Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Are There Any Smart E-mail Retention Policies?

timothy posted more than 5 years ago | from the don't-use-email-any-more dept.

Communications 367

An anonymous reader writes "In an age of litigation and costly discovery obligations, many organizations are embracing policies which call for the forced purging of e-mail in an attempt to limit the organization's exposure to legal risk. I work for a large organization which is about to begin destroying all e-mail older than 180 days. Normally, I would just duck the house-cleaning by archiving my own e-mail to hard-drive or a network folder, but we are a Microsoft shop and the Exchange e-mail server is configured to deny all attempts to copy data to an off-line personal folder (.PST file). The organization's policy unhelpfully recommends that 'really important' e-mails be saved as Word documents. Is anybody doing this right? What do Slashdot readers suggest for a large company that needs to balance legal risks against the daily information and communication needs of its staff?"

cancel ×

367 comments

Look !! This is not NEWS !! (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#24352457)

Get on with it slashdot !!

Re:Look !! This is not NEWS !! (3, Funny)

rfuilrez (1213562) | more than 5 years ago | (#24352469)

Way to be a jerk. Slashdot isn't only about the latest iPhone release, or patent trolling. It's about everything technical, and this is good question.

Re:Look !! This is not NEWS !! (2, Interesting)

negRo_slim (636783) | more than 5 years ago | (#24352517)

Way to be a jerk. Slashdot isn't only about the latest iPhone release, or patent trolling. It's about everything technical, and this is good question.

I'm a big fan of plain text email and copy and past really isn't all that time consuming if I were forced to save anything worth saving for longer than 180 days.

Re:Look !! This is not NEWS !! (1, Insightful)

Kneo24 (688412) | more than 5 years ago | (#24353429)

Calling a jerk, a jerk, is not trolling. Someone do this guy a favor and spend a mod point to put him back to positive.

Stuff that matters (2, Insightful)

tepples (727027) | more than 5 years ago | (#24352509)

Even if Ask Slashdot articles like this aren't "news for nerds", they're still (supposed to be) "stuff that matters" related to information technology.

Re:Stuff that matters (1)

bschorr (1316501) | more than 5 years ago | (#24353289)

If you don't think this matters wait until you have to spend a week with a lawyer standing over your shoulder reviewing every message in your archive.

frist p0st (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#24352463)

frist p0st

Re:frist p0st (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#24352575)

What a fucking pathetic loser you are.

Re:frist p0st (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#24352773)

Did you just reply to yourself?

Re:frist p0st (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#24352863)

yes, 3 times now

Re:frist p0st (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#24353045)

OP here, don't believe the other Anonymous Cowards. I'm the real one. And I'm not twitter, I don't reply to myself.

Re:frist p0st (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#24353163)

You are not OP.

imap? (2, Interesting)

JeffSh (71237) | more than 5 years ago | (#24352477)

if your orgs exchange server has their imap connector enabled, you can use a different client that doesn't follow the commands of the exchange server to pull emails, but it sounds to me like your org is smarter than that.

Re:imap? (0)

Anonymous Coward | more than 5 years ago | (#24352789)

We have a similar policy, except the wording is such that we can keep documents with ongoing business use (or something like that). Everything else has a 90 day retention.

It's not unreasonable in such a litigious society.

IMAP lets me save what I need to save.

really ? (1)

johnjones (14274) | more than 5 years ago | (#24352791)

thats what I would go for IMAP next would be pop3 if they have disabled both of those services which they would not usually...

then connect up Entourage on a mac and simply drag and drop alternatively evolution on a linux vmware

failing that simply forward all the mail to gmail or free email account that you can search in a instant... but no one know about...(if you are smart you will configure outlook to use the gmail (or free provider) as the sending email server so things dont go out through the exchange server alerting the admins there when they look at the traffic also make sure that you use the SSL to smtp out )

so what I am saying is there are ways around this unless your org monitors everything and even then they can easily fail

most of the time things like word documents will trip up in litigation so they should not be trying to burn everything what they are trying to do is appear to have a policy so the lawyers are satisfied....

silly but true and it's frankly dumb

regards

John Jones

Don't break the law... (0)

Anonymous Coward | more than 5 years ago | (#24352489)

Don't break the law (or if you do don't tell your closest 20 associates about it) and don't worry about retention policies?

Re:Don't break the law... (4, Insightful)

Don Sample (57699) | more than 5 years ago | (#24352591)

It isn't just about breaking the law. Someone sends an email to a coworker, telling them "I suppose that if someone is using our Webelfetzer 1000 while hopping up and down on one foot in the shower, they might slip, and bang their head," and then a year later someone is using a Webelfetzer 1000 while hopping up and down on one foot in the shower, and they slip and bang their head, and sue, and their lawyer finds the old email, and screams: "See! You knew this was a threat, and you didn't warn anybody!" and then doubles the damages they're asking for.

Re:Don't break the law... (1, Flamebait)

xaxa (988988) | more than 5 years ago | (#24352819)

1. Relocate your company to another country with better laws and without the "Sue! Sue! Sue!" culture.
2. ...
3. Probably less profit, the taxes are likely to be higher than the USA.

Re:Don't break the law... (1, Insightful)

Vengie (533896) | more than 5 years ago | (#24353439)

I know you don't care, but if someone high up wrote that email, it indicates that the use of the webelfetzer 1000 in the shower while hopping up and down on one foot was foreseeable. And that's the whole damned POINT. Otherwise, you sue the company and lose. Ok, i'm going to go back to studying for the bar, but you've got it ass backwards. [as an aside: treble damages, not double damages, and your factual scenario would not support them]

Good Work (1)

korbin_dallas (783372) | more than 5 years ago | (#24352499)

Don't do anything illegal, then the company doesn't have any thing to hide right?

