By Greg Smith
The Email Retention Dilemma
Creating an Email Retention Policy that works is tricky. Keeping too little information encourages email pack rats and puts legal teams at a disadvantage. Too much information drives up ediscovery costs while increasing potential liability. Hence, organizations seek the email retention Goldilocks zone where retention is just right.
There is no doubt that much of email consists of transient records that have no value and could be deleted. The issue comes down to ensuring that users make acceptable email deletion decisions.
The concern arises when the organization provides users with the ability to delete email that they consider worthless. Thus empowered, can all users be trusted to make the correct judgements and not purge sensitive or other records? For the organization, the solution dilemma lies between implementing a selective retention policy or a full retention policy.
Selective vs. Full Email Retention Policy
With selective retention, the policy allows users to choose what they keep and what to destroy outside of a finite minimum retention period. A full email retention policy dictates that users keep all email for a longer designated duration.
Consider the implications of choosing selective vs. full retention:
If you allow users to selectively retain and destroy data, you need to fully educate them on record types and what to delete and what to save. As a companywide user education program, it requires an auditing and monitoring component. The company must ensure compliance with policies and training directives for them to be effective.
Selective retention remains the utopia of retention policies. Many records management professionals would like to see this method implemented. However, most records management guides run 20 or more pages long. And email is generated at almost 500:1 greater frequency than documents. Therefore, it requires a lot of manual effort to properly classify.
Full retention provides the panacea many information technology departments seek. When faced with no resources to train, monitor or enforce retention policies, they know that disk space costs less than people. Indeed, it is much cheaper than the deployment and management of a regulated information selection and retention system.
Thus, most organizations adopt the save all stance to allow the IT department to cover their liabilities and minimize costs.
Seeking the Goldilocks Zone
Setting the duration that email must be kept resembles the quandary faced by the three bears.
If you keep too little information and place too many restrictions on retaining email, then you increase the risk that pack rats begin saving information in other areas. You also run the risk that under litigation, the opposition possesses much more evidence to bring to court than you.
Because email is pervasive, deleting it from your systems does not mean that it gets deleted from all the other systems to which it was sent. This puts legal teams at a disadvantage when faced with refuting email evidence.
If you keep too much information, then volumes of email data going back many years become available for eDiscovery. This increases the organization’s legal liability. In addition, keeping too much information slows your response to legal discovery, driving up eDiscovery costs.
The Goldilocks Zone
The “just right” policy keeps information long enough to satisfy your regulatory and legal requirements. It also discourages storage of email in external platforms. Policies in the Goldilocks zone strike a balance between what needs to be kept and what can be realistically destroyed with minimal impact.
Remember the content, which can be divided into 50 or more categories, dictates the retention period. Some business records, such as Board minutes, patents and certain contracts and agreements require permanent retention. Financial and personnel records range from 1 year for I9 forms to 40 years for medical and exposure records related to toxic substances.
Focus on What to Delete
Organizations looking to retain important data sometimes focus too much on what needs to be saved and for how long. Sometimes this approach is not conducive to email and worker productivity. They still need to define the maximum time to retain data. But a compromise approach to full retention seeks to define what can be deleted or what does not constitute a record.
For example, all subsequent messages in a thread if the full content is captured in the last message. Other disposable emails include acknowledgements, system messages, broadcast messages and personal messages. Again, implementing any type of selective retention policy should include the ability to audit or monitor to ensure compliance.
Write Your Email Retention Story
Messaging Architects helps organizations define and adopt a variety of email retention policies. We also provide the tools and capabilities to monitor and assess the content in the vast sea of information that makes up your email system. Whatever your choice, selective or full retention, we bring to bear excellent mechanisms and solutions to support either.