RE: Email retention

[John Aldrich]

Thanks, Erik. After kicking it around on this list for awhile, the consensus
of opinion was that I need to get legal involved and see what they
recommend. Unfortunately, we don’t host our own email at this time, so all
we have is PST files. Hopefully we'll have our own mail server by this time
next year (economy and carpet sales permitting. ) and this will be
more relevant then.


Thanks,
John Aldrich
IT Manager, 
Blueridge Carpet
706-276-2001, Ext. 2233





From: Erik Goldoff [mailto:egold...@gmail.com] 
Sent: Thursday, September 23, 2010 8:34 AM
To: NT System Admin Issues
Subject: Re: Email retention

1)  First check with your auditors to find out what your document retention
requirements are.  Likely, your HR department will have a 7 year, accounts
payable/receivable may have the same (or not), etc
2)  Then check with legal to see if a printed copy of all relevant email
satisfies your document retention requirements.  If so, then HR should
implement a policy to require printing 'emails of official record' so that
your email server backups are NOT the official record.  Otherwise you may
find yourself with a 7 year tape/backup retention which can be a real bitch
considering how fast technology standards evolve and change, not to mention
the cost of, and storeage of the media
On Tue, Sep 21, 2010 at 10:04 AM, John Aldrich
 wrote:
What's the standard for email retention for companies which are NOT publicly
traded? What's the SOX rules on email retention? I just helped one of our
managers open some Outlook data files dating back to 2007 which got me
thinking about the wisdom of retaining information that long and I wasn't
sure what the "norm" is for retaining that info.

Thanks...

Thanks,
John Aldrich
IT Manager,
Blueridge Carpet
706-276-2001, Ext. 2233



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Email retention

[Erik Goldoff]

1)  First check with your auditors to find out what your document retention
requirements are.  Likely, your HR department will have a 7 year, accounts
payable/receivable may have the same (or not), etc
2)  Then check with legal to see if a printed copy of all relevant email
satisfies your document retention requirements.  If so, then HR should
implement a policy to require printing 'emails of official record' so that
your email server backups are NOT the official record.  Otherwise you may
find yourself with a 7 year tape/backup retention which can be a real bitch
considering how fast technology standards evolve and change, not to mention
the cost of, and storeage of the media

On Tue, Sep 21, 2010 at 10:04 AM, John Aldrich  wrote:

> What's the standard for email retention for companies which are NOT
> publicly
> traded? What's the SOX rules on email retention? I just helped one of our
> managers open some Outlook data files dating back to 2007 which got me
> thinking about the wisdom of retaining information that long and I wasn't
> sure what the "norm" is for retaining that info.
>
> Thanks...
>
> Thanks,
> John Aldrich
> IT Manager,
> Blueridge Carpet
> 706-276-2001, Ext. 2233
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Email retention

[Jon Harris]

I can only think of one point that is in the OP's favor.  He does not have a
centralized control of the email server or the outside machines.  Only the
internal ones could he be forced to search.  Since the outside sales people
retain ownership of their machines he would have no control and I would
expect with a couple of minor changes to the aggreement for the outside mail
server he would only have to search the internal machines during
ediscovery.  Force the ISP to delete from the server any email marked as
read or downloaded and keep only those PST's that the company required for
auditing purposes via a backup script to a central store.

Jon

On Tue, Sep 21, 2010 at 3:26 PM, Andrew S. Baker  wrote:

> Having no policy puts you at the mercy of the opposing counsel.
>
> IOW, it's a bad strategy.   Define a policy, outline the penalties of
> compliance with the policy, and should some member in your organization
> attempt to subvert the policy, then deal with that as you would any other
> violation of corporate policy.
>
>
> *ASB *(My XeeSM Profile) <http://xeesm.com/AndrewBaker>
> *Exploiting Technology for Business Advantage...*
> * *
>  On Tue, Sep 21, 2010 at 2:28 PM, Bill Humphries wrote:
>
>>  My question would be, if you are in a small business, privately owned
>> company environment that doesn't host its own email, why would you get
>> lawyers involved and have a retention policy?  It is one thing to develop
>> policies if you have granular control over your email environment, but if
>> you just have some people POPing their email to local PST files from some
>> third-party hosted email system, actually enforcing a retention policy that
>> would stand up to judicial review is quite tenuous.
>>
>> If I was in that environment, my policy would be we have no policy, and if
>> for some reason your small business gets a discovery request, you can
>> provide what you have.  I don't want some judge threatening someone with
>> contempt if the company policy states that we maintain email for 90 days,
>> but I can't find a PST lurking somewhere or an employee loses a laptop that
>> had the only recent PST on it.
>>
>> Bill
>>
>>
>> William Robbins wrote:
>>
>> What "it"  are you going to tell exactly?  Even if you set their client to
>> do so, what's to keep the user from keeping their "archives" elsewhere?
>>
>> I guess the short of where I'm going is that PST is a very myopic answer
>> that will lead to a very obvious failure to comply.
>>
>>  - WJR
>>
>>
>> On Tue, Sep 21, 2010 at 11:25, John Aldrich > > wrote:
>>
>>> That's a good question... maybe tell it to auto-archive anything over a
>>> certain time and then once a month manually delete the archive PST? :-)
>>>
>>>
>>>
>>> From: William Robbins [mailto:dangerw...@gmail.com]
>>> Sent: Tuesday, September 21, 2010 12:08 PM
>>>  To: NT System Admin Issues
>>> Subject: Re: Email retention
>>>
>>> So how do you plan to enforce a policy for individual PST's?
>>>
>>>  - WJR
>>>
>>> On Tue, Sep 21, 2010 at 10:28, John Aldrich <
>>> jaldr...@blueridgecarpet.com>
>>> wrote:
>>> That's what I'm dealing with here... a bunch of individual PST files on
>>> everyone's PCs. Which is what got me to thinking about needing a formal
>>> retention policy.
>>>
>>>
>>>
>>> From: Roger Wright [mailto:rhw...@gmail.com]
>>> Sent: Tuesday, September 21, 2010 10:36 AM
>>> To: NT System Admin Issues
>>> Subject: Re: Email retention
>>> I'm working for a private firm with no formal retention policy.  Plus,
>>> due
>>> to limited server storage we have to function with PST files.  The big
>>> problem is that these all become searchable when lawyers require "all
>>> documentation."  What a pain!  A mail archiving system would be a Godsend
>>> but the executives have nixed the proposals so far.
>>>
>>>
>>> Roger Wright
>>> ___
>>>
>>> When it's GOOD there ain't nothin' like it, and when it's BAD there ain't
>>> nothin' like it!
>>>
>>>
>>> On Tue, Sep 21, 2010 at 10:29 AM, John Aldrich
>>>  wrote:
>>> Thanks. I'll advise my boss that we should seek legal guidance on that.
>>> :-)
>>>
>>>
>>> From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com]
>>> Sent: Tuesday

Re: Email retention

[Andrew S. Baker]

Having no policy puts you at the mercy of the opposing counsel.

IOW, it's a bad strategy.   Define a policy, outline the penalties of
compliance with the policy, and should some member in your organization
attempt to subvert the policy, then deal with that as you would any other
violation of corporate policy.


*ASB *(My XeeSM Profile) <http://XeeSM.com/AndrewBaker>
*Exploiting Technology for Business Advantage...*
* *
On Tue, Sep 21, 2010 at 2:28 PM, Bill Humphries wrote:

>  My question would be, if you are in a small business, privately owned
> company environment that doesn't host its own email, why would you get
> lawyers involved and have a retention policy?  It is one thing to develop
> policies if you have granular control over your email environment, but if
> you just have some people POPing their email to local PST files from some
> third-party hosted email system, actually enforcing a retention policy that
> would stand up to judicial review is quite tenuous.
>
> If I was in that environment, my policy would be we have no policy, and if
> for some reason your small business gets a discovery request, you can
> provide what you have.  I don't want some judge threatening someone with
> contempt if the company policy states that we maintain email for 90 days,
> but I can't find a PST lurking somewhere or an employee loses a laptop that
> had the only recent PST on it.
>
> Bill
>
>
> William Robbins wrote:
>
> What "it"  are you going to tell exactly?  Even if you set their client to
> do so, what's to keep the user from keeping their "archives" elsewhere?
>
> I guess the short of where I'm going is that PST is a very myopic answer
> that will lead to a very obvious failure to comply.
>
>  - WJR
>
>
> On Tue, Sep 21, 2010 at 11:25, John Aldrich 
> wrote:
>
>> That's a good question... maybe tell it to auto-archive anything over a
>> certain time and then once a month manually delete the archive PST? :-)
>>
>>
>>
>> From: William Robbins [mailto:dangerw...@gmail.com]
>> Sent: Tuesday, September 21, 2010 12:08 PM
>>  To: NT System Admin Issues
>> Subject: Re: Email retention
>>
>> So how do you plan to enforce a policy for individual PST's?
>>
>>  - WJR
>>
>> On Tue, Sep 21, 2010 at 10:28, John Aldrich > >
>> wrote:
>> That's what I'm dealing with here... a bunch of individual PST files on
>> everyone's PCs. Which is what got me to thinking about needing a formal
>> retention policy.
>>
>>
>>
>> From: Roger Wright [mailto:rhw...@gmail.com]
>> Sent: Tuesday, September 21, 2010 10:36 AM
>> To: NT System Admin Issues
>> Subject: Re: Email retention
>> I'm working for a private firm with no formal retention policy.  Plus, due
>> to limited server storage we have to function with PST files.  The big
>> problem is that these all become searchable when lawyers require "all
>> documentation."  What a pain!  A mail archiving system would be a Godsend
>> but the executives have nixed the proposals so far.
>>
>>
>> Roger Wright
>> ___
>>
>> When it's GOOD there ain't nothin' like it, and when it's BAD there ain't
>> nothin' like it!
>>
>>
>> On Tue, Sep 21, 2010 at 10:29 AM, John Aldrich
>>  wrote:
>> Thanks. I'll advise my boss that we should seek legal guidance on that.
>> :-)
>>
>>
>> From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com]
>> Sent: Tuesday, September 21, 2010 10:24 AM
>> To: NT System Admin Issues
>> Subject: RE: Email retention
>>
>> IANAL, however, I believe the sticking point may be (for private firms,
>> anyway) that if you ever find yourself in litigation, the lawyers will ask
>> what your formal retention policy is…
>>
>> If they find you on either side of that retention policy, you could be up
>> a
>> creek, because then they either blast you for not adhering to corporate
>> policy, or they say, “Well, since you have emails that are 120 days old,
>> even though your policy dictates 90 days, then you must certainly have
>> more
>> so, give us EVERYTHING.”
>>
>> If it were up to me, (HA!) I would get corporate counsel to give me a
>> guideline, formalize it as corporate policy, and stick to it.
>> Jonathan L. Raper, A+, MCSA, MCSE
>> Technology Coordinator
>> Eagle Physicians & Associates, PA
>> jra...@eaglemds.com
>> www.eaglemds.com
>> 
>> From: Don Guyer [mailto:don.gu...@prufox

Re: Email retention

[Angus Scott-Fleming]

On 21 Sep 2010 at 9:41, Bob Hartung  wrote:

> So much business is transacted through e-mail these days that a 90 day 
> retention policy seems impractical. If we tried to impose it here, I can 
> guarantee we'd have a revolt. Then if you forced it, people would start 
> squirreling away everything as hard copies and PDFs of e-mail, making it 
> just as difficult to search for it as documents as opposed to e-mails.

+1 ... I have clients whose email conversations with their clients often go 
back many years.  There is no way they would agree to a formal email retention 
policy that would result in them losing access to those conversations as they 
are often about ongoing projects or projects that get revived after a dormancy 
period.

> My recommendation to my management was to get a reasonable e-mail 
> archiving system that would make searching relatively easy and that the 
> impact of destroying valuable business communicatons in the interest of 
> avoiding the hassle of providing some e-mails in some possible future 
> lawsuit wouldn't make much sense in our case.
> 
> Philosophically, if you are found guilty at some point in the future, 
> either you are guilty (shame on you) or you have been wasting a lot of 
> money on your lawyers :^)

+1 except that no man (or company) can do business these days without falling 
afoul of some regulation.

--
Angus Scott-Fleming
GeoApps, Tucson, Arizona
1-520-290-5038
Security Blog: http://geoapps.com/





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Email retention

[William Robbins]

Quite right.  But that hadn't been in the cited plan.