I recall several big cases then went up because of someones 'little black book' in pencil and paper, so purging emails is really a waste of time anyway. Besides we could always plant emails we need on your server anyway.

Online Email service (1)

CalSolt (999365) | more than 5 years ago | (#24352515)

Could you forward your emails to a personal account on one of the big three webmail providers? IANAL but it seems like that might limit the company's liability while allowing you to automatically archive your emails in a fully searchable format.

Re:Online Email service (2, Interesting)

Gay for Linux (942545) | more than 5 years ago | (#24352587)

Worked really well for Media Defender [torrentfreak.com] .

Re:Online Email service (1)

westlake (615356) | more than 5 years ago | (#24352607)

Could you forward your emails to a personal account on one of the big three webmail providers? IANAL but it seems like that might limit the company's liability while allowing you to automatically archive your emails in a fully searchable format.
.

because your boss loves to start the morning with the sound of a time bomb ticking in the background.

sensitive correspondence stored beyond his reach.

adaptation (3, Insightful)

Lord Ender (156273) | more than 5 years ago | (#24352531)

The end result of all the bullshit lawyers try to shove on people who actually produce things for a living is the same. We route around it. This policy will cause people to use webmail, alternative email clients, IM, and other technologies to get on with getting work done, while the lawyers remain blissfully ignorant.

Re:adaptation (0)

Anonymous Coward | more than 5 years ago | (#24352691)

cause people to use webmail, alternative email clients, IM, and other technologies to get on with getting work done

The company I work for block those websites and protocols for this very reason.
I guess this why we don't get any work done.

Printers are your friends (5, Funny)

xlr8ed (726203) | more than 5 years ago | (#24352539)

Print every email you get, I'm sure it won't effect your bonus.

Mod parent up as funny (1)

mark99 (459508) | more than 5 years ago | (#24352639)

And I do hope you are joking.

Re:Printers are your friends (2, Informative)

caluml (551744) | more than 5 years ago | (#24353279)

If something affects you, it has an effect on you. But you can also affect a funny accent, and you can have personal effects. Hope that's cleared things up for you.

Cheating is a bad idea (5, Insightful)

SoapBox17 (1020345) | more than 5 years ago | (#24352561)

Cheating, as the author suggests, is a bad idea. The company is doing this for a reason... to protect themselves from extra BS when they get sued.

If you don't want to have to go through that extra BS (believe me, you don't) and/or you don't want your company or yourself getting in even more legal trouble when they deny something exists (because it shouldn't according to their policy) when it really does (because you didn't follow the policy) then don't be an ass. Do what they tell you like a good little minion.

How about the reverse problem? (4, Interesting)

HitekHobo (1132869) | more than 5 years ago | (#24352731)

The IT staff at my former employer saved copies of all email that went through the server... indefinitely. No, they didn't tell employees they were doing it. And yes, they had a search engine so they could do across the board searches of whatever terms seemed interesting at the time.

I find it interesting that different companies are going to different extremes. Some are limiting their exposure by trying to delete all mail and others are saving all mail in order to be able to comply with court orders (or perhaps just get a bit big brother-ish.

For a REALLY strange twist, the company I'm speaking of forced employees to maintain mailboxes under 100MB... while the server admins never deleted a single email that hit the server.

Re:How about the reverse problem? (2, Interesting)

truesaer (135079) | more than 5 years ago | (#24352885)

My former company began archiving all email permanently due to some lawsuits, and it was the best thing that ever happened to me. FINALLY that 12MB limit on email disappeared. I never could figure out how a major tech company couldn't manage a quota higher than 12MB in this area of cheap storage...

Re:How about the reverse problem? (1)

dzelenka (630044) | more than 5 years ago | (#24353229)

The IT staff at my former employer saved copies of all email that went through the server... indefinitely. No, they didn't tell employees they were doing it. And yes, they had a search engine so they could do across the board searches of whatever terms seemed interesting at the time.

I find it interesting that different companies are going to different extremes. Some are limiting their exposure by trying to delete all mail and others are saving all mail in order to be able to comply with court orders (or perhaps just get a bit big brother-ish.

For a REALLY strange twist, the company I'm speaking of forced employees to maintain mailboxes under 100MB... while the server admins never deleted a single email that hit the server.

Those companies that impose draconian email limits are just going to force employees to copy the messages to files, save them in an unauthorized client, or print them out. Doing that still leaves those messages open to discovery or public disclosure requests. But it makes searching them MORE time consuming.

Archiving everything (after the spam filter is done) is the only reasonable option. It's just a problem of setting a policy for retention and then enforcing that policy in a way that lets employees do their work.

Re:Cheating is a bad idea (5, Insightful)

Boricle (652297) | more than 5 years ago | (#24352847)

Here is the thing I don't understand...

This is a double edged sword.

It is nice that you won't have incriminating emails around so that people can find them during discovery.

but what happens when you need those same emails that are over 180 days old that would have EXONERATED you?

I guess you just have to say... "oh well, sorry, we don't have a copy of the [warning/caution/acceptance] that puts us in the clear..., I guess we're screwed".

Re:Cheating is a bad idea (1)

caluml (551744) | more than 5 years ago | (#24353323)

what happens when you need those same emails that are over 180 days old that would have EXONERATED you?

It doesn't matter, because you're innocent until proven guilty, right. Right?

Re:Cheating is a bad idea (1)

Bazar (778572) | more than 5 years ago | (#24353509)

That's the criminal courts your thinking about.

