I have to agree with jack on this being a lost cause. I am not saying don't put restrictions in place but I am suggesting your time may be better focused elsewhere.
Is there a greater risk of a nefarious user or a frustrated user forwarding info to another location. I'm going to lean towards to later especially with a 60 day retention policy. Having dealt with out legal team on this issue and other similar things (i.e. MA PI Legislation). Legal will always attempt to go with the most restrictive policies. While they understand law, litigation, et al, they often don't understand technology or how end users work day to day. Some additional food for thought (you may have addressed these already) Are we being too restrictive? (The last thing you want to do is push users to work around policy and technical protections - this will only increase your risk from a security and legal perspective) How will we handle litigation holds/requests for everything? < So when a court requests everything, how are you going to get it, how will you turn off of Email Retention policies so evidence does not get discarded, and how will you manage the tracking of this process. < thing search (email, files, chat?. etc..), encryption, data/storage (that can be transferred elsewhere securely and easily). Policy - Is Company educating users on reasons behind, are users held accountable? Hope this helps Tim On Mon, Jan 17, 2011 at 12:57 PM, Robin Wood <[email protected]> wrote: > On 17 January 2011 15:40, Craig Freyman <[email protected]> wrote: >> Our lawyers are demanding a drastic change in the way we handle email at our >> company. This will be a huge change for our working culture here and I am >> anticipating major backlash from the users, but "It is what it is." I was >> hoping the pauldotcom list would think of ways around their policy. I'll >> have to develop controls to try and stop people from doing so. >> Here is what they want to do: >> Only keep 60 days of email, everything will be deleted on a rolling basis. >> You can choose to save specific emails to your home drive and that space >> will be capped. >> Putting my nefarious user hat on, these are the ways around the policy as I >> see it: >> >> Upload email to a dropbox type account. >> Saving to USB drives >> Accessing webmail from a non-company computer and saving it there >> CD Burning >> Forwarding to external email accounts IE gmail, hotmail >> Saving to other places on the network >> >> Anyone have any other ideas? > > A slight variation on what you've already said, forward to yourself at > the same inbox after it has been there for a while. That way the date > stamps would be wrong but you could forward the whole lot yourself > after 50 days then again after another 50.... > > Robin > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
