In my last article, I talked about where to start with your information governance (IG) strategy. If you recall, I advised to focus on email management policies first because it is still the most searched data store for most companies and is easy to get your arms around. Email is stored centrally on designated servers and has a known size, regardless how big that might be. This makes it easier to understand the breadth, width and depth of email.

So now that you have decided to focus on email policies as your first foray into your IG strategy, what’s next? The first thing you do is gain an understanding of any federal, state, etc. regulations and/or laws that govern the vertical market that represents your company. This will mean reaching out to other people in your company to get an understanding of how email must be governed, as stated within the regulations, etc. It is imperative that this become a team effort, because one person may not have all of the answers. This might be a lengthy process, so don’t expect the answer within an hour. As a Type A personality myself (I yell at the microwave for taking too long), it’s good to know in advance that this could take some time.

However, that does not mean you just have to sit and wait for an answer. So what can you do in the interim? Start understanding the types of messages (records) within the typical mail box. Although this can slightly differ between messaging platforms such as IBM Domino and Microsoft Exchange (among others), there are many similarities.

Before I go any further, I want to lay some groundwork regarding verbiage that I am referencing. In IBM Domino, a mail database contains documents (full set of data) and is comprised of messages and non-messages. The difference between the two? A message has been routed, meaning that someone sent it. However a non-message is a document that has never been routed. It could be a draft I never sent. It could be an appointment I made in my calendar. Neither of these documents have been routed and therefore, they are not messages.

Message Storage
To understand your users mail files, you must first consider where the messages are stored in the mail. The typical locations for messages are ‘Inbox’ and ‘Sent’ folders. In order to be in these locations, a message was routed. I am an organization freak, so my Inbox is my “To-Do List” and I have hundreds of folders (and subfolders) that organize my received and sent messages. So that begs the question, do you care where messages are stored? Should you treat messages within the Inbox the same as those within Sent?

Personal Folders
Another location to consider is personal folders. This is where the water gets muddy. I could folder a Draft into a personal folder. If I do, I now have both messages and non-messages in the same location. So, what is stored in the personal folders in your mail environment and do you care? From a legal standpoint, these questions may be moot, because the policies that are created tend to be generic and usually don’t care where a message is stored. However, if your company does not have to adhere to specific regulations, this might become an internal decision. In that scenario, IG can be both a means of adhering to policies and also mitigating performance issues within your mail infrastructure.

In IBM Domino, the Inbox is what drives performance for a user’s mail. If a user has 150,000 messages in his/her Inbox (and yes, I have seen that), it might take many minutes just for the user to open the mail. Having said that, this article is not meant to help fine tune your servers, but I wanted to give you some food for thought regarding how everyone manages their messages differently. Users may folder messages when they receive them. Others have never foldered anything. On a side note, I have found that these are also the users who have no idea what the ‘delete’ key does.

Calendar Items
What about calendar items? Should they have the same policy as messages in the Inbox/Sent? Or should they be retained shorter/longer? Also, keep in mind that users love to create recurring entries in their calendars! How should those be handled?  These are all questions you should be asking yourself.  What if you are in litigation? If you are, and have not formally preserved your data, do you want to continue enforcing your policies on the custodians that are included?

Some companies have empowered their users to place messages into specific folders and then assigned a longer retention to those messages. In this scenario, you need to be sure that you are acknowledging any due diligence performed by your users.

If your retention policy is deleting mail, you also need to consider if you need to alert your users as to what will be deleted so they can take action on the messages and prevent them from being deleted. For instance, I know of companies that only delete from the Inbox and Sent and exclude any message that is in a personal folder. This means that if a message is located in both the Sent and a personal folder, that message would not be deleted, because it resides in a personal folder. By alerting the users, you provide them with the ability to add messages to personal folders before the actual deletion process occurs. If deleting mail, you must consider if you want to delete a user’s mail if they are out of the office or should the deletion be suspended until they return.  Lastly, will everyone be following the same retention policy or will there be exception conditions for specific users, such as executives, legal, HR, etc.?

So as you see, you have a lot of questions that need to be answered before you can start creating and implementing your policies. Once again, this will be a process. At times it will appear that no progress is being made, but don’t fret. It is important that everyone is in agreement on how the policies should be enforced. For those of you that are email administrators, doing this right the first time prevents you from having to be in the ‘restore’ business. I can think of much better ways to spend my time than to be performing restores because the policies were not approved by all those involved.

For more information on information governance policies, contact us today!