    Nothing on the forefront for Blackberry SMS traffic logging through as I just read was possible in this post -> { Link } from Chris Whisonant.