Email retention for non-regulated businesses?
-
What should the email retention policy be for companies that are not subject to any legal requirements?
Are there any best practices in this regard?
-
@pete-s In the US they tend to say "as short as possible." Email is always a legal quagmire and the best thing to do is to delete is as quickly as possible. Which, of course, can't be that fast. So we are generally talking 1-2 years. But you rarely want to keep it longer not because it likely contains details of people breaking the law, but because a legal discovery request is extremely expensive and a great way to attack even otherwise honorable businesses. It's a huge cost you can leverage against someone that they can only reasonably mitigate by not having much email to go through.
-
@scottalanmiller said in Email retention for non-regulated businesses?:
@pete-s In the US they tend to say "as short as possible." Email is always a legal quagmire and the best thing to do is to delete is as quickly as possible. Which, of course, can't be that fast. So we are generally talking 1-2 years. But you rarely want to keep it longer not because it likely contains details of people breaking the law, but because a legal discovery request is extremely expensive and a great way to attack even otherwise honorable businesses. It's a huge cost you can leverage against someone that they can only reasonably mitigate by not having much email to go through.
Man - that would be so awesome. But even if management did agree that - you'd have people that would be looking for ways to maintain the data for a much longer period - like printing and saving in a cabinet.. shudder.
-
@dashrender said in Email retention for non-regulated businesses?:
@scottalanmiller said in Email retention for non-regulated businesses?:
@pete-s In the US they tend to say "as short as possible." Email is always a legal quagmire and the best thing to do is to delete is as quickly as possible. Which, of course, can't be that fast. So we are generally talking 1-2 years. But you rarely want to keep it longer not because it likely contains details of people breaking the law, but because a legal discovery request is extremely expensive and a great way to attack even otherwise honorable businesses. It's a huge cost you can leverage against someone that they can only reasonably mitigate by not having much email to go through.
Man - that would be so awesome. But even if management did agree that - you'd have people that would be looking for ways to maintain the data for a much longer period - like printing and saving in a cabinet.. shudder.
I like many of the replies I get about cleaning out email. "Why, its free!" "Why, my 50 GB of email is nothing when we have 16TB drives for $200" "Why do I have to remove email older than 13 years, it isn't hurting anyone" "Why would I do that, I may need it later (Medicare Newsletters prior to 2010)" and the list goes on and on.
-
@pmoncho said in Email retention for non-regulated businesses?:
@dashrender said in Email retention for non-regulated businesses?:
@scottalanmiller said in Email retention for non-regulated businesses?:
@pete-s In the US they tend to say "as short as possible." Email is always a legal quagmire and the best thing to do is to delete is as quickly as possible. Which, of course, can't be that fast. So we are generally talking 1-2 years. But you rarely want to keep it longer not because it likely contains details of people breaking the law, but because a legal discovery request is extremely expensive and a great way to attack even otherwise honorable businesses. It's a huge cost you can leverage against someone that they can only reasonably mitigate by not having much email to go through.
Man - that would be so awesome. But even if management did agree that - you'd have people that would be looking for ways to maintain the data for a much longer period - like printing and saving in a cabinet.. shudder.
I like many of the replies I get about cleaning out email. "Why, its free!" "Why, my 50 GB of email is nothing when we have 16TB drives for $200" "Why do I have to remove email older than 13 years, it isn't hurting anyone" "Why would I do that, I may need it later (Medicare Newsletters prior to 2010)" and the list goes on and on.
Exactly!
But you do have a reply as to - Why - it's not hurting anyone - yes, yes it is.. it's hurting the company if we ever get sued and have to do a legal discovery through that data - not only is it time consuming - the information could be damning either for the thing they are looking for or something completely unrelated.
Then my next question is - if something is so important that you need to keep it - why is it in email in the first place? Why can't you get that data someplace else more related to whatever it is you're saving it for? (That said, I realize that other documentation for something simply don't exist).