The civil courts are more then happy to award judgment on evidence that is less then concrete. As such loosing a letter that exonerates you could cost your company quite badly in the pockets.

Re:Cheating is a bad idea (4, Insightful)

radarjd (931774) | more than 5 years ago | (#24353433)

but what happens when you need those same emails that are over 180 days old that would have EXONERATED you?

I guess you just have to say... "oh well, sorry, we don't have a copy of the [warning/caution/acceptance] that puts us in the clear..., I guess we're screwed".

It's a fair question, and one I've certainly struggled with. Ultimately, you have to come up with a balancing of the possibilities. On one hand is the possibility that an email over 180 days exonerates you and on the other is an email over 180 days old that sends your executives to prison. The calculation may be that it's harder for someone to prove you guilty, than to be forced to prove yourself innocent. Apparently the balance for this company is at 180 days. That's a bit short for my taste, but that's what this company has decided.

Re:Cheating is a bad idea (4, Insightful)

Vengie (533896) | more than 5 years ago | (#24353451)

This is why some investment banks save everything. They create a rebuttable presumption that if they don't have it, it doesn't exist. (Often helpful when the other side alleges there is a "smoking gun")

Localhost (1)

shaunnrose (1258388) | more than 5 years ago | (#24352563)

Seems like a highly annoying and unproductive policy you have there. Create a local pop3/smtp server, forward your emails there. Or.... forward them back to yourself and keep resetting the timestamp :)

What are they trying to hide? (0)

Anonymous Coward | more than 5 years ago | (#24352617)

Not trying to troll here (but posting AC just to be on the safe side), but really: What are they trying to hide with such a policy? If they're doing something illegal you should report them, not try to cover for them.

Re:What are they trying to hide? (1)

BitterOak (537666) | more than 5 years ago | (#24352687)

They're not necessarily doing anything criminal; they might just be trying to protect themselves from discovery obligations in a civil suit. You don't have to be doing something wrong to get sued. Why make your opponent's job easier by keeping information which might help their case?

Re:What are they trying to hide? (0)

Anonymous Coward | more than 5 years ago | (#24352953)

Who said anything about criminal?

Re:What are they trying to hide? (2, Insightful)

whit3 (318913) | more than 5 years ago | (#24353023)

'Information that might help an opponent'
and
'Information that might help a coworker, ally, employer'
are both likely to be present in those e-mails.
Only the first of these excites fear, uncertainty, doubt and
only the first is being carefully considered by the policymakers
in this case. They're deluded. Don't buy stock, and keep
your resume updated.

Re:What are they trying to hide? (1)

Paradoks (711398) | more than 5 years ago | (#24353131)

Is it also safe to assume that, if a company introduces policies relating to harassment, there must be endemic harassment in the company?

Just because a company is afraid of lawsuits doesn't mean they're guilty.

Re:What are they trying to hide? (1)

base3 (539820) | more than 5 years ago | (#24353445)

Actually, given the reactive nature of typical organizations, I'd say that's a safe bet.

Let it be deleted (3, Insightful)

jolyonr (560227) | more than 5 years ago | (#24352657)

Seriously.

Let the 180 day limit on email remain as 'someone elses problem'. How many times do you really need to get an email six months old? You'll end up with a cleaner, faster and less stressful mailbox.
 
Of course, there may be the odd email you need, so every week why not look at the oldest week's worth of mail in your mailbox, and anything you REALLY have to keep, just forward it to yourself. Then it will stay in your mailbox for another 180 days. But try to only forward the things that are vital.
 
Of course you may be able to forward to an offsite mail account, but I'm assuming that isn't allowed. No company is going to restrict you from forwarding emails to your own company account.
 
Jolyon

Re:Let it be deleted (5, Insightful)

jd (1658) | more than 5 years ago | (#24352783)

I often find I need e-mails that are 10-15 years old. I haven't retained everything over that time, but what I've retained is both interesting and useful. Frivolous emails are certainly deletable. But the non-frivolous stuff? That leaves a lot of stuff whose value does not deprecate with time. In the end, knowledge is its own currency, and those who choose to throw that currency away simply make themselves poorer.

Re:Let it be deleted (1)

dan dan the dna man (461768) | more than 5 years ago | (#24352899)

Email, you're doing it wrong.

Email is not a store for information - it's a means of communication. I admit that I also archive email (well since Gmail opened anyway) but if someone emails me a phone number - it goes in the address book, if I get emailed a solution to a problem, it goes in a wiki. Email has not been easily tagged/searchable till recently - most clients are still terrible!

I do not understand this mentality of people who use email as a 'to do list' or 'archive of information'. It excels at neither of these.

Re:Let it be deleted (2, Insightful)

shawn(at)fsu (447153) | more than 5 years ago | (#24353111)

I save emails for the same reasons I would save regular mail. If I think it's something that I will need later to CMA then I'm saving it. I should imagine that saving the whole email and not just the text will lend credibility to my side if someone tries to say they never sent/received "that" email.

Since I don't what will come back up 5 years from now I tend to save all of it.

Re:Let it be deleted (1)

Shados (741919) | more than 5 years ago | (#24352969)

Step 1: get OneNote (part of Office 2007... in office 2003 it was a stand alone product and it sucked anyway)

Step 2: Print to OneNote (think of it as a PDF printer that lets you organize stuff).

Problem Solved.

Re:Let it be deleted (0)

Anonymous Coward | more than 5 years ago | (#24353051)

I'm going the AC route just to be safe. As a supervisor in a matrix organization I can not begin to tell you the number of times I've needed emails that are years old. While I don't need old email every day, when I do it is a critical need for my team. Of course technically I can't delete anything right now due to a lawsuit between one of my customers and a competitor, but if you look up the word shortsighted you will see a picture of Sam Palmisano next to it.

