- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
Network World - Continuing in my role as the Greek chorus of the e-mail world ("Woe is us, woe is us") I have spent the last two weeks getting you worried about what your users write in their messages and the problems of monitoring. I finished last week by asking, "But what about e-mail retention? How long should you keep e-mail around?"
I asked my e-discovery expert, Elizabeth Charnock of Cataphora, her advice about corporate retention policies.
My first question was the obvious one: Why is an e-mail retention policy important?
Charnock's answer: "Despite the old chestnut about consistency being the hobgoblin of small minds, there is a practical reality that a very well-defined e-mail retention policy that is consistently executed is next to impossible to challenge in the event of any kind of litigation. Let's say a company deletes all e-mails from its mail servers automatically on the last day of each month. Anyone showing up with a subpoena for electronic data on the first of the month is then out of luck, at least with respect to items that existed only on such servers."
Charnock went on to point out: "If, on the other hand, like Frank Quattrone [former head of Credit Suisse First Boston's technology investment banking business, who looks like he will be doing time for financial chicanery] you suddenly decide one day that you ought to remind your employees about your not very well-enforced retention policy, you are opening yourself up to the accusation that this reminder was motivated by fear or certain knowledge of specific events. Leaving the door even a crack open with respect to allegations of selective 'end of lifing' of data is an unnecessary and foolish business risk."
Asked what a good, general retention policy would be, Charnock says "it depends on the needs and characteristics of the business. There is no one-size-fits-all policy."
She points out that regulatory issues aside, some key issues to consider are:
Charnock says, "The ultimate question is, all things considered, in the case of the individual business, what system of retention yields the highest ROI and/or least risk."
Given that disk space is getting less expensive every year, keeping everything forever is feasible and, indeed, being done in practice. Is that a good idea?
She reckons it probably isn't: "The cost isn't much of a motivator, obviously, but the best case is that, apart from litigation, old archived information is unlikely to ever be resurrected. Of course having it around for litigation is a double-edged sword, but one side is usually much sharper than the other. So it is very hard to find much upside in such a strategy, but there are some downsides - at least some costs, and possibly a really large downside if the company is issued an incredibly broad subpoena that they can't manage to negotiate downward."