When it comes to policy, IT groups primarily will implement policies created by lawyers. But you can begin following these procedures to protect your company - and yourself, immediately.When it comes to policy, IT groups primarily will implement policies created by lawyers. But you can begin following these procedures to protect your company - and yourself, immediately:\u2022\u00a0 Don't delete employees' e-mail accounts the minute they leave the company. Disable the accounts instead. When workers leave a company, it often takes some time before their ex-employer decides to investigate their e-mail. For example, it's common for a salesman to move to a competitor. But if a suspicious number of his customers follow him a few weeks or months later, his former company may want to see what he was up to before he left.\u2022\u00a0 Don't go fishing. A "fishing expedition" is what Michelle Lang, an attorney with Kroll Ontrack Data Recovery, calls it when "high-level executives think something has occurred [on a worker's or former worker's computer], but they're not sure what," she says. "They go to IT and say, 'Why don't you boot up that PC and run a few searches, just to see what you can figure out?" Lang and other experts say you should think carefully before obeying such a request, no matter who makes it, for several reasons. For starters, you might jeopardize any case your company has. Simply booting up a PC can alter enough metadata to torpedo a court case. Moreover, you might be ordered to serve as a witness during a criminal or civil trial. One recommended approach is to archive former employees' e-mail. "If you convert Outlook to a PST file and burn it to a CD, you've got it for years," says Mike Finnie, a forensic specialist at Computer Forensics.\u2022\u00a0 When e-mail administrators move on to a new job, they often change passwords - a sound\u00a0security\u00a0policy. But keep a record of the old administrator's passwords to make it easier to access old e-mail files.\u2022\u00a0 Similarly, if you reconfigure your e-mail system, keep a record of the old system-specific nomenclature. For example, if you go from Microsoft Outlook Exchange Server to Lotus Notes, Finnie says, it's a good idea to hang on to Exchange's Site and Organization names, as well as the type of software used to create backups. Back to main feature: "CSI: Lost e-mails"