 - WJR


On Tue, Sep 21, 2010 at 13:47, Michael B. Smith wrote:

>  Thus the reason why you can deploy GPOs that both prevent the creation of
> new PSTs and GPOs that prevent PSTs from even being opened.
>
> Sent from my HTC Tilt™ 2, a Windows® phone from AT&T
>
> --
> From: William Robbins 
> Sent: Tuesday, September 21, 2010 1:51 PM
> To: NT System Admin Issues 
> Subject: Re: Email retention
>
>  What "it"  are you going to tell exactly?  Even if you set their client
> to do so, what's to keep the user from keeping their "archives" elsewhere?
>
> I guess the short of where I'm going is that PST is a very myopic answer
> that will lead to a very obvious failure to comply.
>
>  - WJR
>
>
> On Tue, Sep 21, 2010 at 11:25, John Aldrich 
> wrote:
>
>> That's a good question... maybe tell it to auto-archive anything over a
>> certain time and then once a month manually delete the archive PST? :-)
>>
>>
>>
>> From: William Robbins [mailto:dangerw...@gmail.com]
>> Sent: Tuesday, September 21, 2010 12:08 PM
>>  To: NT System Admin Issues
>> Subject: Re: Email retention
>>
>> So how do you plan to enforce a policy for individual PST's?
>>
>>  - WJR
>>
>> On Tue, Sep 21, 2010 at 10:28, John Aldrich > >
>> wrote:
>> That's what I'm dealing with here... a bunch of individual PST files on
>> everyone's PCs. Which is what got me to thinking about needing a formal
>> retention policy.
>>
>>
>>
>> From: Roger Wright [mailto:rhw...@gmail.com]
>> Sent: Tuesday, September 21, 2010 10:36 AM
>> To: NT System Admin Issues
>> Subject: Re: Email retention
>> I'm working for a private firm with no formal retention policy.  Plus, due
>> to limited server storage we have to function with PST files.  The big
>> problem is that these all become searchable when lawyers require "all
>> documentation."  What a pain!  A mail archiving system would be a Godsend
>> but the executives have nixed the proposals so far.
>>
>>
>> Roger Wright
>> ___
>>
>> When it's GOOD there ain't nothin' like it, and when it's BAD there ain't
>> nothin' like it!
>>
>>
>> On Tue, Sep 21, 2010 at 10:29 AM, John Aldrich
>>  wrote:
>> Thanks. I'll advise my boss that we should seek legal guidance on that.
>> :-)
>>
>>
>> From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com]
>> Sent: Tuesday, September 21, 2010 10:24 AM
>> To: NT System Admin Issues
>> Subject: RE: Email retention
>>
>> IANAL, however, I believe the sticking point may be (for private firms,
>> anyway) that if you ever find yourself in litigation, the lawyers will ask
>> what your formal retention policy is…
>>
>> If they find you on either side of that retention policy, you could be up
>> a
>> creek, because then they either blast you for not adhering to corporate
>> policy, or they say, “Well, since you have emails that are 120 days old,
>> even though your policy dictates 90 days, then you must certainly have
>> more
>> so, give us EVERYTHING.”
>>
>> If it were up to me, (HA!) I would get corporate counsel to give me a
>> guideline, formalize it as corporate policy, and stick to it.
>> Jonathan L. Raper, A+, MCSA, MCSE
>> Technology Coordinator
>> Eagle Physicians & Associates, PA
>> jra...@eaglemds.com
>> www.eaglemds.com
>> ________
>> From: Don Guyer [mailto:don.gu...@prufoxroach.com]
>> Sent: Tuesday, September 21, 2010 10:16 AM
>> To: NT System Admin Issues
>> Subject: RE: Email retention
>>
>> I believe we keep 6 months on tape, latest 2 weeks on SAN.
>>
>> Don Guyer
>> Systems Engineer - Information Services
>> Prudential, Fox & Roach/Trident Group
>> 431 W. Lancaster Avenue
>> Devon, PA 19333
>> Direct: (610) 993-3299
>> Fax: (610) 650-5306
>> don.gu...@prufoxroach.com
>> From: Jeff Brown [mailto:2jbr...@gmail.com]
>> Sent: Tuesday, September 21, 2010 10:14 AM
>> To: NT System Admin Issues
>> Subject: Re: Email retention
>>
>> Our owner wanted 30 days to be standard retention policy for email.
>>  Lawyers
>> said 90.  We keep everything 90 days.
>> On Tue, Sep 21, 2010 at 9:09 AM, Jonathan Link 
>> wrote:
>> There is no standard, it's determined by business requriements and
>> regulatory req

RE: Email retention

[Michael B. Smith]

In your business that's just scary.

Sent from my HTC Tilt™ 2, a Windows® phone from AT&T

-Original Message-
From: Jacob 
Sent: Tuesday, September 21, 2010 10:59 AM
To: NT System Admin Issues 
Subject: RE: Email retention


We archive six months worth.


-Original Message-
From: John Aldrich [mailto:jaldr...@blueridgecarpet.com]
Sent: Tuesday, September 21, 2010 7:05 AM
To: NT System Admin Issues
Subject: Email retention

What's the standard for email retention for companies which are NOT publicly
traded? What's the SOX rules on email retention? I just helped one of our
managers open some Outlook data files dating back to 2007 which got me
thinking about the wisdom of retaining information that long and I wasn't
sure what the "norm" is for retaining that info.

Thanks...

Thanks,
John Aldrich
IT Manager,
Blueridge Carpet
706-276-2001, Ext. 2233



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Email retention

[Jeff Steward]

You seem to be missing the point that without a centralized mail system that
can automate policy you will actually be *worse* off with a policy that you
can't enforce than having no policy at all.

-Jeff Steward

On Tue, Sep 21, 2010 at 2:38 PM, John Aldrich
wrote:

> Well, I'm catching up, because I apparently overlooked William Robbins'
> email question. My statement was I would tell "it" (i.e. Outlook) to move
> everything over whatever time period to an "archive" PST and then delete
> that PST once a month or whatever through a batchfile or whatever
> Obviously I don't have all the answers.
>
> As for Bill Humphries' question of why would we even HAVE a retention
> policy, it seems to me that it makes good business sense to not have too
> much data available in the (hopefully unlikely) event that we get sued over
> something. Knowing our litigious society, it seems like everyone gets sued
> over SOMETHING eventually. (Note: slight exaggeration for emphasis/effect.)
>
>
>
> From: Bill Humphries [mailto:nt...@hedgedigger.com]
> Sent: Tuesday, September 21, 2010 2:28 PM
> To: NT System Admin Issues
> Subject: Re: Email retention
>
> My question would be, if you are in a small business, privately owned
> company environment that doesn't host its own email, why would you get
> lawyers involved and have a retention policy?  It is one thing to develop
> policies if you have granular control over your email environment, but if
> you just have some people POPing their email to local PST files from some
> third-party hosted email system, actually enforcing a retention policy that
> would stand up to judicial review is quite tenuous.
>
> If I was in that environment, my policy would be we have no policy, and if
> for some reason your small business gets a discovery request, you can
> provide what you have.  I don't want some judge threatening someone with
> contempt if the company policy states that we maintain email for 90 days,
> but I can't find a PST lurking somewhere or an employee loses a laptop that
> had the only recent PST on it.
>
> Bill
>
> William Robbins wrote:
> What "it"  are you going to tell exactly?  Even if you set their client to
> do so, what's to keep the user from keeping their "archives" elsewhere?
>
> I guess the short of where I'm going is that PST is a very myopic answer
> that will lead to a very obvious failure to comply.
>
>  - WJR
>
> On Tue, Sep 21, 2010 at 11:25, John Aldrich 
> wrote:
> That's a good question... maybe tell it to auto-archive anything over a
> certain time and then once a month manually delete the archive PST? :-)
>
>
>
> From: William Robbins [mailto:dangerw...@gmail.com]
> Sent: Tuesday, September 21, 2010 12:08 PM
> To: NT System Admin Issues
> Subject: Re: Email retention
>
> So how do you plan to enforce a policy for individual PST's?
>
>  - WJR
>
> On Tue, Sep 21, 2010 at 10:28, John Aldrich 
> wrote:
> That's what I'm dealing with here... a bunch of individual PST files on
> everyone's PCs. Which is what got me to thinking about needing a formal
> retention policy.
>
>
>
> From: Roger Wright [mailto:rhw...@gmail.com]
> Sent: Tuesday, September 21, 2010 10:36 AM
> To: NT System Admin Issues
> Subject: Re: Email retention
> I'm working for a private firm with no formal retention policy.  Plus, due
> to limited server storage we have to function with PST files.  The big
> problem is that these all become searchable when lawyers require "all
> documentation."  What a pain!  A mail archiving system would be a Godsend
> but the executives have nixed the proposals so far.
>
>
> Roger Wright
> ___
>
> When it's GOOD there ain't nothin' like it, and when it's BAD there ain't
> nothin' like it!
>
>
> On Tue, Sep 21, 2010 at 10:29 AM, John Aldrich
>  wrote:
> Thanks. I'll advise my boss that we should seek legal guidance on that. :-)
>
>
> From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com]
> Sent: Tuesday, September 21, 2010 10:24 AM
> To: NT System Admin Issues
> Subject: RE: Email retention
>
> IANAL, however, I believe the sticking point may be (for private firms,
> anyway) that if you ever find yourself in litigation, the lawyers will ask
> what your formal retention policy is…
>
> If they find you on either side of that retention policy, you could be up a
> creek, because then they either blast you for not adhering to corporate
> policy, or they say, “Well, since you have emails that are 120 days old,
> even though your policy dictates 90 days, then you must certainly ha

RE: Email retention

[Michael B. Smith]

Thus the reason why you can deploy GPOs that both prevent the creation of new 
PSTs and GPOs that prevent PSTs from even being opened.

Sent from my HTC Tilt™ 2, a Windows® phone from AT&T


From: William Robbins 
Sent: Tuesday, September 21, 2010 1:51 PM
To: NT System Admin Issues 
Subject: Re: Email retention

What "it"  are you going to tell exactly?  Even if you set their client to do 
so, what's to keep the user from keeping their "archives" elsewhere?

I guess the short of where I'm going is that PST is a very myopic answer that 
will lead to a very obvious failure to comply.

 - WJR


On Tue, Sep 21, 2010 at 11:25, John Aldrich 
mailto:jaldr...@blueridgecarpet.com>> wrote:
That's a good question... maybe tell it to auto-archive anything over a
certain time and then once a month manually delete the archive PST? :-)



From: William Robbins [mailto:dangerw...@gmail.com<mailto:dangerw...@gmail.com>]
Sent: Tuesday, September 21, 2010 12:08 PM
To: NT System Admin Issues
Subject: Re: Email retention

So how do you plan to enforce a policy for individual PST's?

 - WJR

On Tue, Sep 21, 2010 at 10:28, John Aldrich 
mailto:jaldr...@blueridgecarpet.com>>
wrote:
That's what I'm dealing with here... a bunch of individual PST files on
everyone's PCs. Which is what got me to thinking about needing a formal
retention policy.



From: Roger Wright [mailto:rhw...@gmail.com<mailto:rhw...@gmail.com>]
Sent: Tuesday, September 21, 2010 10:36 AM
To: NT System Admin Issues
Subject: Re: Email retention
I'm working for a private firm with no formal retention policy.  Plus, due
to limited server storage we have to function with PST files.  The big
problem is that these all become searchable when lawyers require "all
documentation."  What a pain!  A mail archiving system would be a Godsend
but the executives have nixed the proposals so far.


Roger Wright
___

When it's GOOD there ain't nothin' like it, and when it's BAD there ain't
nothin' like it!


On Tue, Sep 21, 2010 at 10:29 AM, John Aldrich
mailto:jaldr...@blueridgecarpet.com>> wrote:
Thanks. I'll advise my boss that we should seek legal guidance on that. :-)


From: Raper, Jonathan - Eagle 
[mailto:jra...@eaglemds.com<mailto:jra...@eaglemds.com>]
Sent: Tuesday, September 21, 2010 10:24 AM
To: NT System Admin Issues
Subject: RE: Email retention

IANAL, however, I believe the sticking point may be (for private firms,
anyway) that if you ever find yourself in litigation, the lawyers will ask
what your formal retention policy is…

If they find you on either side of that retention policy, you could be up a
creek, because then they either blast you for not adhering to corporate
policy, or they say, “Well, since you have emails that are 120 days old,
even though your policy dictates 90 days, then you must certainly have more
so, give us EVERYTHING.”

If it were up to me, (HA!) I would get corporate counsel to give me a
guideline, formalize it as corporate policy, and stick to it.
Jonathan L. Raper, A+, MCSA, MCSE
Technology Coordinator
Eagle Physicians & Associates, PA
jra...@eaglemds.com<mailto:jra...@eaglemds.com>
www.eaglemds.com<http://www.eaglemds.com>

From: Don Guyer 
[mailto:don.gu...@prufoxroach.com<mailto:don.gu...@prufoxroach.com>]
Sent: Tuesday, September 21, 2010 10:16 AM
To: NT System Admin Issues
Subject: RE: Email retention

I believe we keep 6 months on tape, latest 2 weeks on SAN.

Don Guyer
Systems Engineer - Information Services
Prudential, Fox & Roach/Trident Group
431 W. Lancaster Avenue
Devon, PA 19333
Direct: (610) 993-3299
Fax: (610) 650-5306
don.gu...@prufoxroach.com<mailto:don.gu...@prufoxroach.com>
From: Jeff Brown [mailto:2jbr...@gmail.com<mailto:2jbr...@gmail.com>]
Sent: Tuesday, September 21, 2010 10:14 AM
To: NT System Admin Issues
Subject: Re: Email retention

Our owner wanted 30 days to be standard retention policy for email.  Lawyers
said 90.  We keep everything 90 days.
On Tue, Sep 21, 2010 at 9:09 AM, Jonathan Link 
mailto:jonathan.l...@gmail.com>>
wrote:
There is no standard, it's determined by business requriements and
regulatory requirements for your industry.
SOX rules are for publicly traded companies, so you're asking contradictory
questions.