-
@dashrender said in Email retention for non-regulated businesses?:
@pmoncho said in Email retention for non-regulated businesses?:
@dashrender said in Email retention for non-regulated businesses?:
@scottalanmiller said in Email retention for non-regulated businesses?:
@pete-s In the US they tend to say "as short as possible." Email is always a legal quagmire and the best thing to do is to delete is as quickly as possible. Which, of course, can't be that fast. So we are generally talking 1-2 years. But you rarely want to keep it longer not because it likely contains details of people breaking the law, but because a legal discovery request is extremely expensive and a great way to attack even otherwise honorable businesses. It's a huge cost you can leverage against someone that they can only reasonably mitigate by not having much email to go through.
Man - that would be so awesome. But even if management did agree that - you'd have people that would be looking for ways to maintain the data for a much longer period - like printing and saving in a cabinet.. shudder.
I like many of the replies I get about cleaning out email. "Why, its free!" "Why, my 50 GB of email is nothing when we have 16TB drives for $200" "Why do I have to remove email older than 13 years, it isn't hurting anyone" "Why would I do that, I may need it later (Medicare Newsletters prior to 2010)" and the list goes on and on.
Exactly!
But you do have a reply as to - Why - it's not hurting anyone - yes, yes it is.. it's hurting the company if we ever get sued and have to do a legal discovery through that data - not only is it time consuming - the information could be damning either for the thing they are looking for or something completely unrelated.
Then my next question is - if something is so important that you need to keep it - why is it in email in the first place? Why can't you get that data someplace else more related to whatever it is you're saving it for? (That said, I realize that other documentation for something simply don't exist).
Maybe because it's so difficult to get it out of the email system.
Let's say you want to make document in pdf or something of an email conversation that you want to keep.
The emails you received is in some folder somewhere or tagged with something and the ones you sent is in the sent folder. If you have a threaded view the email client show them together.
But is there an easy way to push a button and get that conversation with every email in the right order into one pdf document? Usually not.
-
@pete-s said in Email retention for non-regulated businesses?:
@dashrender said in Email retention for non-regulated businesses?:
@pmoncho said in Email retention for non-regulated businesses?:
@dashrender said in Email retention for non-regulated businesses?:
@scottalanmiller said in Email retention for non-regulated businesses?:
@pete-s In the US they tend to say "as short as possible." Email is always a legal quagmire and the best thing to do is to delete is as quickly as possible. Which, of course, can't be that fast. So we are generally talking 1-2 years. But you rarely want to keep it longer not because it likely contains details of people breaking the law, but because a legal discovery request is extremely expensive and a great way to attack even otherwise honorable businesses. It's a huge cost you can leverage against someone that they can only reasonably mitigate by not having much email to go through.
Man - that would be so awesome. But even if management did agree that - you'd have people that would be looking for ways to maintain the data for a much longer period - like printing and saving in a cabinet.. shudder.
I like many of the replies I get about cleaning out email. "Why, its free!" "Why, my 50 GB of email is nothing when we have 16TB drives for $200" "Why do I have to remove email older than 13 years, it isn't hurting anyone" "Why would I do that, I may need it later (Medicare Newsletters prior to 2010)" and the list goes on and on.
Exactly!
But you do have a reply as to - Why - it's not hurting anyone - yes, yes it is.. it's hurting the company if we ever get sued and have to do a legal discovery through that data - not only is it time consuming - the information could be damning either for the thing they are looking for or something completely unrelated.
Then my next question is - if something is so important that you need to keep it - why is it in email in the first place? Why can't you get that data someplace else more related to whatever it is you're saving it for? (That said, I realize that other documentation for something simply don't exist).
Maybe because it's so difficult to get it out of the email system.
Let's say you want to make document in pdf or something of an email conversation that you want to keep.
The emails you received is in some folder somewhere or tagged with something and the ones you sent is in the sent folder. If you have a threaded view the email client show them together.
