Objective
The Email Creation & Retention Policy requires all users of company email to
manage and protect email communications as company records. The intent of this
policy implies that most email should be retained for 3 years or less. This
requirement includes email on company servers, laptop or desktop hard drives
and any other electronic media or peripheral device such as a CD, memory stick
or thumb drive. It also includes paper versions.
In an effort to measure compliance with this direction, Corporate Compliance
has been conducting a monthly analysis of the volume and age of Outlook
calendar and email items on company email servers. These items are categorized
into:
* Items that are 1 -3 years old
* Items that are > 3 years old
As a result of this analysis, Corporate Compliance has initiated an effort to
reduce the number of calendar and email items to ensure compliance with email
retention requirements. To give you a better understanding of these
requirements, here are some highlights from the Email Creation & Retention
Policy.
1. Email should only be retained on company equipment.
2. Email should be deleted as soon as it is no longer required.
3. Email should be retained based on its content, consistent with the company
retention policies. Email should be disposed of when the retention period is
complete.
4. If an email does not appear to be covered by a company record retention
policy, then the following retention applies. See the Email Creation &
Retention policy for more examples.
* Email in the "Sent" and "Deleted" items folders is automatically
deleted after 30 days from the date the items were created in the folder.
* Email of an informational nature, such as announcements, requiring no
follow-up or acknowledgement should be retained no more than 30 days.
* Email regarding day-to-day activities should be retained for no more
than a year. Many of these emails can be disposed of in less than a year when
the activity is completed. This type of email does not establish policy,
guidelines, or procedures or certify transaction.
* Email having potentially more value should be retained for no more than
three (3) years. Examples include general correspondence, monthly and weekly
reports, documents advising supervisors of various events, issues or status of
ongoing projects.
*
5. Destruction or disposal of email must cease when a non-destruction notice
is issued by the Law Department.
Benefits
You may be asking yourself "Why should this matter to me?" Here are some
reasons why this initiative is important:
1. Reduce resources and costs for email storage and backup
2. Enable SOX Compliance
3. Reduce discovery time and risks associated with legal matters
4. Comply with the Federal Rules of Civil Procedure by enforcing consistent
disposal practices
Some records are required to be kept for a certain time period based on legal
and governmental requirements. Once the time period is satisfied, the records
must be deleted. The basic guideline is that if a record is not needed, delete
it! However, a non-destruct order from Legal supersedes the above rules.
Jay Reische
Enterprise Exchange Administrator
Messaging, AD and DNS
Phone: 309-748-9422
reische...@johndeere.com
From: Mike Tellson [mailto:micha...@colonialsavings.com]
Sent: Wednesday, April 28, 2010 4:32 PM
To: MS-Exchange Admin Issues
Subject: Retention Policy
Management is considering changing what the current email retention policy
parameters are. Our current policy is to purge all messages older than X
days, but we do not restrict the use of PST files. This policy has encouraged
most employees create PST files. This effectively has made the retention
policy irrelevant. We are considering importing all PST data into an email
archive product (yet to be purchased) and disabling the ability to use PST
files. Because so many users do not comply with the existing policy we will
probably change the policy to something that the user base is more apt to
adhere to.
What are your retention policies set to? What is the reason why you chose the
settings you have in place?