On Tue, Sep 21, 2010 at 10:04 AM, John Aldrich
mailto:jaldr...@blueridgecarpet.com>> wrote:
What's the standard for email retention for companies which are NOT publicly
traded? What's the SOX rules on email retention? I just helped one of our
managers open some Outlook data files dating back to 2007 which got me
thinking about the wisdom of retaining information that long and I wasn't
sure what the "norm" is for retaining that info.

Thanks...

Thanks,
John Aldrich
IT Manager,
Bluerid

RE: Email retention

[John Aldrich]

Well, I'm catching up, because I apparently overlooked William Robbins'
email question. My statement was I would tell "it" (i.e. Outlook) to move
everything over whatever time period to an "archive" PST and then delete
that PST once a month or whatever through a batchfile or whatever
Obviously I don't have all the answers. 

As for Bill Humphries' question of why would we even HAVE a retention
policy, it seems to me that it makes good business sense to not have too
much data available in the (hopefully unlikely) event that we get sued over
something. Knowing our litigious society, it seems like everyone gets sued
over SOMETHING eventually. (Note: slight exaggeration for emphasis/effect.)



From: Bill Humphries [mailto:nt...@hedgedigger.com] 
Sent: Tuesday, September 21, 2010 2:28 PM
To: NT System Admin Issues
Subject: Re: Email retention

My question would be, if you are in a small business, privately owned
company environment that doesn't host its own email, why would you get
lawyers involved and have a retention policy?  It is one thing to develop
policies if you have granular control over your email environment, but if
you just have some people POPing their email to local PST files from some
third-party hosted email system, actually enforcing a retention policy that
would stand up to judicial review is quite tenuous.  

If I was in that environment, my policy would be we have no policy, and if
for some reason your small business gets a discovery request, you can
provide what you have.  I don't want some judge threatening someone with
contempt if the company policy states that we maintain email for 90 days,
but I can't find a PST lurking somewhere or an employee loses a laptop that
had the only recent PST on it.

Bill

William Robbins wrote: 
What "it"  are you going to tell exactly?  Even if you set their client to
do so, what's to keep the user from keeping their "archives" elsewhere?

I guess the short of where I'm going is that PST is a very myopic answer
that will lead to a very obvious failure to comply.

 - WJR

On Tue, Sep 21, 2010 at 11:25, John Aldrich 
wrote:
That's a good question... maybe tell it to auto-archive anything over a
certain time and then once a month manually delete the archive PST? :-)



From: William Robbins [mailto:dangerw...@gmail.com]
Sent: Tuesday, September 21, 2010 12:08 PM
To: NT System Admin Issues
Subject: Re: Email retention

So how do you plan to enforce a policy for individual PST's?

 - WJR

On Tue, Sep 21, 2010 at 10:28, John Aldrich 
wrote:
That's what I'm dealing with here... a bunch of individual PST files on
everyone's PCs. Which is what got me to thinking about needing a formal
retention policy.



From: Roger Wright [mailto:rhw...@gmail.com]
Sent: Tuesday, September 21, 2010 10:36 AM
To: NT System Admin Issues
Subject: Re: Email retention
I'm working for a private firm with no formal retention policy.  Plus, due
to limited server storage we have to function with PST files.  The big
problem is that these all become searchable when lawyers require "all
documentation."  What a pain!  A mail archiving system would be a Godsend
but the executives have nixed the proposals so far.


Roger Wright
___

When it's GOOD there ain't nothin' like it, and when it's BAD there ain't
nothin' like it!


On Tue, Sep 21, 2010 at 10:29 AM, John Aldrich
 wrote:
Thanks. I'll advise my boss that we should seek legal guidance on that. :-)


From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com]
Sent: Tuesday, September 21, 2010 10:24 AM
To: NT System Admin Issues
Subject: RE: Email retention

IANAL, however, I believe the sticking point may be (for private firms,
anyway) that if you ever find yourself in litigation, the lawyers will ask
what your formal retention policy is…

If they find you on either side of that retention policy, you could be up a
creek, because then they either blast you for not adhering to corporate
policy, or they say, “Well, since you have emails that are 120 days old,
even though your policy dictates 90 days, then you must certainly have more
so, give us EVERYTHING.”

If it were up to me, (HA!) I would get corporate counsel to give me a
guideline, formalize it as corporate policy, and stick to it.
Jonathan L. Raper, A+, MCSA, MCSE
Technology Coordinator
Eagle Physicians & Associates, PA
jra...@eaglemds.com
www.eaglemds.com
____________
From: Don Guyer [mailto:don.gu...@prufoxroach.com]
Sent: Tuesday, September 21, 2010 10:16 AM
To: NT System Admin Issues
Subject: RE: Email retention

I believe we keep 6 months on tape, latest 2 weeks on SAN.

Don Guyer
Systems Engineer - Information Services
Prudential, Fox & Roach/Trident Group
431 W. Lancaster Avenue
Devon, PA 19333
Direct: (610) 993-3299
Fax: (610) 650-5306
don.gu...@prufoxroach.com
From: Jeff Brow

Re: Email retention

[Bill Humphries]

My question would be, if you are in a small business, privately owned 
company environment that doesn't host its own email, why would you get 
lawyers involved and have a retention policy?  It is one thing to 
develop policies if you have granular control over your email 
environment, but if you just have some people POPing their email to 
local PST files from some third-party hosted email system, actually 
enforcing a retention policy that would stand up to judicial review is 
quite tenuous. 

If I was in that environment, my policy would be we have no policy, and 
if for some reason your small business gets a discovery request, you can 
provide what you have.  I don't want some judge threatening someone with 
contempt if the company policy states that we maintain email for 90 
days, but I can't find a PST lurking somewhere or an employee loses a 
laptop that had the only recent PST on it.

Bill

William Robbins wrote:
> What "it"  are you going to tell exactly?  Even if you set their 
> client to do so, what's to keep the user from keeping their "archives" 
> elsewhere?
>
> I guess the short of where I'm going is that PST is a very myopic 
> answer that will lead to a very obvious failure to comply.
>
>  - WJR
>
>
> On Tue, Sep 21, 2010 at 11:25, John Aldrich 
> mailto:jaldr...@blueridgecarpet.com>> 
> wrote:
>
> That's a good question... maybe tell it to auto-archive anything
> over a
> certain time and then once a month manually delete the archive
> PST? :-)
>
>
>
> From: William Robbins [mailto:dangerw...@gmail.com
> <mailto:dangerw...@gmail.com>]
> Sent: Tuesday, September 21, 2010 12:08 PM
> To: NT System Admin Issues
> Subject: Re: Email retention
>
> So how do you plan to enforce a policy for individual PST's?
>
>  - WJR
>
> On Tue, Sep 21, 2010 at 10:28, John Aldrich
> mailto:jaldr...@blueridgecarpet.com>>
> wrote:
> That's what I'm dealing with here... a bunch of individual PST
> files on
> everyone's PCs. Which is what got me to thinking about needing a
> formal
>     retention policy.
>
>
>
> From: Roger Wright [mailto:rhw...@gmail.com <mailto:rhw...@gmail.com>]
> Sent: Tuesday, September 21, 2010 10:36 AM
> To: NT System Admin Issues
> Subject: Re: Email retention
> I'm working for a private firm with no formal retention policy.
>  Plus, due
> to limited server storage we have to function with PST files.  The big
> problem is that these all become searchable when lawyers require "all
> documentation."  What a pain!  A mail archiving system would be a
> Godsend
> but the executives have nixed the proposals so far.
>
>
> Roger Wright
> ___
>
> When it's GOOD there ain't nothin' like it, and when it's BAD
> there ain't
> nothin' like it!
>
>
> On Tue, Sep 21, 2010 at 10:29 AM, John Aldrich
>  <mailto:jaldr...@blueridgecarpet.com>> wrote:
> Thanks. I'll advise my boss that we should seek legal guidance on
> that. :-)
>
>
> From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com
> <mailto:jra...@eaglemds.com>]
> Sent: Tuesday, September 21, 2010 10:24 AM
> To: NT System Admin Issues
> Subject: RE: Email retention
>
> IANAL, however, I believe the sticking point may be (for private
> firms,
> anyway) that if you ever find yourself in litigation, the lawyers
> will ask
> what your formal retention policy is…
>
> If they find you on either side of that retention policy, you
> could be up a
> creek, because then they either blast you for not adhering to
> corporate
> policy, or they say, “Well, since you have emails that are 120
> days old,
> even though your policy dictates 90 days, then you must certainly
> have more
> so, give us EVERYTHING.”
>
> If it were up to me, (HA!) I would get corporate counsel to give me a
> guideline, formalize it as corporate policy, and stick to it.
> Jonathan L. Raper, A+, MCSA, MCSE
> Technology Coordinator
> Eagle Physicians & Associates, PA
> jra...@eaglemds.com <mailto:jra...@eaglemds.com>
> www.eaglemds.com <http://www.eaglemds.com>
> 
> From: Don Guyer [mailto:don.gu...@prufoxroach.com
> <mailto:don.gu...@prufoxroach.com>]
> Sent: Tuesday, September 21, 2010 10:16 AM
> To: NT System Admin Issues
> Subject: RE: Email retention
>
> I believe we keep 

Re: Email retention

[William Robbins]

What "it"  are you going to tell exactly?  Even if you set their client to
do so, what's to keep the user from keeping their "archives" elsewhere?

I guess the short of where I'm going is that PST is a very myopic answer
that will lead to a very obvious failure to comply.

 - WJR


On Tue, Sep 21, 2010 at 11:25, John Aldrich wrote:

> That's a good question... maybe tell it to auto-archive anything over a
> certain time and then once a month manually delete the archive PST? :-)
>
>
>
> From: William Robbins [mailto:dangerw...@gmail.com]
> Sent: Tuesday, September 21, 2010 12:08 PM
> To: NT System Admin Issues
> Subject: Re: Email retention
>
> So how do you plan to enforce a policy for individual PST's?
>
>  - WJR
>
> On Tue, Sep 21, 2010 at 10:28, John Aldrich 
> wrote:
> That's what I'm dealing with here... a bunch of individual PST files on
> everyone's PCs. Which is what got me to thinking about needing a formal
> retention policy.
>
>
>
> From: Roger Wright [mailto:rhw...@gmail.com]
> Sent: Tuesday, September 21, 2010 10:36 AM
> To: NT System Admin Issues
> Subject: Re: Email retention
> I'm working for a private firm with no formal retention policy.  Plus, due
> to limited server storage we have to function with PST files.  The big
> problem is that these all become searchable when lawyers require "all
> documentation."  What a pain!  A mail archiving system would be a Godsend
> but the executives have nixed the proposals so far.
>
>
> Roger Wright
> ___
>
> When it's GOOD there ain't nothin' like it, and when it's BAD there ain't
> nothin' like it!
>
>
> On Tue, Sep 21, 2010 at 10:29 AM, John Aldrich
>  wrote:
> Thanks. I'll advise my boss that we should seek legal guidance on that. :-)
>
>
> From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com]
> Sent: Tuesday, September 21, 2010 10:24 AM
> To: NT System Admin Issues
> Subject: RE: Email retention
>
> IANAL, however, I believe the sticking point may be (for private firms,
> anyway) that if you ever find yourself in litigation, the lawyers will ask
> what your formal retention policy is…
>
> If they find you on either side of that retention policy, you could be up a
> creek, because then they either blast you for not adhering to corporate
> policy, or they say, “Well, since you have emails that are 120 days old,
> even though your policy dictates 90 days, then you must certainly have more
> so, give us EVERYTHING.”
>
> If it were up to me, (HA!) I would get corporate counsel to give me a
> guideline, formalize it as corporate policy, and stick to it.
> Jonathan L. Raper, A+, MCSA, MCSE
> Technology Coordinator
> Eagle Physicians & Associates, PA
> jra...@eaglemds.com
> www.eaglemds.com
> 
> From: Don Guyer [mailto:don.gu...@prufoxroach.com]
> Sent: Tuesday, September 21, 2010 10:16 AM
> To: NT System Admin Issues
> Subject: RE: Email retention
>
> I believe we keep 6 months on tape, latest 2 weeks on SAN.
>
> Don Guyer
> Systems Engineer - Information Services
> Prudential, Fox & Roach/Trident Group
> 431 W. Lancaster Avenue
> Devon, PA 19333
> Direct: (610) 993-3299
> Fax: (610) 650-5306
> don.gu...@prufoxroach.com
> From: Jeff Brown [mailto:2jbr...@gmail.com]
> Sent: Tuesday, September 21, 2010 10:14 AM
> To: NT System Admin Issues
> Subject: Re: Email retention
>
> Our owner wanted 30 days to be standard retention policy for email.
>  Lawyers
> said 90.  We keep everything 90 days.
> On Tue, Sep 21, 2010 at 9:09 AM, Jonathan Link 
> wrote:
> There is no standard, it's determined by business requriements and
> regulatory requirements for your industry.
> SOX rules are for publicly traded companies, so you're asking contradictory
> questions.
>
>
>
> On Tue, Sep 21, 2010 at 10:04 AM, John Aldrich
>  wrote:
> What's the standard for email retention for companies which are NOT
> publicly
> traded? What's the SOX rules on email retention? I just helped one of our
> managers open some Outlook data files dating back to 2007 which got me
> thinking about the wisdom of retaining information that long and I wasn't
> sure what the "norm" is for retaining that info.
>
> Thanks...
>
> Thanks,
> John Aldrich
> IT Manager,
> Blueridge Carpet
> 706-276-2001, Ext. 2233
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.co

Re: Email retention

[Jon Harris]

I would add that in a case the John is talking about there should have been
signed documents kept in the employment folder of the employee detailing the
rules and showing that the employee read/agreed to abide by those rules.
Getting something in email is not proof of acceptance or even that it was
read.  Many people put rules into place that would mark as read and move
something like this to another folder.