But is there an easy way to push a button and get that conversation with every email in the right order into one pdf document? Usually not.
I understand that - and keeping things like that for a short time - say 2 years is fine... but if it needs to be more ephemeral than that, shouldn't there be some kind of policy or whatever it's about created to document such an important thing?
-
@dashrender said in Email retention for non-regulated businesses?:
@pete-s said in Email retention for non-regulated businesses?:
@dashrender said in Email retention for non-regulated businesses?:
@pmoncho said in Email retention for non-regulated businesses?:
@dashrender said in Email retention for non-regulated businesses?:
@scottalanmiller said in Email retention for non-regulated businesses?:
@pete-s In the US they tend to say "as short as possible." Email is always a legal quagmire and the best thing to do is to delete is as quickly as possible. Which, of course, can't be that fast. So we are generally talking 1-2 years. But you rarely want to keep it longer not because it likely contains details of people breaking the law, but because a legal discovery request is extremely expensive and a great way to attack even otherwise honorable businesses. It's a huge cost you can leverage against someone that they can only reasonably mitigate by not having much email to go through.
Man - that would be so awesome. But even if management did agree that - you'd have people that would be looking for ways to maintain the data for a much longer period - like printing and saving in a cabinet.. shudder.
I like many of the replies I get about cleaning out email. "Why, its free!" "Why, my 50 GB of email is nothing when we have 16TB drives for $200" "Why do I have to remove email older than 13 years, it isn't hurting anyone" "Why would I do that, I may need it later (Medicare Newsletters prior to 2010)" and the list goes on and on.
Exactly!
But you do have a reply as to - Why - it's not hurting anyone - yes, yes it is.. it's hurting the company if we ever get sued and have to do a legal discovery through that data - not only is it time consuming - the information could be damning either for the thing they are looking for or something completely unrelated.
Then my next question is - if something is so important that you need to keep it - why is it in email in the first place? Why can't you get that data someplace else more related to whatever it is you're saving it for? (That said, I realize that other documentation for something simply don't exist).
Maybe because it's so difficult to get it out of the email system.
Let's say you want to make document in pdf or something of an email conversation that you want to keep.
The emails you received is in some folder somewhere or tagged with something and the ones you sent is in the sent folder. If you have a threaded view the email client show them together.
But is there an easy way to push a button and get that conversation with every email in the right order into one pdf document? Usually not.
I understand that - and keeping things like that for a short time - say 2 years is fine... but if it needs to be more ephemeral than that, shouldn't there be some kind of policy or whatever it's about created to document such an important thing?
Probably yes. If it's something important you need to keep for many years it sounds the information should be in some kind of contract, project documentation or similar type of document.
-
@dashrender said in Email retention for non-regulated businesses?:
@pmoncho said in Email retention for non-regulated businesses?:
@dashrender said in Email retention for non-regulated businesses?:
@scottalanmiller said in Email retention for non-regulated businesses?:
@pete-s In the US they tend to say "as short as possible." Email is always a legal quagmire and the best thing to do is to delete is as quickly as possible. Which, of course, can't be that fast. So we are generally talking 1-2 years. But you rarely want to keep it longer not because it likely contains details of people breaking the law, but because a legal discovery request is extremely expensive and a great way to attack even otherwise honorable businesses. It's a huge cost you can leverage against someone that they can only reasonably mitigate by not having much email to go through.
Man - that would be so awesome. But even if management did agree that - you'd have people that would be looking for ways to maintain the data for a much longer period - like printing and saving in a cabinet.. shudder.
I like many of the replies I get about cleaning out email. "Why, its free!" "Why, my 50 GB of email is nothing when we have 16TB drives for $200" "Why do I have to remove email older than 13 years, it isn't hurting anyone" "Why would I do that, I may need it later (Medicare Newsletters prior to 2010)" and the list goes on and on.
Exactly!
