What To Know About E-Mail Archiving - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Information Management
Commentary
8/17/2004
01:10 PM
Commentary
Commentary
Commentary
50%
50%

What To Know About E-Mail Archiving

E-mail retention needs often conflict -- even among departments in the same company. A records management expert suggests seven steps to effective archiving.

When it comes to e-mail archiving practices, there is no shortage of advice. The trouble is, the guidance often conflicts, and one white paper's best practices are another expert's anathema. Even within one organization, perspectives on e-mail management can vary widely. The legal department sees e-mail as important to formulating its discovery response strategy. The IT shop has storage and security concerns. The compliance people have preservation and control issues. And end users want better access to e-mail to improve productivity. Reconciling the needs of all these constituencies makes it clear that one size seldom fits all in the world of e-mail.

Choosing the right course of action, then, is an important part of meeting compliance requirements, coping with the e-mail tsunami and being able to rely on e-mail records for evidentiary needs while also controlling costs. The key is to find common ground on which everyone can agree. Here's what to do:

E-Mail Archiving by the Book

Two publications will help explain issues and get your e-mail archiving programs off the ground: E-Mail Rules, by Nancy Flynn and Randolph Kahn, Esq., covers policies, security and legal issues surrounding e-mail in simple, conversational style. "Requirements for Managing Electronic Messages as Records" is a draft ANSI/ARMA International standard with recommended provisions for an electronic messaging policy. Both are available at www.arma.org.

1. Define what a message archive is. An e-mail archive is a repository kept in a non-production environment to provide secure retention of messages for compliance and operational purposes. It is not good policy to treat backups made for disaster recovery as archives. Trial attorneys note that companies that use backups to restore e-mails at users' request, or that keep backups for long periods of time, are more likely to have to search tapes in response to an opponent's discovery request. On the other hand, backups used solely for business continuity and routinely overwritten at short intervals — say, 90 days or less — have a fighting chance to be excluded from legal discovery. It makes sense to establish the difference between archives and backups in everyone's mind and in day-to-day practice.

2. Define which messages constitute business records. Not all messages are record quality. Transitory items, such as "thanks" messages, spam and employees' personal mail should not be kept. Besides the storage burden, e-mails that become part of federal investigations become publicly available: witness the 1.6 million Enron e-mails, many of them personal, now on the FERC Web site. Messages that are records generally pertain to business transactions, activities, operations, obligations or rights. It is these messages and their attachments that should be maintained in the archive.

3. Determine what content can and cannot be sent by e-mail. Most companies have determined that confidential, proprietary and attorney-client privileged information should not be conveyed or received via e-mail. Personal employee data, for example, can have privacy implications, particularly for firms that have subsidiaries or work with partners that operate in the European Union, where strict privacy rules are in place. The danger with proprietary or trade-secret information is that it can become public as part of patent or copyright infringement litigation. In some cases, attorney-client privilege can be lost if it is shown that the matter was disclosed to a third party, for example, through a cc on an e-mail.

4. Agree that retention is based on content, not age, size or employee role. First, recognize that e-mail is a transmission mechanism, not a unique record type with regard to retention. Message and attachment contents determine retention time according to predetermined schedules that govern all the company's records. Mailbox manager functionality that deletes messages based on message age and size is not compliant with required retention rules. Likewise, schemes that automatically save all e-mail based on the employee's job title are not a good idea. These are tantamount to labeling a physical box, "Jon Smith, VP of marketing" and storing that box long after Smith has left. It takes up valuable space, without hope of review, retrieval or disposal.

5. Recognize that native e-mail systems have little or no retention management functionality. Most e-mail systems retain messages on centrally controlled servers. Broad-brush e-mail deletion rules and mailbox size limitations often force users to file messages in personal folders on their hard drives (for example, as .pst files in Exchange) so that the messages remain accessible. Personal folders are problematic because they actually keep both .txt and .rtf versions of messages, requiring twice the storage space. Personal folders can also be password-protected, a potential problem if the password becomes unavailable when the person leaves.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
News
COVID-19: Using Data to Map Infections, Hospital Beds, and More
Jessica Davis, Senior Editor, Enterprise Apps,  3/25/2020
Commentary
Enterprise Guide to Robotic Process Automation
Cathleen Gagne, Managing Editor, InformationWeek,  3/23/2020
Slideshows
How Startup Innovation Can Help Enterprises Face COVID-19
Joao-Pierre S. Ruth, Senior Writer,  3/24/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
IT Careers: Tech Drives Constant Change
Advances in information technology and management concepts mean that IT professionals must update their skill sets, even their career goals on an almost yearly basis. In this IT Trend Report, experts share advice on how IT pros can keep up with this every-changing job market. Read it today!
Slideshows
Flash Poll