Jon

On Tue, Sep 21, 2010 at 10:30 AM, Jonathan Link wrote:

> Well, you're mixing some vastly different problems.  Employee issues should
> be handled by management.  If there's communication regarding policies, that
> should again be handled by management.  I generate our IT policies, pass
> them onto management, discuss and refine said policies with it, and then I'm
> out of it.  Communication of policies to employees should only be done by
> management, and in a sufficiently large organization, by the designated
> department heads.  Email is also a poor way of documenting said
> communication.  There should be a signed note from the employee where the
> employee acknowledges that he has read and understands the policy.  If
> you're thinking of using email retention is to sovle this problem, it's
> poorly suited.
>
> You need to start a dialogue with your management about the risks and
> costs of unlimited email retention, as well as proposed solutions.
>  On Tue, Sep 21, 2010 at 10:19 AM, John Aldrich <
> jaldr...@blueridgecarpet.com> wrote:
>
>> Wow! That's not long at all
>> The reason I was asking about SOX requirements was that I thought we could
>> "pretend" we were publicly traded and go by those rules. It wouldn't
>> surprise me if congress mandates SOX or something like it for *everyone*
>> eventually, publicly traded companies or not.
>>
>> I know that some of our sales managers have come to me after we've let a
>> sales rep go and the sales rep has challenged the termination, and the
>> manager wants anything I have sent to the sales rep regarding IT policies,
>> etc since I've been here (3 years now.)
>>
>> IANAL, but I do know that it's better to have a stated company policy on
>> email retention than to have ad-hoc email retention on an individual
>> basis.
>>
>>
>>  Thanks,
>> John Aldrich
>> IT Manager,
>> Blueridge Carpet
>> 706-276-2001, Ext. 2233
>>
>>
>>
>>
>>
>>
>> From: Jeff Brown [mailto:2jbr...@gmail.com]
>> Sent: Tuesday, September 21, 2010 10:14 AM
>> To: NT System Admin Issues
>> Subject: Re: Email retention
>>
>> Our owner wanted 30 days to be standard retention policy for email.
>>  Lawyers
>> said 90.  We keep everything 90 days.
>> On Tue, Sep 21, 2010 at 9:09 AM, Jonathan Link 
>> wrote:
>> There is no standard, it's determined by business requriements and
>> regulatory requirements for your industry.
>> SOX rules are for publicly traded companies, so you're asking
>> contradictory
>> questions.
>>
>>
>>
>> On Tue, Sep 21, 2010 at 10:04 AM, John Aldrich
>>  wrote:
>> What's the standard for email retention for companies which are NOT
>> publicly
>> traded? What's the SOX rules on email retention? I just helped one of our
>> managers open some Outlook data files dating back to 2007 which got me
>> thinking about the wisdom of retaining information that long and I wasn't
>> sure what the "norm" is for retaining that info.
>>
>> Thanks...
>>
>> Thanks,
>> John Aldrich
>> IT Manager,
>> Blueridge Carpet
>> 706-276-2001, Ext. 2233
>>
>>
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>>
>> ---
>> To mana

RE: Email retention

[John Aldrich]

That's a good question... maybe tell it to auto-archive anything over a
certain time and then once a month manually delete the archive PST? :-)



From: William Robbins [mailto:dangerw...@gmail.com] 
Sent: Tuesday, September 21, 2010 12:08 PM
To: NT System Admin Issues
Subject: Re: Email retention

So how do you plan to enforce a policy for individual PST's?

 - WJR

On Tue, Sep 21, 2010 at 10:28, John Aldrich 
wrote:
That's what I'm dealing with here... a bunch of individual PST files on
everyone's PCs. Which is what got me to thinking about needing a formal
retention policy.



From: Roger Wright [mailto:rhw...@gmail.com]
Sent: Tuesday, September 21, 2010 10:36 AM
To: NT System Admin Issues
Subject: Re: Email retention
I'm working for a private firm with no formal retention policy.  Plus, due
to limited server storage we have to function with PST files.  The big
problem is that these all become searchable when lawyers require "all
documentation."  What a pain!  A mail archiving system would be a Godsend
but the executives have nixed the proposals so far.


Roger Wright
___

When it's GOOD there ain't nothin' like it, and when it's BAD there ain't
nothin' like it!


On Tue, Sep 21, 2010 at 10:29 AM, John Aldrich
 wrote:
Thanks. I'll advise my boss that we should seek legal guidance on that. :-)


From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com]
Sent: Tuesday, September 21, 2010 10:24 AM
To: NT System Admin Issues
Subject: RE: Email retention

IANAL, however, I believe the sticking point may be (for private firms,
anyway) that if you ever find yourself in litigation, the lawyers will ask
what your formal retention policy is…

If they find you on either side of that retention policy, you could be up a
creek, because then they either blast you for not adhering to corporate
policy, or they say, “Well, since you have emails that are 120 days old,
even though your policy dictates 90 days, then you must certainly have more
so, give us EVERYTHING.”

If it were up to me, (HA!) I would get corporate counsel to give me a
guideline, formalize it as corporate policy, and stick to it.
Jonathan L. Raper, A+, MCSA, MCSE
Technology Coordinator
Eagle Physicians & Associates, PA
jra...@eaglemds.com
www.eaglemds.com

From: Don Guyer [mailto:don.gu...@prufoxroach.com]
Sent: Tuesday, September 21, 2010 10:16 AM
To: NT System Admin Issues
Subject: RE: Email retention

I believe we keep 6 months on tape, latest 2 weeks on SAN.

Don Guyer
Systems Engineer - Information Services
Prudential, Fox & Roach/Trident Group
431 W. Lancaster Avenue
Devon, PA 19333
Direct: (610) 993-3299
Fax: (610) 650-5306
don.gu...@prufoxroach.com
From: Jeff Brown [mailto:2jbr...@gmail.com]
Sent: Tuesday, September 21, 2010 10:14 AM
To: NT System Admin Issues
Subject: Re: Email retention

Our owner wanted 30 days to be standard retention policy for email.  Lawyers
said 90.  We keep everything 90 days. 
On Tue, Sep 21, 2010 at 9:09 AM, Jonathan Link 
wrote:
There is no standard, it's determined by business requriements and
regulatory requirements for your industry.
SOX rules are for publicly traded companies, so you're asking contradictory
questions.


 
On Tue, Sep 21, 2010 at 10:04 AM, John Aldrich
 wrote:
What's the standard for email retention for companies which are NOT publicly
traded? What's the SOX rules on email retention? I just helped one of our
managers open some Outlook data files dating back to 2007 which got me
thinking about the wisdom of retaining information that long and I wasn't
sure what the "norm" is for retaining that info.

Thanks...

Thanks,
John Aldrich
IT Manager,
Blueridge Carpet
706-276-2001, Ext. 2233



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscript

Re: Email retention

[William Robbins]

So how do you plan to enforce a policy for individual PST's?

 - WJR


On Tue, Sep 21, 2010 at 10:28, John Aldrich wrote:

> That's what I'm dealing with here... a bunch of individual PST files on
> everyone's PCs. Which is what got me to thinking about needing a formal
> retention policy.
>
>
>
> From: Roger Wright [mailto:rhw...@gmail.com]
> Sent: Tuesday, September 21, 2010 10:36 AM
> To: NT System Admin Issues
> Subject: Re: Email retention
>
> I'm working for a private firm with no formal retention policy.  Plus, due
> to limited server storage we have to function with PST files.  The big
> problem is that these all become searchable when lawyers require "all
> documentation."  What a pain!  A mail archiving system would be a Godsend
> but the executives have nixed the proposals so far.
>
>
> Roger Wright
> ___
>
> When it's GOOD there ain't nothin' like it, and when it's BAD there ain't
> nothin' like it!
>
>
>
> On Tue, Sep 21, 2010 at 10:29 AM, John Aldrich
>  wrote:
> Thanks. I'll advise my boss that we should seek legal guidance on that. :-)
>
>
>
> From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com]
> Sent: Tuesday, September 21, 2010 10:24 AM
> To: NT System Admin Issues
> Subject: RE: Email retention
>
> IANAL, however, I believe the sticking point may be (for private firms,
> anyway) that if you ever find yourself in litigation, the lawyers will ask
> what your formal retention policy is…
>
> If they find you on either side of that retention policy, you could be up a
> creek, because then they either blast you for not adhering to corporate
> policy, or they say, “Well, since you have emails that are 120 days old,
> even though your policy dictates 90 days, then you must certainly have more
> so, give us EVERYTHING.”
>
> If it were up to me, (HA!) I would get corporate counsel to give me a
> guideline, formalize it as corporate policy, and stick to it.
> Jonathan L. Raper, A+, MCSA, MCSE
> Technology Coordinator
> Eagle Physicians & Associates, PA
> jra...@eaglemds.com
> www.eaglemds.com
> 
> From: Don Guyer [mailto:don.gu...@prufoxroach.com]
> Sent: Tuesday, September 21, 2010 10:16 AM
> To: NT System Admin Issues
> Subject: RE: Email retention
>
> I believe we keep 6 months on tape, latest 2 weeks on SAN.
>
> Don Guyer
> Systems Engineer - Information Services
> Prudential, Fox & Roach/Trident Group
> 431 W. Lancaster Avenue
> Devon, PA 19333
> Direct: (610) 993-3299
> Fax: (610) 650-5306
> don.gu...@prufoxroach.com
>
> From: Jeff Brown [mailto:2jbr...@gmail.com]
> Sent: Tuesday, September 21, 2010 10:14 AM
> To: NT System Admin Issues
> Subject: Re: Email retention
>
> Our owner wanted 30 days to be standard retention policy for email.
>  Lawyers
> said 90.  We keep everything 90 days.
> On Tue, Sep 21, 2010 at 9:09 AM, Jonathan Link 
> wrote:
> There is no standard, it's determined by business requriements and
> regulatory requirements for your industry.
> SOX rules are for publicly traded companies, so you're asking contradictory
> questions.
>
>
>
> On Tue, Sep 21, 2010 at 10:04 AM, John Aldrich
>  wrote:
> What's the standard for email retention for companies which are NOT
> publicly
> traded? What's the SOX rules on email retention? I just helped one of our
> managers open some Outlook data files dating back to 2007 which got me
> thinking about the wisdom of retaining information that long and I wasn't
> sure what the "norm" is for retaining that info.
>
> Thanks...
>
> Thanks,
> John Aldrich
> IT Manager,
> Blueridge Carpet
> 706-276-2001, Ext. 2233
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> htt

RE: Email retention

[John Aldrich]

Well, it's been brought to the CFO's attention. He's my direct supervisor
and I think he took my concerns seriously. That being said, if we get sued
and the complainant's attorney wants ediscovery, he'll have a lot of PST
files to go through and maybe Management will think better of not having a
company policy on email retention. All I can do is make management aware of
my concerns. At this point I have made my concerns clear to two members of
management, one of whom is the CFO. Neither has dismissed this as nothing to
be concerned about, so hopefully they'll give this problem serious
consideration.



From: Jonathan Link [mailto:jonathan.l...@gmail.com] 
Sent: Tuesday, September 21, 2010 11:37 AM
To: NT System Admin Issues
Subject: Re: Email retention

If this is your action plan, expect it to go nowhere.  You need to get a
member of management excited about email retention.  You need a champion
with a seat at the table, otherwise this goes nowhere.  Simpling handing
this off to management without education and without passion behind it is
certain doom.  I speak from experience.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Email retention

[Jonathan Link]

If this is your action plan, expect it to go nowhere.  You need to get a
member of management excited about email retention.  You need a champion
with a seat at the table, otherwise this goes nowhere.  Simpling handing
this off to management without education and without passion behind it is
certain doom.  I speak from experience.

On Tue, Sep 21, 2010 at 11:32 AM, John Aldrich  wrote:

> Sounds like a plan to me. I'll start advising the individual managers that
> their sales reps are filling up their email boxes and if they don’t clear
> out some of the space, said sales rep won't be able to receive emails from
> customers or from the factory about sample requests, etc from their
> customer. :-) Thanks, Jonathan...
>
> And thanks to everyone who had something to input on this topic. Bottom
> line, I'm turning it over to Management with the recommendation that we ask
> the corporate attorneys for their recommendation on how long to retain
> emails. :-)
>
>
>
> From: Jonathan Link [mailto:jonathan.l...@gmail.com]
> Sent: Tuesday, September 21, 2010 11:30 AM
> To: NT System Admin Issues
> Subject: Re: Email retention
>
> All of what you're doing is employee management that should be the
> manager's
> responsibility.  You should be informing management that employees are
> wasting resources, or providing reports that indiciate whether or not
> employees are following policies.  Managers should be then following up
> with
> direct reports.  This is not a technical problem, it is a behavioral
> problem, which can be identified using technology and should be handled by
> managers.
>
>
>  ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Email retention

[John Aldrich]

Sounds like a plan to me. I'll start advising the individual managers that
their sales reps are filling up their email boxes and if they don’t clear
out some of the space, said sales rep won't be able to receive emails from
customers or from the factory about sample requests, etc from their
customer. :-) Thanks, Jonathan... 

