Table of contents
What is an Email Retention Policy?
An email retention policy (ERP) is a defined procedure prescribing how long emails should remain within an archiving solution before being erased. It is relied upon as a legal protection if proof of email communication is needed for a court case or to satisfy governmental regulations. An email retention policy should cover all emails sent or received by an organization, and contains criteria for how long emails should be stored and in what manner they should be removed from the email archive.
One important aspect of an email retention policy is automation of both archiving and deletion of any and all emails. meaning that emails should be removed from the system in a consistent manner without manual intervention. This serves as a protection against human error, and, in turn, decreases the risk of violating applicable laws and regulations.
Guidelines for a proper email retention policy
While all companies are different, there are certain key factors that can be used as guides towards setting up an ERP:
- Regulatory Compliance: Many companies have to conform to federal or state regulation, which requires them to provide emails during an investigation or even an audit.
- Legal Discovery: e-discovery is found within most federal and state statutes. Discovery, a major legal process within trials, lets attorneys ask for information relevant to a case and that may lead to the uncovering of important information relevant to the case. All parties in a lawsuit or criminal case must provide this information in the discovery portion at the beginning of the case.
- Knowledge Management: ERP’s allow for the maintenance of employee documents, such as personal information, financial statistics, payroll information, performance reviews, internal audits etc.
- Legal Holds: Even with an operational email retention policy, automatic deletion of archived emails can be a problem. The ability to hold emails will make sure that they are available for courts during a discovery phase in legal proceedings.
- Written ERP: A formal written policy will save time and money when an organization is under audit. An ERP can help guide the discovery phase of any legal proceeding.
- Retention Timespan: Long-term email retention policies increase the risk of security vulnerabilities or sensitive information being released. Long policies also increase exposure to legal examination. Short policies, on the other hand, can negatively affect productivity, especially with long-term employees and executives, who rely on old email chains to recollect past decisions. Also, short policies can possibly violate governmental/industry regulations that requires certain types of information to be held for a minimum period of time.