I think the oldest useful email has turned out to be about 5 years old, but 1-2 years is several times a month.

Re:Let it be deleted (4, Insightful)

barzok (26681) | more than 5 years ago | (#24353283)

How many times do you really need to get an email six months old?

It's saved my ass more than once. There are few things more satisfying than having a project manager start an email tirade against you because she thinks you didn't tell her about a change that needed to be made later in the year, and being able to forward that old email to her and tell her "yes, I did tell you about it, I even sent you the documentation for it way back when."

You'd better comply with Sarbanes-Oxley (5, Informative)

unassimilatible (225662) | more than 5 years ago | (#24352661)

Destroying e-mail - something that used to be a good idea - can now be a crime even absent an active criminal investigation. For firms affected by Sarbanes-Oxley, you'd better comply with e-mail retention rules [s-ox.com] .

And for those of you libertarian-for-yourself, statist-for-big-companies types out there, this is what happens when the government pokes its nose into regulating business; they don't just make Microsoft's life miserable. All aspects of life and business will be intruded upon. That's just how Big Nanny works.

Re:You'd better comply with Sarbanes-Oxley (2, Interesting)

Anonymous Coward | more than 5 years ago | (#24353033)

Never mind SOX. We ran into this at a company I used to work for. Afer getting hit a few times they decided to implement a 30 day clean out. Important messages were to be printed out. (Oh yeah, they were so cheap that most departments were stealing paper from other departments)

Then someone mentioned that email was used to track changes to military contracts and when dealing with government stuff, had to be retained as well as backed up.

The lawyers were literally sending out memos on this hourly with one group saying "Run the deletions now!" and the other telling us to save everything. Of course both groups were threatening the admins with their jobs if they didn't comply.

Most people got so fed up they just ignored everyone and did what their local user base required.

This company mangaged by threat and it reached a point where one Sysadmin on a conference call exploded, described the parental heritage of the managers in great detail, announced that he was f***ing sick of them all and slammed the phone down. He packed his stuff, tossed his cell and pager on his desk and walked out.

There were other, less public incidents.

Re:You'd better comply with Sarbanes-Oxley (5, Insightful)

Anonymous Coward | more than 5 years ago | (#24353249)

Destroying e-mail - something that used to be a good idea - can now be a crime even absent an active criminal investigation.

Unless the email is destroyed on an ongoing basis as part of a clear and documented policy, which makes it perfectly legal.

Sounds exactly like this "ask slashdot" question.

Re:You'd better comply with Sarbanes-Oxley (2)

ScrewMaster (602015) | more than 5 years ago | (#24353331)

As I understand it, you have to have a policy that is compliant with the law, and be able to show that you've consistently followed that policy.

Offline Caches perhaps? (0)

Anonymous Coward | more than 5 years ago | (#24352663)

It's not a good idea to go against your company policy, but most Outlook clients are usually configured to use cached Exchange mode to store a copy of all e-mails in a .OST file in your profile directory, so you likely already have a local backup of the e-mails you have stored on your Exchange server. Just look up an "OST to PST" converter on Google, and then you're all set. Surprised no one else caught this.

The company could have a policy of honesty (0)

Anonymous Coward | more than 5 years ago | (#24352677)

I have worked for companies with such a policy. Insane loss of productivity when all the history continually disappears.

It takes a huge legal risk to justify such a policy.

Yes, indeed there is one ... (2, Funny)

ScrewMaster (602015) | more than 5 years ago | (#24352695)

Are There Any Smart E-mail Retention Policies?

Retain (store) email just long enough to forward it on to the destination server.

Why fight it? (0)

Anonymous Coward | more than 5 years ago | (#24352703)

Just to be devil's advocate, if that's their policy why fight it? You'll only be bringing trouble on to yourself. Say the company is sued at some point, and it's known that you archived emails against policy- don't you think there are numerous ways that could bite you on the ass?

I have no idea what you do, of course, but I would think six months is long enough for the emails to be obsolete. If not, well, you shouldn't be responsible for contents deleted in a routine purge.

If they're personal emails you need to save... I won't state the obvious.

Re:Why fight it? (0)

Anonymous Coward | more than 5 years ago | (#24353053)

It's been my experience in the corporate world that the act of trying to protect the company from itself, or hostile entities is never reciprocated by the company for it's employees. CYA, or die.

Not a bad idea? (3, Insightful)

Xest (935314) | more than 5 years ago | (#24352709)

I tend to see e-mail as something you use for temporary exchange of messages and tasks/information held therein, not something to be used to archive material.

I'd argue the company's policy isn't actually far wrong, surely anything over about 180 days is something that is more suited to permanent archiving anyway?

I'll admit when I was working in tech support and I had our corporate Microsoft keys e-mailed me I kept them in my personal folders for a couple of years but realistically I have to admit I think these would be better placed in an information repository suited to more permanent store of information.

The company does then of course run the risk of people storing data that puts them at legal risk in that information repository instead however!

I'm not sure though that there are many circumstances where an e-mail client needs to act as a long term information store. I find it's generally the case that if you need to store it for a long while, it'll almost certainly be something that others in your company will need access to should you get hit by a bus tomorrow and as such, maybe shared folders (with appropriate permissions) are a better choice than personal folders?

Sarbanes-Oxley Question (3, Insightful)

toxic666 (529648) | more than 5 years ago | (#24352711)

You left out something very important. Is your large company publicly traded in the US? If yes, it could be looking at violations of Sarbanes-Oxley if they really are purging (and not retaining) e-mail "in an attempt to limit the organization's exposure to legal risk."