And thanks to everyone who had something to input on this topic. Bottom
line, I'm turning it over to Management with the recommendation that we ask
the corporate attorneys for their recommendation on how long to retain
emails. :-)



From: Jonathan Link [mailto:jonathan.l...@gmail.com] 
Sent: Tuesday, September 21, 2010 11:30 AM
To: NT System Admin Issues
Subject: Re: Email retention

All of what you're doing is employee management that should be the manager's
responsibility.  You should be informing management that employees are
wasting resources, or providing reports that indiciate whether or not
employees are following policies.  Managers should be then following up with
direct reports.  This is not a technical problem, it is a behavioral
problem, which can be identified using technology and should be handled by
managers.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Email retention

[Jonathan Link]

All of what you're doing is employee management that should be the manager's
responsibility.  You should be informing management that employees are
wasting resources, or providing reports that indiciate whether or not
employees are following policies.  Managers should be then following up with
direct reports.  This is not a technical problem, it is a behavioral
problem, which can be identified using technology and should be handled by
managers.

On Tue, Sep 21, 2010 at 11:19 AM, John Aldrich  wrote:

> Well, I see what you're saying, but I've never actually MET most of our
> sales reps... :-) We're talking outside sales reps for whom I have no
> control over their computers, phones, etc. as that's not provided by the
> company. Mostly it's stuff like advising them that their email box is
> getting full because they use a "Smart Phone" and email is piling up on the
> POP3 server or they're having issues with getting their email set up and
> things like that. Or they haven't checked their voicemail in a month
> (supposed to check it several times per day, according to sales
> management.)
> Granted things like not checking voicemail/email regularly are up to
> management to enforce. I, however, have to deal with enforcing limits on
> email storage, and things like that. For things like that where I have no
> day-to-day contact with the outside sales rep in another state, I have to
> rely on email or calling their cell phone, etc.
>
>
>
> From: Jonathan Link [mailto:jonathan.l...@gmail.com]
> Sent: Tuesday, September 21, 2010 10:31 AM
> To: NT System Admin Issues
> Subject: Re: Email retention
>
> Well, you're mixing some vastly different problems.  Employee issues should
> be handled by management.  If there's communication regarding policies,
> that
> should again be handled by management.  I generate our IT policies, pass
> them onto management, discuss and refine said policies with it, and then
> I'm
> out of it.  Communication of policies to employees should only be done by
> management, and in a sufficiently large organization, by the designated
> department heads.  Email is also a poor way of documenting said
> communication.  There should be a signed note from the employee where the
> employee acknowledges that he has read and understands the policy.  If
> you're thinking of using email retention is to sovle this problem, it's
> poorly suited.
>
> You need to start a dialogue with your management about the risks and
> costs of unlimited email retention, as well as proposed solutions.
> On Tue, Sep 21, 2010 at 10:19 AM, John Aldrich
>  wrote:
> Wow! That's not long at all
> The reason I was asking about SOX requirements was that I thought we could
> "pretend" we were publicly traded and go by those rules. It wouldn't
> surprise me if congress mandates SOX or something like it for *everyone*
> eventually, publicly traded companies or not.
>
> I know that some of our sales managers have come to me after we've let a
> sales rep go and the sales rep has challenged the termination, and the
> manager wants anything I have sent to the sales rep regarding IT policies,
> etc since I've been here (3 years now.)
>
> IANAL, but I do know that it's better to have a stated company policy on
> email retention than to have ad-hoc email retention on an individual basis.
>
>
> Thanks,
> John Aldrich
> IT Manager,
> Blueridge Carpet
> 706-276-2001, Ext. 2233
>
>
>
>
>
>
> From: Jeff Brown [mailto:2jbr...@gmail.com]
> Sent: Tuesday, September 21, 2010 10:14 AM
> To: NT System Admin Issues
> Subject: Re: Email retention
>
> Our owner wanted 30 days to be standard retention policy for email.
>  Lawyers
> said 90.  We keep everything 90 days.
> On Tue, Sep 21, 2010 at 9:09 AM, Jonathan Link 
> wrote:
> There is no standard, it's determined by business requriements and
> regulatory requirements for your industry.
> SOX rules are for publicly traded companies, so you're asking contradictory
> questions.
>
>
>
> On Tue, Sep 21, 2010 at 10:04 AM, John Aldrich
>  wrote:
>  What's the standard for email retention for companies which are NOT
> publicly
> traded? What's the SOX rules on email retention? I just helped one of our
> managers open some Outlook data files dating back to 2007 which got me
> thinking about the wisdom of retaining information that long and I wasn't
> sure what the "norm" is for retaining that info.
>
> Thanks...
>
> Thanks,
> John Aldrich
> IT Manager,
> Blueridge Carpet
> 706-276-2001, Ext. 2233
>
>
>
> ~ Finally, powerful endpoint security that I

RE: Email retention

[John Aldrich]

That's what I'm dealing with here... a bunch of individual PST files on
everyone's PCs. Which is what got me to thinking about needing a formal
retention policy.



From: Roger Wright [mailto:rhw...@gmail.com] 
Sent: Tuesday, September 21, 2010 10:36 AM
To: NT System Admin Issues
Subject: Re: Email retention

I'm working for a private firm with no formal retention policy.  Plus, due
to limited server storage we have to function with PST files.  The big
problem is that these all become searchable when lawyers require "all
documentation."  What a pain!  A mail archiving system would be a Godsend
but the executives have nixed the proposals so far.


Roger Wright
___

When it's GOOD there ain't nothin' like it, and when it's BAD there ain't
nothin' like it!



On Tue, Sep 21, 2010 at 10:29 AM, John Aldrich
 wrote:
Thanks. I'll advise my boss that we should seek legal guidance on that. :-)



From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com]
Sent: Tuesday, September 21, 2010 10:24 AM
To: NT System Admin Issues
Subject: RE: Email retention

IANAL, however, I believe the sticking point may be (for private firms,
anyway) that if you ever find yourself in litigation, the lawyers will ask
what your formal retention policy is…

If they find you on either side of that retention policy, you could be up a
creek, because then they either blast you for not adhering to corporate
policy, or they say, “Well, since you have emails that are 120 days old,
even though your policy dictates 90 days, then you must certainly have more
so, give us EVERYTHING.”

If it were up to me, (HA!) I would get corporate counsel to give me a
guideline, formalize it as corporate policy, and stick to it.
Jonathan L. Raper, A+, MCSA, MCSE
Technology Coordinator
Eagle Physicians & Associates, PA
jra...@eaglemds.com
www.eaglemds.com

From: Don Guyer [mailto:don.gu...@prufoxroach.com]
Sent: Tuesday, September 21, 2010 10:16 AM
To: NT System Admin Issues
Subject: RE: Email retention

I believe we keep 6 months on tape, latest 2 weeks on SAN.

Don Guyer
Systems Engineer - Information Services
Prudential, Fox & Roach/Trident Group
431 W. Lancaster Avenue
Devon, PA 19333
Direct: (610) 993-3299
Fax: (610) 650-5306
don.gu...@prufoxroach.com

From: Jeff Brown [mailto:2jbr...@gmail.com]
Sent: Tuesday, September 21, 2010 10:14 AM
To: NT System Admin Issues
Subject: Re: Email retention

Our owner wanted 30 days to be standard retention policy for email.  Lawyers
said 90.  We keep everything 90 days. 
On Tue, Sep 21, 2010 at 9:09 AM, Jonathan Link 
wrote:
There is no standard, it's determined by business requriements and
regulatory requirements for your industry.
SOX rules are for publicly traded companies, so you're asking contradictory
questions.


 
On Tue, Sep 21, 2010 at 10:04 AM, John Aldrich
 wrote:
What's the standard for email retention for companies which are NOT publicly
traded? What's the SOX rules on email retention? I just helped one of our
managers open some Outlook data files dating back to 2007 which got me
thinking about the wisdom of retaining information that long and I wasn't
sure what the "norm" is for retaining that info.

Thanks...

Thanks,
John Aldrich
IT Manager,
Blueridge Carpet
706-276-2001, Ext. 2233



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


Any medical information contained in this electronic message is CONFIDENTIAL
and privileged. It is unlawful for unauthorized persons to view, copy,
disclose, or disseminate CONFIDENTIAL information. This electronic message
may contain i

RE: Email retention

[John Aldrich]

Well, I see what you're saying, but I've never actually MET most of our
sales reps... :-) We're talking outside sales reps for whom I have no
control over their computers, phones, etc. as that's not provided by the
company. Mostly it's stuff like advising them that their email box is
getting full because they use a "Smart Phone" and email is piling up on the
POP3 server or they're having issues with getting their email set up and
things like that. Or they haven't checked their voicemail in a month
(supposed to check it several times per day, according to sales management.)
Granted things like not checking voicemail/email regularly are up to
management to enforce. I, however, have to deal with enforcing limits on
email storage, and things like that. For things like that where I have no
day-to-day contact with the outside sales rep in another state, I have to
rely on email or calling their cell phone, etc.



From: Jonathan Link [mailto:jonathan.l...@gmail.com] 
Sent: Tuesday, September 21, 2010 10:31 AM
To: NT System Admin Issues
Subject: Re: Email retention

Well, you're mixing some vastly different problems.  Employee issues should
be handled by management.  If there's communication regarding policies, that
should again be handled by management.  I generate our IT policies, pass
them onto management, discuss and refine said policies with it, and then I'm
out of it.  Communication of policies to employees should only be done by
management, and in a sufficiently large organization, by the designated
department heads.  Email is also a poor way of documenting said
communication.  There should be a signed note from the employee where the
employee acknowledges that he has read and understands the policy.  If
you're thinking of using email retention is to sovle this problem, it's
poorly suited.
 
You need to start a dialogue with your management about the risks and
costs of unlimited email retention, as well as proposed solutions.
On Tue, Sep 21, 2010 at 10:19 AM, John Aldrich
 wrote:
Wow! That's not long at all
The reason I was asking about SOX requirements was that I thought we could
"pretend" we were publicly traded and go by those rules. It wouldn't
surprise me if congress mandates SOX or something like it for *everyone*
eventually, publicly traded companies or not.

I know that some of our sales managers have come to me after we've let a
sales rep go and the sales rep has challenged the termination, and the
manager wants anything I have sent to the sales rep regarding IT policies,
etc since I've been here (3 years now.)

IANAL, but I do know that it's better to have a stated company policy on
email retention than to have ad-hoc email retention on an individual basis.


Thanks,
John Aldrich
IT Manager,
Blueridge Carpet
706-276-2001, Ext. 2233






From: Jeff Brown [mailto:2jbr...@gmail.com]
Sent: Tuesday, September 21, 2010 10:14 AM
To: NT System Admin Issues
Subject: Re: Email retention

Our owner wanted 30 days to be standard retention policy for email.  Lawyers
said 90.  We keep everything 90 days. 
On Tue, Sep 21, 2010 at 9:09 AM, Jonathan Link 
wrote:
There is no standard, it's determined by business requriements and
regulatory requirements for your industry.
SOX rules are for publicly traded companies, so you're asking contradictory
questions.


 
On Tue, Sep 21, 2010 at 10:04 AM, John Aldrich
 wrote:
What's the standard for email retention for companies which are NOT publicly
traded? What's the SOX rules on email retention? I just helped one of our
managers open some Outlook data files dating back to 2007 which got me
thinking about the wisdom of retaining information that long and I wasn't
sure what the "norm" is for retaining that info.

Thanks...

Thanks,
John Aldrich
IT Manager,
Blueridge Carpet
706-276-2001, Ext. 2233



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a r

RE: Email retention

[Jacob]

We archive six months worth.


-Original Message-
From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] 
Sent: Tuesday, September 21, 2010 7:05 AM
To: NT System Admin Issues
Subject: Email retention

What's the standard for email retention for companies which are NOT publicly
traded? What's the SOX rules on email retention? I just helped one of our
managers open some Outlook data files dating back to 2007 which got me
thinking about the wisdom of retaining information that long and I wasn't
sure what the "norm" is for retaining that info.

Thanks...

Thanks,
John Aldrich
IT Manager,
Blueridge Carpet
706-276-2001, Ext. 2233



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Email retention

[Maglinger, Paul]

Wait until you have to do a ediscovery.  I'm betting they will change
their tune.

 

-Paul

 

From: Roger Wright [mailto:rhw...@gmail.com] 
Sent: Tuesday, September 21, 2010 9:36 AM
To: NT System Admin Issues
Subject: Re: Email retention

 

I'm working for a private firm with no formal retention policy.  Plus,
due to limited server storage we have to function with PST files.  The
big problem is that these all become searchable when lawyers require
"all documentation."  What a pain!  A mail archiving system would be a
Godsend but the executives have nixed the proposals so far.


Roger Wright
___

When it's GOOD there ain't nothin' like it, and when it's BAD there
ain't nothin' like it!