But you do have a reply as to - Why - it's not hurting anyone - yes, yes it is.. it's hurting the company if we ever get sued and have to do a legal discovery through that data - not only is it time consuming - the information could be damning either for the thing they are looking for or something completely unrelated.
This explanation has fallen on deaf ears numerous times. As they say, people learn best from pain. So until it happens and the company has to fork out $$$$ for discovery, it won't change. Heck, it may not change after that.
-
@dashrender said in Email retention for non-regulated businesses?:
@pmoncho said in Email retention for non-regulated businesses?:
@dashrender said in Email retention for non-regulated businesses?:
@scottalanmiller said in Email retention for non-regulated businesses?:
@pete-s In the US they tend to say "as short as possible." Email is always a legal quagmire and the best thing to do is to delete is as quickly as possible. Which, of course, can't be that fast. So we are generally talking 1-2 years. But you rarely want to keep it longer not because it likely contains details of people breaking the law, but because a legal discovery request is extremely expensive and a great way to attack even otherwise honorable businesses. It's a huge cost you can leverage against someone that they can only reasonably mitigate by not having much email to go through.
Man - that would be so awesome. But even if management did agree that - you'd have people that would be looking for ways to maintain the data for a much longer period - like printing and saving in a cabinet.. shudder.
I like many of the replies I get about cleaning out email. "Why, its free!" "Why, my 50 GB of email is nothing when we have 16TB drives for $200" "Why do I have to remove email older than 13 years, it isn't hurting anyone" "Why would I do that, I may need it later (Medicare Newsletters prior to 2010)" and the list goes on and on.
Exactly!
Then my next question is - if something is so important that you need to keep it - why is it in email in the first place? Why can't you get that data someplace else more related to whatever it is you're saving it for? (That said, I realize that other documentation for something simply don't exist).
Don't you dare get me started down this path. I had HUGE arguments about this with an ex-employee over the period of 10 years. The user could not/would not understand her email box is not a document database / DMS. The last I counted, she had over 300 different nested folders in her email.
Now that the user is gone, their mail copied to a shared mailbox for management to hunt/search and waste their time with if they choose.
-
@pmoncho said in Email retention for non-regulated businesses?:
@dashrender said in Email retention for non-regulated businesses?:
@pmoncho said in Email retention for non-regulated businesses?:
@dashrender said in Email retention for non-regulated businesses?:
@scottalanmiller said in Email retention for non-regulated businesses?:
@pete-s In the US they tend to say "as short as possible." Email is always a legal quagmire and the best thing to do is to delete is as quickly as possible. Which, of course, can't be that fast. So we are generally talking 1-2 years. But you rarely want to keep it longer not because it likely contains details of people breaking the law, but because a legal discovery request is extremely expensive and a great way to attack even otherwise honorable businesses. It's a huge cost you can leverage against someone that they can only reasonably mitigate by not having much email to go through.
Man - that would be so awesome. But even if management did agree that - you'd have people that would be looking for ways to maintain the data for a much longer period - like printing and saving in a cabinet.. shudder.
I like many of the replies I get about cleaning out email. "Why, its free!" "Why, my 50 GB of email is nothing when we have 16TB drives for $200" "Why do I have to remove email older than 13 years, it isn't hurting anyone" "Why would I do that, I may need it later (Medicare Newsletters prior to 2010)" and the list goes on and on.
Exactly!
Then my next question is - if something is so important that you need to keep it - why is it in email in the first place? Why can't you get that data someplace else more related to whatever it is you're saving it for? (That said, I realize that other documentation for something simply don't exist).
Don't you dare get me started down this path. I had HUGE arguments about this with an ex-employee over the period of 10 years. The user could not/would not understand her email box is not a document database / DMS. The last I counted, she had over 300 different nested folders in her email.
Now that the user is gone, their mail copied to a shared mailbox for management to hunt/search and waste their time with if they choose.
It probably easier to have retention policy in place from the start.
If you know email retention is time-limited, you'd have to come up with some other way to store things.
But some people are just hopeless no matter what...