But that is likely not the case. It is more likely the company is trying to limit the amount of data stored on its Exchange system. Adding storage and additional backup capacity is expensive. Implementing a policy that requires end users to keep the size of their mailboxes down does not work, because many people insist they need every bit of those six years of archived e-mail; people use e-mail as much for CYA as doing real business. So, this solution was selected. If it really is important, make the end users do some work to keep it and don't force the company to re architect its storage system to keep years of CYA and personal mail.

Re:Sarbanes-Oxley Question (2, Informative)

Anonymous Coward | more than 5 years ago | (#24352985)

I'm posting as AC because I'd probably end up fired for mentioning this.

We keep emails essentially forever. Our company uses its own email system, though it used to use exchange (and people still want to keep using it, despite the fact that it sucks ass). Everyone has 25GB of email space, with more if you request it (and, I assume, are approved for it).

If there's something you don't want potentially showing up in a court room you shouldn't be emailing it in the first place. You don't know if the other person is saving it locally (and putting those exchange restrictions isn't going to stop this). Same with IM, you don't know if the other person is logging it.

Perhaps I'm part of the internet generation but I don't see the point in destroying information; no matter how bad it is it may have some unforeseen future usefulness. Bad stuff has a tendency to hang around much longer than good stuff anyway.

You cannot rely on people not saving information to get you out of legal trouble, instead rely on not saying those things in the first place.

Re:Sarbanes-Oxley Question (1)

CrankyFool (680025) | more than 5 years ago | (#24352993)

I've got to tell you, I think you're incorrect here. I work for a Fortune 500 company and I happen to manage the storage and backup group (in addition to some other responsibilities). It's true that backups cost something, especially if you'll retain them for a while (and we retain things 'forever', because our legal people actually like to be able to go back and find email -- it's been more helpful to our defense than the other side's case). At this point, backing up Exchange makes up 25% of our total backup volume.

However, there's a very easy way around that, that the original poster mentions -- you can keep your own PSTs. Doing so shifts the responsibility for backing up that email from the backup group to the user. For example, I copy everything to PSTs on my laptop, which (intentionally) does not get backed up.

For us, we use Symantec's Enterprise Vault to actually keep every single email in one centralized location, which lets us avoid duplication of emails (100 people get a 10MB presentation? Great, we'll make one 10MB backup) and helps when we deal with legal discovery.

This isn't about saving money on storage and backups. It's about one interpretation on how to improve your legal standing (and, as I noted, it's only one interpretation -- ours is quite the opposite).

Re:Sarbanes-Oxley Question (5, Informative)

Anonymous Coward | more than 5 years ago | (#24353021)

Deleting email is just fine with Sarbanes Oxley as long as you have a specified policy and follow it to the letter. It would be okay to have a policy that email is auto-deleted after 30 days, if your company wanted to do that.
What is specifically NOT okay is deleting email once an investigation is underway or if there is reason to believe you will be investigated. In those cases, you have a duty to preservce evidennce. if you delete email under these circumstances for example, the judge may instruct the jury to assume that the email was incrimating or may rule summarily against you. Either way, your company is hosed.

Live with the purge (0)

Anonymous Coward | more than 5 years ago | (#24352721)

Any truly relevant information in emails would end up having to be transferred to another form of documentation. Most projects last more than 180 days; you can't just let information disappear that quickly. Makes a strong case for just using email as the information database. Except for the liability. For most, the cost of having to permute the information into other storage far outweighs the potential cost of liability. For a few high-profile organizations, the reverse is true. Create and apply policy accordingly. And if you do have an aggressive purge policy, well, we know you're trying to hide something.

Your email? Excuse me?? (5, Insightful)

st0rmshad0w (412661) | more than 5 years ago | (#24352723)

That email belongs to the company, not you. As someone who accumulates 90% of his work stress from dealing with employee email usage atrocities (please don't email an mp3 mix cd image to 150 of your closest friends from your workstation, kthx), let me tell you what's wrong with your plan.

Its company property, governed by the policy in place for whatever reason, feel free to violate the policy if you don't want your job.

Not to mention what will happen if it comes to light that you are violating policy during a discovery proceedure, especially if it comes to light because you brilliantly decided to forward critical confidential company correspondence to somewhere like a Gmail account.

Brilliant. Really. Good luck finding a job after that.

Re:Your email? Excuse me?? (2, Insightful)

mschuyler (197441) | more than 5 years ago | (#24353047)

Ha ha not funny. I had to laugh at this. A few years ago I was still mapping drives. I had the "H" (Home) actually-network drive for everyone mapped to one of my servers (huge drives, the server was named Moby Fred) which allowed me to backup everyone's stuff every day pretty nicely on autopilot at night. Also, if someone's box failed I could swap it out with a standard install and not worry about their saved stuff being lost 'cept for maybe bookmarks too bad eat shit. But my nightly backups started to fail. They needed another tape all of a sudden where I was in the 50% used category the week before--plenty of leeway, or so I thought.

Turns out one employee decided to 'archive' all his MP3s onto the H: drive and nearly filled the thing up. This was actually kind of work-related (He was the music librarian).

I had a VERY short, emotional, and poignant conversation with him (I was so very pissed!), whereupon the problem suddenly disappeared.

Re:Your email? Excuse me?? (2)

carlzum (832868) | more than 5 years ago | (#24353371)

The parent is a little abrasive but his advice is spot-on. Seriously, don't try to circumvent your company's email retention policy. If an email contains information or attachments that may be of value for some remote reason, save it in another format. Add every contact to your address book and you won't have to search your messages for an address. If you're continually inconvenienced and it's making your job harder, you won't be alone. In that case the policy should be relaxed eventually.