On Tue, Sep 21, 2010 at 10:29 AM, John Aldrich
 wrote:

Thanks. I'll advise my boss that we should seek legal guidance on that.
:-)



From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com]
Sent: Tuesday, September 21, 2010 10:24 AM

To: NT System Admin Issues
Subject: RE: Email retention

IANAL, however, I believe the sticking point may be (for private firms,
anyway) that if you ever find yourself in litigation, the lawyers will
ask
what your formal retention policy is...

If they find you on either side of that retention policy, you could be
up a
creek, because then they either blast you for not adhering to corporate
policy, or they say, "Well, since you have emails that are 120 days old,
even though your policy dictates 90 days, then you must certainly have
more
so, give us EVERYTHING."

If it were up to me, (HA!) I would get corporate counsel to give me a
guideline, formalize it as corporate policy, and stick to it.
Jonathan L. Raper, A+, MCSA, MCSE
Technology Coordinator
Eagle Physicians & Associates, PA
jra...@eaglemds.com
www.eaglemds.com

From: Don Guyer [mailto:don.gu...@prufoxroach.com]
Sent: Tuesday, September 21, 2010 10:16 AM
To: NT System Admin Issues
Subject: RE: Email retention

I believe we keep 6 months on tape, latest 2 weeks on SAN.

Don Guyer
Systems Engineer - Information Services
Prudential, Fox & Roach/Trident Group
431 W. Lancaster Avenue
Devon, PA 19333
Direct: (610) 993-3299
Fax: (610) 650-5306
don.gu...@prufoxroach.com

From: Jeff Brown [mailto:2jbr...@gmail.com]
Sent: Tuesday, September 21, 2010 10:14 AM
To: NT System Admin Issues
Subject: Re: Email retention

Our owner wanted 30 days to be standard retention policy for email.
Lawyers
said 90.  We keep everything 90 days. 
On Tue, Sep 21, 2010 at 9:09 AM, Jonathan Link 
wrote:
There is no standard, it's determined by business requriements and
regulatory requirements for your industry.
SOX rules are for publicly traded companies, so you're asking
contradictory
questions.


 
On Tue, Sep 21, 2010 at 10:04 AM, John Aldrich
 wrote:
What's the standard for email retention for companies which are NOT
publicly
traded? What's the SOX rules on email retention? I just helped one of
our
managers open some Outlook data files dating back to 2007 which got me
thinking about the wisdom of retaining information that long and I
wasn't
sure what the "norm" is for retaining that info.

Thanks...

Thanks,
John Aldrich
IT Manager,
Blueridge Carpet
706-276-2001, Ext. 2233



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


Any medical information contained in this electronic message is
CONFIDENTIAL
and privileged. It is unlawful for unauthorized persons to view, copy,
disclose, or disseminate CONFIDENTIAL information. This electronic
message
may contain information that is confidential and/or legally privileged.
It

Re: Email retention

[Andrew S. Baker]

Just ration your time a little differently the next time the lawyers need
data spread across 50 PSTs, and they may find it useful to deploy archiving.

*ASB *(My XeeSM Profile) <http://XeeSM.com/AndrewBaker>
*Exploiting Technology for Business Advantage...*
* *
On Tue, Sep 21, 2010 at 10:35 AM, Roger Wright  wrote:

> I'm working for a private firm with no formal retention policy.  Plus, due
> to limited server storage we have to function with PST files.  The big
> problem is that these all become searchable when lawyers require "all
> documentation."  What a pain!  A mail archiving system would be a Godsend
> but the executives have nixed the proposals so far.
>
>
> Roger Wright
> ___
>
> When it's GOOD there ain't nothin' like it, and when it's BAD there ain't
> nothin' like it!
>
>
>
>
> On Tue, Sep 21, 2010 at 10:29 AM, John Aldrich <
> jaldr...@blueridgecarpet.com> wrote:
>
>> Thanks. I'll advise my boss that we should seek legal guidance on that.
>> :-)
>>
>>
>>
>> From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com]
>> Sent: Tuesday, September 21, 2010 10:24 AM
>> To: NT System Admin Issues
>> Subject: RE: Email retention
>>
>> IANAL, however, I believe the sticking point may be (for private firms,
>> anyway) that if you ever find yourself in litigation, the lawyers will ask
>> what your formal retention policy is…
>>
>> If they find you on either side of that retention policy, you could be up
>> a
>> creek, because then they either blast you for not adhering to corporate
>> policy, or they say, “Well, since you have emails that are 120 days old,
>> even though your policy dictates 90 days, then you must certainly have
>> more
>> so, give us EVERYTHING.”
>>
>> If it were up to me, (HA!) I would get corporate counsel to give me a
>> guideline, formalize it as corporate policy, and stick to it.
>> Jonathan L. Raper, A+, MCSA, MCSE
>> Technology Coordinator
>> Eagle Physicians & Associates, PA
>> jra...@eaglemds.com
>> www.eaglemds.com
>> 
>> From: Don Guyer [mailto:don.gu...@prufoxroach.com]
>> Sent: Tuesday, September 21, 2010 10:16 AM
>>
>> To: NT System Admin Issues
>> Subject: RE: Email retention
>>
>> I believe we keep 6 months on tape, latest 2 weeks on SAN.
>>
>> Don Guyer
>> Systems Engineer - Information Services
>> Prudential, Fox & Roach/Trident Group
>> 431 W. Lancaster Avenue
>> Devon, PA 19333
>> Direct: (610) 993-3299
>> Fax: (610) 650-5306
>> don.gu...@prufoxroach.com
>>
>> From: Jeff Brown [mailto:2jbr...@gmail.com]
>> Sent: Tuesday, September 21, 2010 10:14 AM
>>
>> To: NT System Admin Issues
>> Subject: Re: Email retention
>>
>> Our owner wanted 30 days to be standard retention policy for email.
>>  Lawyers
>> said 90.  We keep everything 90 days.
>> On Tue, Sep 21, 2010 at 9:09 AM, Jonathan Link 
>> wrote:
>> There is no standard, it's determined by business requriements and
>> regulatory requirements for your industry.
>> SOX rules are for publicly traded companies, so you're asking
>> contradictory
>> questions.
>>
>>
>>
>> On Tue, Sep 21, 2010 at 10:04 AM, John Aldrich
>>  wrote:
>> What's the standard for email retention for companies which are NOT
>> publicly
>> traded? What's the SOX rules on email retention? I just helped one of our
>> managers open some Outlook data files dating back to 2007 which got me
>> thinking about the wisdom of retaining information that long and I wasn't
>> sure what the "norm" is for retaining that info.
>>
>> Thanks...
>>
>> Thanks,
>> John Aldrich
>> IT Manager,
>> Blueridge Carpet
>> 706-276-2001, Ext. 2233
>>
>>
>>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Email retention

[Andrew S. Baker]

There is no need for any regulatory or industry compliance statute to
mandate *the specifics of* a set retention policy for information.

Yeah, there is the standard for financial data, but even that can be 3
years, 7 years or 10 years depending on the specifics of the data or segment
of the industry.  And, those are minimums (although few people are willing
to go over the minimums when it comes to retention, due to the liability).

It is best to have the legal folks establish a policy, and then use whatever
technology is available to enforce it.  These things are very much business
dependent.


*ASB *(My XeeSM Profile) 
*Exploiting Technology for Business Advantage...*
* *
On Tue, Sep 21, 2010 at 10:29 AM, Malcolm Reitz wrote:

> Annoyingly enough, SOX doesn't specify any retention period. However, it
> does implicitly require a formalized and structured retention policy to be
> applied. Of course, SOX doesn't apply to non-publicly-traded companies
> anyway.
>
> Even without SOX or other regulatory requirements, a retention policy based
> on what information is useful to your company, is a good thing to implement
> anyway.
>
> -Malcolm
> -Original Message-
> From: John Aldrich [mailto:jaldr...@blueridgecarpet.com]
> Sent: Tuesday, September 21, 2010 09:05
> To: NT System Admin Issues
> Subject: Email retention
>
> What's the standard for email retention for companies which are NOT
> publicly
> traded? What's the SOX rules on email retention? I just helped one of our
> managers open some Outlook data files dating back to 2007 which got me
> thinking about the wisdom of retaining information that long and I wasn't
> sure what the "norm" is for retaining that info.
>
> Thanks...
>
> Thanks,
> John Aldrich
> IT Manager,
> Blueridge Carpet
> 706-276-2001, Ext. 2233
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Email retention

[Bob Hartung]

So much business is transacted through e-mail these days that a 90 day 
retention policy seems impractical. If we tried to impose it here, I can 
guarantee we'd have a revolt. Then if you forced it, people would start 
squirreling away everything as hard copies and PDFs of e-mail, making it just 
as difficult to search for it as documents as opposed to e-mails.

My recommendation to my management was to get a reasonable e-mail archiving 
system that would make searching relatively easy and that the impact of 
destroying valuable business communicatons in the interest of avoiding the 
hassle of providing some e-mails in some possible future lawsuit wouldn't make 
much sense in our case.

Philosophically, if you are found guilty at some point in the future, either 
you are guilty (shame on you) or you have been wasting a lot of money on your 
lawyers :^)

--

Bob Hartung
Wisco Industries, Inc.
736 Janesville St.
Oregon, WI 53575
Tel: (608) 835-3106 x215
Fax: (608) 835-7399
e-mail: bhartung(at)wiscoind.com
  _  

From: Jeff Brown [mailto:2jbr...@gmail.com]
To: NT System Admin Issues [mailto:ntsysad...@lyris.sunbelt-software.com]
Sent: Tue, 21 Sep 2010 09:13:30 -0500
Subject: Re: Email retention

Our owner wanted 30 days to be standard retention policy for email.  Lawyers 
said 90.  We keep everything 90 days. 


On Tue, Sep 21, 2010 at 9:09 AM, Jonathan Link  wrote:
  
There is no standard, it's determined by business requriements and regulatory 
requirements for your industry.
SOX rules are for publicly traded companies, so you're asking contradictory 
questions.


  


   
On Tue, Sep 21, 2010 at 10:04 AM, John Aldrich  
wrote:
  What's the standard for email retention for companies which are NOT publicly
traded? What's the SOX rules on email retention? I just helped one of our
managers open some Outlook data files dating back to 2007 which got me
thinking about the wisdom of retaining information that long and I wasn't
sure what the "norm" is for retaining that info.

Thanks...

Thanks,
John Aldrich
IT Manager,
Blueridge Carpet
706-276-2001, Ext. 2233



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
  ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
  
  ---
  To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
  or send an email to listmana...@lyris.sunbeltsoftware.com
  with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
  ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
  
  ---
  To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
  or send an email to listmana...@lyris.sunbeltsoftware.com
  with the body: unsubscribe ntsysadmin  
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Email retention

[Andrew S. Baker]

+1

*ASB *(My XeeSM Profile) <http://XeeSM.com/AndrewBaker>
*Exploiting Technology for Business Advantage...*
* *
On Tue, Sep 21, 2010 at 10:22 AM, Jim Holmgren wrote:

> SOX does not say "Thou shalt keep all email for X days/months/years".
>
> It says "Thou shalt have a retention policy and shall abide by it".
>
> Bottom line - let the lawyers set the policy.  Your job is really only to
> enforce it with the appropriate technology.
>
>
> Jim Holmgren
> Manager of Server Engineering
> XLHealth Corporation
> The Warehouse at Camden Yards
> 351 West Camden Street, Suite 100
> Baltimore, MD 21201
> 410.625.2200 (main)
> 443.524.8573 (direct)
> 443-506.2400 (cell)
> www.xlhealth.com
>
>
>
>
> -Original Message-
> From: John Aldrich [mailto:jaldr...@blueridgecarpet.com]
> Sent: Tuesday, September 21, 2010 10:19 AM
> To: NT System Admin Issues
> Subject: RE: Email retention
>
> Wow! That's not long at all
> The reason I was asking about SOX requirements was that I thought we could
> "pretend" we were publicly traded and go by those rules. It wouldn't
> surprise me if congress mandates SOX or something like it for *everyone*
> eventually, publicly traded companies or not.
>
> I know that some of our sales managers have come to me after we've let a
> sales rep go and the sales rep has challenged the termination, and the
> manager wants anything I have sent to the sales rep regarding IT policies,
> etc since I've been here (3 years now.)
>
> IANAL, but I do know that it's better to have a stated company policy on
> email retention than to have ad-hoc email retention on an individual basis.
>
>
> Thanks,
> John Aldrich
> IT Manager,
> Blueridge Carpet
> 706-276-2001, Ext. 2233
>
>
>
>
>
>
> From: Jeff Brown [mailto:2jbr...@gmail.com]
> Sent: Tuesday, September 21, 2010 10:14 AM
> To: NT System Admin Issues
> Subject: Re: Email retention
>
> Our owner wanted 30 days to be standard retention policy for email.
>  Lawyers
> said 90.  We keep everything 90 days.
> On Tue, Sep 21, 2010 at 9:09 AM, Jonathan Link 
> wrote:
> There is no standard, it's determined by business requriements and
> regulatory requirements for your industry.
> SOX rules are for publicly traded companies, so you're asking contradictory
> questions.
>
>
>
> On Tue, Sep 21, 2010 at 10:04 AM, John Aldrich
>  wrote:
> What's the standard for email retention for companies which are NOT
> publicly
> traded? What's the SOX rules on email retention? I just helped one of our
> managers open some Outlook data files dating back to 2007 which got me
> thinking about the wisdom of retaining information that long and I wasn't
> sure what the "norm" is for retaining that info.
>
> Thanks...
>
> Thanks,
> John Aldrich
> IT Manager,
> Blueridge Carpet
> 706-276-2001, Ext. 2233
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Email retention

[Raper, Jonathan - Eagle]

...each day has enough trouble of its own... :-)

Jonathan L. Raper, A+, MCSA, MCSE
Technology Coordinator
Eagle Physicians & Associates, PA
jra...@eaglemds.com
www.eaglemds.com


-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com]
Sent: Tuesday, September 21, 2010 10:34 AM
To: NT System Admin Issues
Subject: Re: Email retention

On Tue, Sep 21, 2010 at 10:19 AM, John Aldrich
 wrote:
> It wouldn't
> surprise me if congress mandates SOX or something like it for *everyone*
> eventually, publicly traded companies or not.

