eMail Retention Policies
David Ferris, principal and founder of Ferris research sums up The State of Email Retention Schedules. It seems to me, that a lot of organisations follow the motto: Ignorance is bliss. However when looking closer it doesn't look like ignorance anymore, rather confusion on many forces/interests pulling into different directions:
What is your policy?
- IT management likes to keep retention periods short. Short periods require less storage, less computing power to search and analyze the stored data and offer less data (read cost) that might get subjected to a discovery phase (which in Anglo-Saxon jurisdiction typically has to be paid for by the company)
- Legal likes to keep retention periods short. Less data stored means less risk in a discovery phase.
- Legal likes to keep retention periods long. Since the opposite party might be able to produce electronic communication, having retained the other end can help to verify if that exhibit is genuine.
- Record keepers like to keep business records as required by law. Now this is a big discussion. Are eMails business records? This is actually the wrong question (it is the same as: is paper a business record - depends what is written on it). The right question: What emails are business records and how to (auto) discover their business record nature? Also: most acts covering electronic transactions require non-repudiation provisions. Means: emails (given their content makes them business records) need to be retained before users can touch them (for incoming) or after they are finished composing them (for outgoing). So retention ideally happens at the router using proper rules.
- Knowledge Management likes to keep retention periods long. A lot of corporate knowledge is stored (or would "is hidden" be more accurate?) in email systems. With the right tools that can be harvested easily. However outdated information isn't KM relevant, so retention should not be too long.
- User don't want to be bothered. They have enough work to do and want systems that are fast (which would call for short retention) and can produce any information (calling for long retention). In an ideal world the system would take care itself.
- IT vendors love long retention periods. They mean: more customer attention, more budged, more consulting, more hardware. But well: dentists like rotten teeth too.
What is your policy?