If you're worried about losing personal email, use a personal account, even if it's non-business email with co-workers. All other messages are the property of your employer. Fear of litigation is not the sole reason for retention policies, there are also less storage costs, reduced privacy concerns, regulatory compliance, etc.

The only E-mail Retention Policy you need (1)

Hackerlish (1308763) | more than 5 years ago | (#24352735)

1. Don't.

Sweet, huh?

Smart email solutions (1)

nickthisname (630860) | more than 5 years ago | (#24352749)

Two Dixie cups and a long piece of string. Just don't use your crayons.

Project Completion and Architectural Decisions (5, Interesting)

StandardCell (589682) | more than 5 years ago | (#24352797)

A balance needs to be struck between the negatives of two strategies:

* Perpetual archiving of e-mail - wastes server disk space, increases tape backup volume, and (more notoriously) can leave "clues" that predatory litigators salivate over.
* Non-archival of e-mail - internal accusations and decisions can't be resolved, difficult to track decisions and their history, circumventable by printing the e-mail with headers.

The solution is as follows:

1. Digest only the final decisions of e-mails and the essential reasoning thereof, or make a digest of the decisions in a collaborative project wiki where buy-in from the stakeholders can be tracked.

2a. Upon project completion (ISO9000-type project gating), archive all project files, documentation and essential digest e-mails.
2b. Simultaneously destroy all other e-mails using secure forensically-unrecoverable techniques to prevent accidental recovery by thieves.

3. Any other e-mails regarding general architectural or administrative decisions which have implications for future development in the company should be digested, placed on a company wiki, and then the remainder securely destroyed.

Using this method, any questionable or potentially illegal decisions can be greatly avoided or reduced from a purely legal perspective while retaining sufficient information to continue operations and development. This policy won't end all legal issues, but the key is to have procedures that are centered around the guise of IT efficiency and operational simplicity to purposely dispel any other alleged intent by third parties that expressed or implies destruction of future evidence.

retentions (0)

Anonymous Coward | more than 5 years ago | (#24352809)

We have a backup once a month of every system in the organization including email servers that are kept forever. It may not retain every single email but it is still pretty good. Along with this, (we use Notes) I replicate my current database every hour from 8-5 to a local drive on my PC, as well as my Notes archive database every time I log in or out of my PC. I have became aware to a manager having access to everyone's email database, then deleting a email that could implicate him/herself or another manager. So I decide to keep local copies.

If you need it for more than 180 days... (1, Insightful)

Anonymous Coward | more than 5 years ago | (#24352845)

...then it shouldn't only be documented in an e-mail.

A lot of people use their inbox as a "safety blanket" for documenting things "I might need later." This is a bad idea for reasons other than data retention policies. Information rot can set in, and you'll have a copy of information that might not be up-to-date. This is especially problematic with documents, where you have no idea if the version in your inbox is the current version.

A good workaround (if your company allows it) is to have an internal wiki to publish "useful information" to as a shared, versioned source of knowledge. On such projects, I've noted most of our team feels much less reliant on e-mail as a store of knowledge.

using Exchange for email... (1)

Tumbleweed (3706) | more than 5 years ago | (#24352879)

"A strange game. The only winning move is not to play. How about a nice game of IMAP?"

Re:using Exchange for email... (1)

mosch (204) | more than 5 years ago | (#24353473)

I just lost The Game [losethegame.com] .

Purging email? (0)

Anonymous Coward | more than 5 years ago | (#24352883)

I was under the impression that all company communications now had to be kept for at least 7 years in accordance with legislation introduced BECAUSE companies were destroying emails that proved illegal activities. Maybe the laws vary between countries more than I realised.

It's not just the company you protect (5, Insightful)

empesey (207806) | more than 5 years ago | (#24352931)

I don't know how often I've saved my own can by retrieving an email from someone denying one thing or another or if a project goes south due to additional requests. By demanding that all requests be in written form or in email, I can produce a paper trail of all the requirements for a given project. As developers, we do nothing unless we have an official request. This limits our responsibility when things go over budget or behind schedule.

Deleting emails when a project is over is not necessarily a good idea, either. Patterns of irrational and poorly thought out requests can be produced over a long time period and this can also be used to cover one's caboose or even to give priorities to scope creep during crunch time. If things are going slow and they want some feature added in, we might be more inclined to meet that request. But if we're facing hard deadlines, we can push back and make the requester decide which are the most important features to add.

Doesn't belong there. (4, Insightful)

duffbeer703 (177751) | more than 5 years ago | (#24352937)

Email != a document repository. If you need to keep something, print as a PDF or store it somewhere more appropriate.

Go with the flow (3, Insightful)

dave562 (969951) | more than 5 years ago | (#24352941)

If the information is important enough to keep around after six months then it should be documented either as a policy or white paper. It seems that what your organization is attempting to do is to limit email to functioning as a communications medium. They don't want your Exchange servers to be an information repository. I can see the logic in what they are doing. In all seriousness if you haven't acted on information in an email in six months it either wasn't that important, or you're not staying on top of your responsibility. If it is information that needs to be kept because it is integral to the functioning of your department then there are better places than email to keep that information.

Blame the policy... (2, Insightful)

PhearoX (1187921) | more than 5 years ago | (#24352957)

My company has been doing this for years, but our policy is only 90 days. I do go ahead and copy any 'really important' emails into OpenOffice documents, but these are few and far between.

I find that the best way to get policies changed is to emphasize their faults. When my company started docking pay for not submitting a change request to reboot a broken production server, I basically started submitting change requests every time I had to take a shit. This policy hasn't changed yet, but I guarantee it will.