  When that happens, deal with it then, especially as it's likely to
be different from "now" anyway.

  Don't borrow trouble.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Any medical information contained in this electronic message is CONFIDENTIAL 
and privileged. It is unlawful for unauthorized persons to view, copy, 
disclose, or disseminate CONFIDENTIAL information. This electronic message may 
contain information that is confidential and/or legally privileged. It is 
intended only for the use of the individual(s) and/or entity named as 
recipients in the message. If you are not an intended recipient of this 
message, please notify the sender immediately and delete this material from 
your computer. Do not deliver, distribute or copy this message, and do not 
disclose its contents or take any action in reliance on the information that it 
contains.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Email retention

[Roger Wright]

I'm working for a private firm with no formal retention policy.  Plus, due
to limited server storage we have to function with PST files.  The big
problem is that these all become searchable when lawyers require "all
documentation."  What a pain!  A mail archiving system would be a Godsend
but the executives have nixed the proposals so far.


Roger Wright
___

When it's GOOD there ain't nothin' like it, and when it's BAD there ain't
nothin' like it!




On Tue, Sep 21, 2010 at 10:29 AM, John Aldrich  wrote:

> Thanks. I'll advise my boss that we should seek legal guidance on that. :-)
>
>
>
> From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com]
> Sent: Tuesday, September 21, 2010 10:24 AM
> To: NT System Admin Issues
> Subject: RE: Email retention
>
> IANAL, however, I believe the sticking point may be (for private firms,
> anyway) that if you ever find yourself in litigation, the lawyers will ask
> what your formal retention policy is…
>
> If they find you on either side of that retention policy, you could be up a
> creek, because then they either blast you for not adhering to corporate
> policy, or they say, “Well, since you have emails that are 120 days old,
> even though your policy dictates 90 days, then you must certainly have more
> so, give us EVERYTHING.”
>
> If it were up to me, (HA!) I would get corporate counsel to give me a
> guideline, formalize it as corporate policy, and stick to it.
> Jonathan L. Raper, A+, MCSA, MCSE
> Technology Coordinator
> Eagle Physicians & Associates, PA
> jra...@eaglemds.com
> www.eaglemds.com
> 
> From: Don Guyer [mailto:don.gu...@prufoxroach.com]
> Sent: Tuesday, September 21, 2010 10:16 AM
> To: NT System Admin Issues
> Subject: RE: Email retention
>
> I believe we keep 6 months on tape, latest 2 weeks on SAN.
>
> Don Guyer
> Systems Engineer - Information Services
> Prudential, Fox & Roach/Trident Group
> 431 W. Lancaster Avenue
> Devon, PA 19333
> Direct: (610) 993-3299
> Fax: (610) 650-5306
> don.gu...@prufoxroach.com
>
> From: Jeff Brown [mailto:2jbr...@gmail.com]
> Sent: Tuesday, September 21, 2010 10:14 AM
> To: NT System Admin Issues
> Subject: Re: Email retention
>
> Our owner wanted 30 days to be standard retention policy for email.
>  Lawyers
> said 90.  We keep everything 90 days.
> On Tue, Sep 21, 2010 at 9:09 AM, Jonathan Link 
> wrote:
> There is no standard, it's determined by business requriements and
> regulatory requirements for your industry.
> SOX rules are for publicly traded companies, so you're asking contradictory
> questions.
>
>
>
> On Tue, Sep 21, 2010 at 10:04 AM, John Aldrich
>  wrote:
> What's the standard for email retention for companies which are NOT
> publicly
> traded? What's the SOX rules on email retention? I just helped one of our
> managers open some Outlook data files dating back to 2007 which got me
> thinking about the wisdom of retaining information that long and I wasn't
> sure what the "norm" is for retaining that info.
>
> Thanks...
>
> Thanks,
> John Aldrich
> IT Manager,
> Blueridge Carpet
> 706-276-2001, Ext. 2233
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> 
> Any m

Re: Email retention

[Ben Scott]

On Tue, Sep 21, 2010 at 10:19 AM, John Aldrich
 wrote:
> It wouldn't
> surprise me if congress mandates SOX or something like it for *everyone*
> eventually, publicly traded companies or not.

  When that happens, deal with it then, especially as it's likely to
be different from "now" anyway.

  Don't borrow trouble.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Email retention

[John Aldrich]

Thanks. As I just replied to Jonathan Raper, I'll advise my boss to check
with corporate attorneys to see what they say and then work to see that
everyone complies with that. :-)




-Original Message-
From: Malcolm Reitz [mailto:malcolm.re...@live.com] 
Sent: Tuesday, September 21, 2010 10:30 AM
To: NT System Admin Issues
Subject: RE: Email retention

Annoyingly enough, SOX doesn't specify any retention period. However, it
does implicitly require a formalized and structured retention policy to be
applied. Of course, SOX doesn't apply to non-publicly-traded companies
anyway.

Even without SOX or other regulatory requirements, a retention policy based
on what information is useful to your company, is a good thing to implement
anyway.

-Malcolm
-Original Message-
From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] 
Sent: Tuesday, September 21, 2010 09:05
To: NT System Admin Issues
Subject: Email retention

What's the standard for email retention for companies which are NOT publicly
traded? What's the SOX rules on email retention? I just helped one of our
managers open some Outlook data files dating back to 2007 which got me
thinking about the wisdom of retaining information that long and I wasn't
sure what the "norm" is for retaining that info.

Thanks...

Thanks,
John Aldrich
IT Manager,
Blueridge Carpet
706-276-2001, Ext. 2233



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Email retention

[Ben Scott]

On Tue, Sep 21, 2010 at 10:22 AM, Jim Holmgren  wrote:
> SOX does not say "Thou shalt keep all email for X days/months/years".
> It says "Thou shalt have a retention policy and shall abide by it".

  Yah.  The list of things which Sarb-Ox actually mandates (as far as
IT is concerned) is actually quite short.  My favorite is passwords.
People claim Sarb-Ox to justify any number of inane password policies.
 Sarb-Ox does not address passwords *at all*.  It doesn't even say you
have to use them.

  If you're attempting to comply with a regulation, it behooves you to
be familiar with the regulation.  I find auditors routinely claim
something is in the regulation, when in fact it's just their personal
preference.

  Our QA guys says they get that all the time with ISO-9000/AS-9100,
too.  I'm told there are actually only about a dozen things ISO-9000
says you "must" do.  It says "should" a whole hell of a lot, but the
difference between "must" and "should" is the difference between
lightning and the lightning bug[1].

-- Ben

[1] To paraphrase Mark Twain.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Email retention

[Jonathan Link]

Well, you're mixing some vastly different problems.  Employee issues should
be handled by management.  If there's communication regarding policies, that
should again be handled by management.  I generate our IT policies, pass
them onto management, discuss and refine said policies with it, and then I'm
out of it.  Communication of policies to employees should only be done by
management, and in a sufficiently large organization, by the designated
department heads.  Email is also a poor way of documenting said
communication.  There should be a signed note from the employee where the
employee acknowledges that he has read and understands the policy.  If
you're thinking of using email retention is to sovle this problem, it's
poorly suited.

You need to start a dialogue with your management about the risks and
costs of unlimited email retention, as well as proposed solutions.
On Tue, Sep 21, 2010 at 10:19 AM, John Aldrich  wrote:

> Wow! That's not long at all
> The reason I was asking about SOX requirements was that I thought we could
> "pretend" we were publicly traded and go by those rules. It wouldn't
> surprise me if congress mandates SOX or something like it for *everyone*
> eventually, publicly traded companies or not.
>
> I know that some of our sales managers have come to me after we've let a
> sales rep go and the sales rep has challenged the termination, and the
> manager wants anything I have sent to the sales rep regarding IT policies,
> etc since I've been here (3 years now.)
>
> IANAL, but I do know that it's better to have a stated company policy on
> email retention than to have ad-hoc email retention on an individual basis.
>
>
> Thanks,
> John Aldrich
> IT Manager,
> Blueridge Carpet
> 706-276-2001, Ext. 2233
>
>
>
>
>
>
> From: Jeff Brown [mailto:2jbr...@gmail.com]
> Sent: Tuesday, September 21, 2010 10:14 AM
> To: NT System Admin Issues
> Subject: Re: Email retention
>
> Our owner wanted 30 days to be standard retention policy for email.
>  Lawyers
> said 90.  We keep everything 90 days.
> On Tue, Sep 21, 2010 at 9:09 AM, Jonathan Link 
> wrote:
> There is no standard, it's determined by business requriements and
> regulatory requirements for your industry.
> SOX rules are for publicly traded companies, so you're asking contradictory
> questions.
>
>
>
> On Tue, Sep 21, 2010 at 10:04 AM, John Aldrich
>  wrote:
> What's the standard for email retention for companies which are NOT
> publicly
> traded? What's the SOX rules on email retention? I just helped one of our
> managers open some Outlook data files dating back to 2007 which got me
> thinking about the wisdom of retaining information that long and I wasn't
> sure what the "norm" is for retaining that info.
>
> Thanks...
>
> Thanks,
> John Aldrich
> IT Manager,
> Blueridge Carpet
> 706-276-2001, Ext. 2233
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Email retention

[Malcolm Reitz]

Annoyingly enough, SOX doesn't specify any retention period. However, it
does implicitly require a formalized and structured retention policy to be
applied. Of course, SOX doesn't apply to non-publicly-traded companies
anyway.

Even without SOX or other regulatory requirements, a retention policy based
on what information is useful to your company, is a good thing to implement
anyway.

-Malcolm
-Original Message-
From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] 
Sent: Tuesday, September 21, 2010 09:05
To: NT System Admin Issues
Subject: Email retention

What's the standard for email retention for companies which are NOT publicly
traded? What's the SOX rules on email retention? I just helped one of our
managers open some Outlook data files dating back to 2007 which got me
thinking about the wisdom of retaining information that long and I wasn't
sure what the "norm" is for retaining that info.

Thanks...

Thanks,
John Aldrich
IT Manager,
Blueridge Carpet
706-276-2001, Ext. 2233



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Email retention

[John Aldrich]

Thanks. I'll advise my boss that we should seek legal guidance on that. :-)



From: Raper, Jonathan - Eagle [mailto:jra...@eaglemds.com] 
Sent: Tuesday, September 21, 2010 10:24 AM
To: NT System Admin Issues
Subject: RE: Email retention

IANAL, however, I believe the sticking point may be (for private firms,
anyway) that if you ever find yourself in litigation, the lawyers will ask
what your formal retention policy is…

If they find you on either side of that retention policy, you could be up a
creek, because then they either blast you for not adhering to corporate
policy, or they say, “Well, since you have emails that are 120 days old,
even though your policy dictates 90 days, then you must certainly have more
so, give us EVERYTHING.”

If it were up to me, (HA!) I would get corporate counsel to give me a
guideline, formalize it as corporate policy, and stick to it.
Jonathan L. Raper, A+, MCSA, MCSE
Technology Coordinator
Eagle Physicians & Associates, PA
jra...@eaglemds.com
www.eaglemds.com 

From: Don Guyer [mailto:don.gu...@prufoxroach.com] 
Sent: Tuesday, September 21, 2010 10:16 AM
To: NT System Admin Issues
Subject: RE: Email retention

I believe we keep 6 months on tape, latest 2 weeks on SAN.

Don Guyer
Systems Engineer - Information Services
Prudential, Fox & Roach/Trident Group
431 W. Lancaster Avenue
Devon, PA 19333
Direct: (610) 993-3299
Fax: (610) 650-5306
don.gu...@prufoxroach.com

From: Jeff Brown [mailto:2jbr...@gmail.com] 
Sent: Tuesday, September 21, 2010 10:14 AM
To: NT System Admin Issues
Subject: Re: Email retention

Our owner wanted 30 days to be standard retention policy for email.  Lawyers
said 90.  We keep everything 90 days. 
On Tue, Sep 21, 2010 at 9:09 AM, Jonathan Link 
wrote:
There is no standard, it's determined by business requriements and
regulatory requirements for your industry.
SOX rules are for publicly traded companies, so you're asking contradictory
questions.


 
On Tue, Sep 21, 2010 at 10:04 AM, John Aldrich
 wrote:
What's the standard for email retention for companies which are NOT publicly
traded? What's the SOX rules on email retention? I just helped one of our
managers open some Outlook data files dating back to 2007 which got me
thinking about the wisdom of retaining information that long and I wasn't
sure what the "norm" is for retaining that info.

