The primary reason, perhaps the only reason, for retaining email messages is to be able to access them again in the future. A user may need to reference a message for business purposes or an email administrator may need to comply with a subpoena to produce relevant email. Either way, the ability to access this data is essential and vital to an organization. The inability to produce the needed message may be inconvenient and may cost the company anywhere from tens of thousands to millions of dollars or more.
“Our company or industry isn’t regulated, so we don’t need an email retention policy.”
The first misconception about an email retention policy is that it is not needed. Whether your company is strictly regulated or not, anyone can be sued. Furthermore, since email messages are generally considered documents of record, even though a deluge of them is created daily, your company could very likely be asked to produce specific messages in court.
“We have tape back ups. That’s sufficient enough.”
Relying on tape back-ups as an e-Discovery compliance solution can be a costly mistake, such as this situation. The Financial Industry Regulatory Authority (FINRA) fined Piper Jaffray & Co. $700,000 for violations related to its failure to retain approximately 4.3 million emails from November 2002 through December 2008.
Depending on your organization’s tape retention policy, you may not have the messages required. If, for example, your policy is to retain the last full back-up of the month over the course of so many days (per your company’s policy), then you still will not have all the messages your employees had received or sent that month.
It is not required for a sender to save a copy of their messages but, even if they do, they have the ability to delete them at any time. Likewise, recipients may delete messages they receive. If a message arrives on the 6th of the month, and then all copies are deleted by the 20th, the end of the month back-up tape will not have an instance of this message.
“We have a process to archive mail files daily. Then, we back up the archives.”
Archiving from mail files tightens up the time frame from monthly back-ups to daily back-ups, however, the underlying shortcoming still remains. Messages can be purged before the archive process runs. Additionally, if employees have access to the Notes mail archive to either delete or alter messages, a company is left exposed.
“We keep a secure copy of all relevant messages that route through our mail servers.”
This is the solution you should be aiming for. The compliance archive or a journal that is available with IBM Lotus Domino server software gets a copy of the message as it is being routed and, as a result, is insulated from user activity that might otherwise destroy or alter the message.
A systematic collection and storage process, like Sherpa Software’s Compliance Attender’s Journaling module, allows a company not only to produce needed messages, but also demonstrate that a suitable policy and procedure is in place and working.