Let the emails get deleted. Don't go out of your way to save them if it isn't immediately obvious to do so. When my emails go missing and I need them, I let the management know 'the retention policy ate it'. Whether they like the excuse or not, it's a fact that the missing information is not my fault, and this will hold up in court if I ever have to sue for unlawful termination.

It's a job. I'm paid to do it. If I have to re-do work as a result of something like this, I'll get paid just as much the second time as I did the first. *shrug*

Forward it to yourself? (1)

suck_burners_rice (1258684) | more than 5 years ago | (#24352959)

I've never used any Exchange-based junk, so this might be totally ridiculous, but what if you forward every incoming email to an address that you create for the purpose of archiving the stuff?

Let me get this straight. (1)

fishbowl (7759) | more than 5 years ago | (#24352963)

You are not in a position of decision making authority where you could veto this idea, or specify what the policy will be.

So explain the reason you care, exactly?

Get into a position where you make the decisions. Until then, don't waste your time worrying about this stuff.

Simple, but not easy.... (1)

rickb928 (945187) | more than 5 years ago | (#24353015)

Have the corporate lawyers tell you what you need to save.
That's the simple part for you

Save it. Not so easy, often, but there are plenty of tools. I'm not paid by anybody to market them to you.

If you're with a business that has clear legal needs to save electronic correspondence, I'm surprised you haven't already been getting the sales pitch. Or maybe your executive team has been.

Use Evolution Exchange integration (0)

Anonymous Coward | more than 5 years ago | (#24353037)

If your company runs the "Outlook Web Access" service for Exchange (i.e. webmail), then simply run Evolution with the Exchange integration, and you can copy the emails to Evolutions's equivalent of a .PST file no problem; that's what I do.

Is anybody doing this right? (3, Funny)

iminplaya (723125) | more than 5 years ago | (#24353055)

Yes. I save them in notepad.

Shoot the Lawyers (0, Troll)

Detritus (11846) | more than 5 years ago | (#24353097)

I used to work for a company that decided to delete all email after 30 days. While I'm sure it made the lawyers happy, it made life difficult for anyone who was trying to actually do work. Email archives are important as a record of decisions, requirements, purchases, agreements with customers, and company policy directives. Sometimes people and corporations conveniently "forget" what they said months, or years, ago. If I can't keep it in my mailbox, I'm going to print it out and store it in a safe location.

How do you like prison (1)

gelfling (6534) | more than 5 years ago | (#24353107)

Retention policies are generally set by counsel. If you violate that it's generally at your own risk.

Re:How do you like prison (2, Informative)

Detritus (11846) | more than 5 years ago | (#24353265)

Violations of company policy are not criminal offenses.

Re:How do you like prison (1)

mosch (204) | more than 5 years ago | (#24353477)

Reprimand and job termination are risks.

SOP at Intel Jones Farm (0)

Anonymous Coward | more than 5 years ago | (#24353239)

This crap is standard at Intel Hellsburito. Important notes disappear after a few weeks. No one ever mentions this little fact until it's too late.

Consider the information (1)

teh moges (875080) | more than 5 years ago | (#24353257)

You need to consider what information is in these emails and what needs to be done with that information. Example, from my last job in a Helpdesk/IT Officer for a small business:

Email Type -> Where it goes
Request for help from IT -> Send to our helpdesk system
Serial number from supplier for appliction -> Save to our IT Auditing software, print out and file
Information on fixing a program -> Print out if needed soon, and copy information to our procedure manual folder on the network.

Look at your email more as an inbox and less of a filing system. If your upper management have taken this step, they may just decide one day (after something happens) to accidentally 'wipe' all email. If you work based on the assumption that will happen, you should be able to live with this rule.

wait till... (0)

Anonymous Coward | more than 5 years ago | (#24353275)

Wait till your company gets sued by a patent troll and you had a string of messages showing you had or used the idea before they applied, and were thus the true inventor. Mail destroyed can cost company millions.

Wait until you need exculpatory evidence from that mail stream. That being destroyed also can cost your company plenty. Remind the legal dept. of this.

You don't know what is needed like this typically for a long time (years) but keep the mail because you know it is important in your record of your ideas or acts.

If nothing else can be done, select all and save mail to text, but that is not as good evidence as mail and may not fly in court.

Let your legal department beware.

These things have happened, to me and others.

Destroying this kind of information can be very costly in terms of establishing blame when something goes wrong too. (Someone promises particular functions in email, represents something, but blow the email away and you may have no evidence this was done.)

Only destroy stuff indicating wrongdoing...or better yet, don't do the wrongdoing in the first place. Also caution people not to send love letters or the like in email since it may come back to haunt them years later. This may save a lot of wasted time by workers...

Find a way to archive it... (0)

Anonymous Coward | more than 5 years ago | (#24353299)

The moronic IT persons are already saying crap like "the email belongs to the company, not you". Perhaps the computer on which I wrote them does, but *I* have written those emails, therefore they belong to me also.

I have always archived everything I wrote and every document I produced in my work on an external hard drive, that I took with me when I switched jobs. I have the first piece of email of my first job, 10 years ago. I have everything, but that's only for my personal use and reference. There is a value to me in archiving it. Nobody can prevent me from archiving emails that *I* wrote or received. Nobody. And nobody can force me to hand over those. I will destroy them if I have to.

Oh, and f^@k the IT people.

Re:Find a way to archive it... (1)

grimmfarmer (529600) | more than 5 years ago | (#24353507)

The moronic IT persons are already saying crap like "the email belongs to the company, not you". Perhaps the computer on which I wrote them does, but *I* have written those emails, therefore they belong to me also.

That depends entirely upon the terms of your employment: sad but true (note: IANAL). If you have a contract governing your employment, I'd suggest you look at it and get legal help interpreting it, if need be.

Oh, and f^@k the IT people.

You're perfectly welcome to return to your previous life of using pen and paper, the (POTS) telephone, postal mail, and trying to get a date in person. Let me know how that all works out for you.

Lawyers trying to avoid work? (0)

Anonymous Coward | more than 5 years ago | (#24353335)

When I have spoken with lawyers, it usually takes a few months to get an answer. If the forged purge age is shorter than the time it takes the lawyers respond, then perhaps it's a ploy to avoid working.

file imp stuff (0)

Anonymous Coward | more than 5 years ago | (#24353365)

important stuff should be sent as an attachment to email
put important stuff in a WP/Text file and file it

Criminal, just criminal (1)

grolaw (670747) | more than 5 years ago | (#24353377)

Document retention policies ought to follow the IRS document retention guidelines. 5 years at a minimum.

Avoiding liability under SOX by failing to report the improper operation of the corporation and destroying the evidence is a bad, bad idea.

I expect spoilation sanctions for any document destroyed before the IRS standards.

Two different questions (2, Informative)

Anonymous Coward | more than 5 years ago | (#24353389)

Are there any good retention policies out there? No. The good retention policy is to save what you need, delete what you don't. Which is not a policy at all.

What would I recommend for a corporation? Don't use e-mail at all. If you refuse to follow that advice, use a system that deletes on first read and cannot be used to create copies (harder than it seems).

There are several reasons for keeping mail. At the top of everyone's list is self-preservation. It's important to be able to prove that this or that decision was made for these reasons or that so-and-so really did tell you to do whatever. This is necessary because in the modern corporate ethos, the employees and shareholders take all the risks and senior management reaps all the gains. Everyone needs protection. But it probably won't help you.

Another, better, reason is the reason writing was invented in the first place: to recall past events and information not held in one's memory. This is where the "right policy" really shines. Unfortunately, anything worth keeping is also worth a subpoena when someone decides to fuck with you (or your company, but remember that companies do not suffer, their employees and shareholders suffer; if something you wrote, or kept, harms "the company" you can bet it will end up harming you a lot more). So short of obliterating most of the civil law on the books today, we're back to keeping nothing. You as an individual stand to lose your life (if you lose your job and are blackballed, you will die or wish you had). But as always most of the gains from saving mail accrue to senior management in the form of better corporate performance and higher pay. You have no personal incentive to save anything unless you are preparing for a wrongful termination lawsuit. In that case I hope you have printouts, because the mail your lawyer subpoenas probably won't be there no matter what any "policy" says.

Cynical? Sure I am. But that's just the way it goes. The wise employee does not commit to writing anything of any conceivable value or interest. If it's worth saying, it's worth saying in a hallway conversation. If it needs to be written down, be sure your name does not end up on it. Then you don't need to care what senior management is telling you to retain or purge. And if you need some piece of information you would have had if you'd saved everything, just wing it. You would not have received any incremental benefit from doing your job better and you're going to take the fall when things go wrong no matter what you do, so you might as well not bother. Get as much money out of them in the meantime as you can, and protect it from debasement by converting it into gold and silver. Then when the system inevitably flushes you out, you'll have something to survive on.

Being an employee is like buying bonds. In the best case, you get a small fixed income stream for a while. In the worst case, you get nothing. There is no upside. There is nothing to strive for or invest yourself in. But unlike the bond market, where you can buy CDSs, there is nothing you can do to protect yourself from your employer. Since you can't help yourself and have no incentive to help your employer, the best thing to do is muddle along, keep your head down, and do everything you can to avoid being noticed. Not bothering to write anything down is just one example of this approach. In this way you may survive until macroeconomic conditions inevitably make "painful decisions" necessary for senior management, better known as cancelling your employment and wishing you the best of luck somewhere else while cancelling dividends or buybacks (making those shares and options they insisted you accept as part of your compensation package worth dramatically less and fucking over the existing shareholders as well). But take comfort - your beloved senior managers are safe and secure no matter what happens; even if the company folds they took home enough in their first year of work to live on for life. Doesn't that make you feel better?

Use an ECM (1)

Sharpner (894049) | more than 5 years ago | (#24353461)

Admittedly, this is a suggestion that only a large, committed organization can implement, but it is sane:

Drag email worthy of retention into an Enterprise Content Management (ECM) system [wikipedia.org] .

You can find ECMs nowadays that are well integrated with your email client (and may even allow users to ignore that they are moving information out of Exchange). You can think of Exchange as merely a staging area for all incoming information; anything with long-term business value should be expected to end up in the ECM where it can be shared, portalized, linked to wikis or other knowledge management applications, filed by project or business area with related information in other content types, searched six ways to Sunday (Exchange is woeful at this), etc., etc.

If you're able to do this, then you shouldn't miss the other 95% (I'm pulling that figure out of the air), the dreck that's left behind in Exchange, when it's aged out and shredded.

If you're not able to do this, and you're trying to adapt your email repository as a long-term knowledge archive, at best you'll have an individual repository for yourself, not your team or your organization, that can't be easily shared or integrated with other related knowledge.

That's why you shouldn't mind the retention limits established in Exchange. As to why they should be established at all, consider that the organization has no business interest in maintaining a gigantic archive that is 95% worthless, poorly organized, poorly indexed, unsharable crap and that, if a legal discovery request ever does hit, will be an unbelievable burden to sift through. Plus, the retention deadline gives people an added incentive to move the valuable stuff into the valuable place.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...