Thanks...

Thanks,
John Aldrich
IT Manager,
Blueridge Carpet
706-276-2001, Ext. 2233



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


Any medical information contained in this electronic message is CONFIDENTIAL
and privileged. It is unlawful for unauthorized persons to view, copy,
disclose, or disseminate CONFIDENTIAL information. This electronic message
may contain information that is confidential and/or legally privileged. It
is intended only for the use of the individual(s) and/or entity named as
recipients in the message. If you are not an intended recipient of this
message, please notify the sender immediately and delete this material from
your computer. Do not deliver, distribute or copy this message, and do not
disclose its contents or take any action in reliance on the information that
it contains.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware

RE: Email retention

[Raper, Jonathan - Eagle]

IANAL, however, I believe the sticking point may be (for private firms, anyway) 
that if you ever find yourself in litigation, the lawyers will ask what your 
formal retention policy is...

If they find you on either side of that retention policy, you could be up a 
creek, because then they either blast you for not adhering to corporate policy, 
or they say, "Well, since you have emails that are 120 days old, even though 
your policy dictates 90 days, then you must certainly have more so, give us 
EVERYTHING."

If it were up to me, (HA!) I would get corporate counsel to give me a 
guideline, formalize it as corporate policy, and stick to it.

Jonathan L. Raper, A+, MCSA, MCSE
Technology Coordinator
Eagle Physicians & Associates, PA
jra...@eaglemds.commailto:%20jra...@eaglemds.com>
www.eaglemds.comhttp://www.eaglemds.com/>


From: Don Guyer [mailto:don.gu...@prufoxroach.com]
Sent: Tuesday, September 21, 2010 10:16 AM
To: NT System Admin Issues
Subject: RE: Email retention

I believe we keep 6 months on tape, latest 2 weeks on SAN.

Don Guyer
Systems Engineer - Information Services
Prudential, Fox & Roach/Trident Group
431 W. Lancaster Avenue
Devon, PA 19333
Direct: (610) 993-3299
Fax: (610) 650-5306
don.gu...@prufoxroach.com<mailto:don.gu...@prufoxroach.com>

From: Jeff Brown [mailto:2jbr...@gmail.com]
Sent: Tuesday, September 21, 2010 10:14 AM
To: NT System Admin Issues
Subject: Re: Email retention

Our owner wanted 30 days to be standard retention policy for email.  Lawyers 
said 90.  We keep everything 90 days.
On Tue, Sep 21, 2010 at 9:09 AM, Jonathan Link 
mailto:jonathan.l...@gmail.com>> wrote:
There is no standard, it's determined by business requriements and regulatory 
requirements for your industry.
SOX rules are for publicly traded companies, so you're asking contradictory 
questions.



On Tue, Sep 21, 2010 at 10:04 AM, John Aldrich 
mailto:jaldr...@blueridgecarpet.com>> wrote:
What's the standard for email retention for companies which are NOT publicly
traded? What's the SOX rules on email retention? I just helped one of our
managers open some Outlook data files dating back to 2007 which got me
thinking about the wisdom of retaining information that long and I wasn't
sure what the "norm" is for retaining that info.

Thanks...

Thanks,
John Aldrich
IT Manager,
Blueridge Carpet
706-276-2001, Ext. 2233



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin


Any medical information contained in this electronic message is CONFIDENTIAL 
and privileged. It is unlawful for unauthorized persons to view, copy, 
disclose, or disseminate CONFIDENTIAL information. This electronic message may 
contain information that is confidential and/or legally privileged. It is 
intended only for the use of the individual(s) and/or entity named as 
recipients in the message. If you are not an intended recipient of this 
message, please notify the sender immediately and delete this material from 
your computer. Do not deliver, distribute or copy this message, and do not 
disclose its contents or take any action in reliance on the information that it 
contains.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Email retention

[Jim Holmgren]

SOX does not say "Thou shalt keep all email for X days/months/years".  

It says "Thou shalt have a retention policy and shall abide by it".

Bottom line - let the lawyers set the policy.  Your job is really only to 
enforce it with the appropriate technology.


Jim Holmgren
Manager of Server Engineering
XLHealth Corporation
The Warehouse at Camden Yards
351 West Camden Street, Suite 100
Baltimore, MD 21201 
410.625.2200 (main)
443.524.8573 (direct)
443-506.2400 (cell)
www.xlhealth.com




-Original Message-
From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] 
Sent: Tuesday, September 21, 2010 10:19 AM
To: NT System Admin Issues
Subject: RE: Email retention

Wow! That's not long at all
The reason I was asking about SOX requirements was that I thought we could
"pretend" we were publicly traded and go by those rules. It wouldn't
surprise me if congress mandates SOX or something like it for *everyone*
eventually, publicly traded companies or not. 

I know that some of our sales managers have come to me after we've let a
sales rep go and the sales rep has challenged the termination, and the
manager wants anything I have sent to the sales rep regarding IT policies,
etc since I've been here (3 years now.)

IANAL, but I do know that it's better to have a stated company policy on
email retention than to have ad-hoc email retention on an individual basis.


Thanks,
John Aldrich
IT Manager, 
Blueridge Carpet
706-276-2001, Ext. 2233






From: Jeff Brown [mailto:2jbr...@gmail.com] 
Sent: Tuesday, September 21, 2010 10:14 AM
To: NT System Admin Issues
Subject: Re: Email retention

Our owner wanted 30 days to be standard retention policy for email.  Lawyers
said 90.  We keep everything 90 days. 
On Tue, Sep 21, 2010 at 9:09 AM, Jonathan Link 
wrote:
There is no standard, it's determined by business requriements and
regulatory requirements for your industry.
SOX rules are for publicly traded companies, so you're asking contradictory
questions.


 
On Tue, Sep 21, 2010 at 10:04 AM, John Aldrich
 wrote:
What's the standard for email retention for companies which are NOT publicly
traded? What's the SOX rules on email retention? I just helped one of our
managers open some Outlook data files dating back to 2007 which got me
thinking about the wisdom of retaining information that long and I wasn't
sure what the "norm" is for retaining that info.

Thanks...

Thanks,
John Aldrich
IT Manager,
Blueridge Carpet
706-276-2001, Ext. 2233



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin



CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use 
of the intended recipient(s) and may contain confidential and/or protected 
health information. Under the Federal Law (HIPAA), the intended recipient is 
obligated to keep this information secure and confidential. Any disclosure to 
third parties without authorization from the member of as permitted by law is 
prohibited and punishable under Federal Law. If you are not the intended 
recipient, please contact the sender by reply e-mail and destroy all copies of 
the original message.

NOTA DE CONFIDENCIALIDAD: Este facsímile, incluyendo lo adjunto, es para el uso 
exclusivo del destinatario(s) y puede contener información confidencial y/o 
información protegida de salud. En virtud de la Ley Federal (HIPAA), el 
destinatario tiene la obligación de mantener esta información segura y 
confidencial. Cualquier divulgación a terceros sin la autorización de los 
miembros de lo permitido por la ley está prohibido y penado en virtud de la Ley 
Federal. Si usted no es el destinatario, por favor, póngase en contac

Re: Email retention

[Doug Hampshire]

Eleventyfour. Or whatever the Senior Management team decides. SOX does not
equal privately held company.

On Tue, Sep 21, 2010 at 10:04 AM, John Aldrich  wrote:

> What's the standard for email retention for companies which are NOT
> publicly
> traded? What's the SOX rules on email retention? I just helped one of our
> managers open some Outlook data files dating back to 2007 which got me
> thinking about the wisdom of retaining information that long and I wasn't
> sure what the "norm" is for retaining that info.
>
> Thanks...
>
> Thanks,
> John Aldrich
> IT Manager,
> Blueridge Carpet
> 706-276-2001, Ext. 2233
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Email retention

[John Aldrich]

Wow! That's not long at all
The reason I was asking about SOX requirements was that I thought we could
"pretend" we were publicly traded and go by those rules. It wouldn't
surprise me if congress mandates SOX or something like it for *everyone*
eventually, publicly traded companies or not. 

I know that some of our sales managers have come to me after we've let a
sales rep go and the sales rep has challenged the termination, and the
manager wants anything I have sent to the sales rep regarding IT policies,
etc since I've been here (3 years now.)

IANAL, but I do know that it's better to have a stated company policy on
email retention than to have ad-hoc email retention on an individual basis.


Thanks,
John Aldrich
IT Manager, 
Blueridge Carpet
706-276-2001, Ext. 2233






From: Jeff Brown [mailto:2jbr...@gmail.com] 
Sent: Tuesday, September 21, 2010 10:14 AM
To: NT System Admin Issues
Subject: Re: Email retention

Our owner wanted 30 days to be standard retention policy for email.  Lawyers
said 90.  We keep everything 90 days. 
On Tue, Sep 21, 2010 at 9:09 AM, Jonathan Link 
wrote:
There is no standard, it's determined by business requriements and
regulatory requirements for your industry.
SOX rules are for publicly traded companies, so you're asking contradictory
questions.


 
On Tue, Sep 21, 2010 at 10:04 AM, John Aldrich
 wrote:
What's the standard for email retention for companies which are NOT publicly
traded? What's the SOX rules on email retention? I just helped one of our
managers open some Outlook data files dating back to 2007 which got me
thinking about the wisdom of retaining information that long and I wasn't
sure what the "norm" is for retaining that info.

Thanks...

Thanks,
John Aldrich
IT Manager,
Blueridge Carpet
706-276-2001, Ext. 2233



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Email retention

[Don Guyer]

I believe we keep 6 months on tape, latest 2 weeks on SAN.

 

Don Guyer

Systems Engineer - Information Services

Prudential, Fox & Roach/Trident Group

431 W. Lancaster Avenue

Devon, PA 19333

Direct: (610) 993-3299

Fax: (610) 650-5306

don.gu...@prufoxroach.com <mailto:don.gu...@prufoxroach.com> 

 

From: Jeff Brown [mailto:2jbr...@gmail.com] 
Sent: Tuesday, September 21, 2010 10:14 AM
To: NT System Admin Issues
Subject: Re: Email retention

 

Our owner wanted 30 days to be standard retention policy for email.
Lawyers said 90.  We keep everything 90 days. 

On Tue, Sep 21, 2010 at 9:09 AM, Jonathan Link 
wrote:

There is no standard, it's determined by business requriements and
regulatory requirements for your industry.

SOX rules are for publicly traded companies, so you're asking
contradictory questions.



 

On Tue, Sep 21, 2010 at 10:04 AM, John Aldrich
 wrote:

What's the standard for email retention for companies which are NOT
publicly
traded? What's the SOX rules on email retention? I just helped one of
our
managers open some Outlook data files dating back to 2007 which got me
thinking about the wisdom of retaining information that long and I
wasn't
sure what the "norm" is for retaining that info.

Thanks...

Thanks,
John Aldrich
IT Manager,
Blueridge Carpet
706-276-2001, Ext. 2233



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Email retention

[Jeff Brown]

Our owner wanted 30 days to be standard retention policy for email.  Lawyers
said 90.  We keep everything 90 days.

On Tue, Sep 21, 2010 at 9:09 AM, Jonathan Link wrote:

> There is no standard, it's determined by business requriements and
> regulatory requirements for your industry.
> SOX rules are for publicly traded companies, so you're asking contradictory
> questions.
>
>
>
> On Tue, Sep 21, 2010 at 10:04 AM, John Aldrich <
> jaldr...@blueridgecarpet.com> wrote:
>
>> What's the standard for email retention for companies which are NOT
>> publicly
>> traded? What's the SOX rules on email retention? I just helped one of our
>> managers open some Outlook data files dating back to 2007 which got me
>> thinking about the wisdom of retaining information that long and I wasn't
>> sure what the "norm" is for retaining that info.
>>
>> Thanks...
>>
>> Thanks,
>> John Aldrich
>> IT Manager,
>> Blueridge Carpet
>> 706-276-2001, Ext. 2233
>>
>>
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Email retention

[Jonathan Link]

There is no standard, it's determined by business requriements and
regulatory requirements for your industry.
SOX rules are for publicly traded companies, so you're asking contradictory
questions.



On Tue, Sep 21, 2010 at 10:04 AM, John Aldrich  wrote:

> What's the standard for email retention for companies which are NOT
> publicly
> traded? What's the SOX rules on email retention? I just helped one of our
> managers open some Outlook data files dating back to 2007 which got me
> thinking about the wisdom of retaining information that long and I wasn't
> sure what the "norm" is for retaining that info.
>
> Thanks...
>
> Thanks,
> John Aldrich
> IT Manager,
> Blueridge Carpet
> 706-276-2001, Ext. 2233
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Email retention

[William Robbins]

So do you want the rules for SOX, or do you want the rules for private
firms?

 - WJR


On Tue, Sep 21, 2010 at 09:04, John Aldrich wrote:

> What's the standard for email retention for companies which are NOT
> publicly
> traded? What's the SOX rules on email retention? I just helped one of our
> managers open some Outlook data files dating back to 2007 which got me
> thinking about the wisdom of retaining information that long and I wasn't
> sure what the "norm" is for retaining that info.
>
> Thanks...
>
> Thanks,
> John Aldrich
> IT Manager,
> Blueridge Carpet
> 706-276-2001, Ext. 2233
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin