Solved

Best practice in maintaining corporate email for legal reasons?

Posted on 2006-06-08
16
1,026 Views
Last Modified: 2008-01-09
What is the best way to keep corporate email communications available
in the event that legal authorities may require those records in
coming years? Electronically through software or, would it actually
be better to keep huge searchable PDF documents of all email activity?

0
Comment
Question by:machine_run
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +6
16 Comments
 
LVL 12

Expert Comment

by:Scotty_cisco
ID: 16865395
.PST files backed up IMHO
0
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 16865423
I don't see how a huge searchable PDF would be efficient.  Not to mention, PDFs don't handle attachments.  I'd suggest you investigate some e-mail compliance software.  If you use exchange, simply storing backups may be sufficient.  But in the past months I've read of some tools in eweek that specifically archive e-mail for compliance reasons.

Just search google for "email compliance" and you will get a large list of software, articles, and discussions on the topic.

This article seemed potentially interesting.
http://www.s-ox.com/Feature/detail.cfm?ArticleID=1068
0
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 16865434
PST files are ok, but I'm not sure they would qualify as "compliant" - problem being that some legal regulations MAY want any message that hits the mail server backed up and exporting to a PST file would not get deleted messages if they were new and quickly deleted.
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
LVL 2

Assisted Solution

by:michael_hering
michael_hering earned 80 total points
ID: 16865466
Scotty_cisco,

The correct answer depends on your organization's legal requirements. If your organization is subject to strict compliance stipulations, such has HIPPA or Sarbanes-Oxley, then you would be best served by spec'ing out some software that is designed to meet these requirements. There are several softwares available for archiving email for this exact purpose.

If you are not subject to outside regulation, you can do a whole spectrum of options. Anything from configuring your email server to retain email for a certain number of days after deletion to storage of old email in PSTs.

I hope this helps.
0
 
LVL 16

Accepted Solution

by:
The--Captain earned 80 total points
ID: 16865582
?!?

You should consult your corporate legal team to determine what data you are *currently* legally required to retain, and retain *only* that data.

The only compelling reasons to retain data are for *your* benefit (not big brother's), and as currently required by law.

I think Microsoft learned this the hard way in their case with the US DoJ - I believe they have now implemented a policy where all emails not critical to current operations are deleted.

Also, there are liability issues to consider when retaining data - just ask the VA, who is currently facing a lawsuit that some have wondered is the most costly lawsuit in goverment history...

Once your legal team tells you what data the law requires you to retain (since I have no idea), I'll be happy to provide some opinions on how to do it...

Cheers,
-Jon
0
 
LVL 3

Expert Comment

by:livedrive777
ID: 16866036
There are enterprise mail archiving solutions that allow for searchable database driven archiving of emails.  Some even allow end users to restore their entire mailbox to the state as of any time/date in the past.  One I just came across that seems to fit some of your basic requirements is this one: http://www.gfi.com/mailarchiver/
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 90 total points
ID: 16867150
michael_hering and The--Captain are 100% correct.  Before you implement a solution you must KNOW what the problem is.  If your company does not have a legal group or a laywer, get one.  If you are asking about keeping e-mail for legal reasons then you need a laywer.

Once you figure out what your legal requirments are then you can look at setting policies that allow you to meet the requirments, then you look at products that allow you to meet your policies and then ENFORCE THEM 100%.  If you have ONE e-mail that you should NOT have because of your polocies, they are going to want you to produce all e-mails.

The PDF file ain't that bad of an idea.  The company that I work for has been supenaed a few times.  You should see the look on the lawyer's faces when you say "Sure we have the last five years of e-mail.  It is printed off and stored in our warehouse, shouldn't take more that a year to go through it. Exactly what words did you want us to search for?"
0
 
LVL 6

Expert Comment

by:nexissteve
ID: 16868055
We have implmented Legato Email Extender recently for this very reason.

I suggest you take a peek at it, The other plus to e-mail extender is you can ge rid of those damn annoying PST's

Cheers

Steve
0
 
LVL 3

Expert Comment

by:norgan
ID: 16869745
i keep a backup tape of full backup every month and keep a yearly forever. if you need to keep email then do a brick level backup to tape and set your rotation policy to include a kept tape for however long you are required to keep records.
0
 
LVL 3

Expert Comment

by:livedrive777
ID: 16869843
I have heard of the Legato system as well and like the sound of it.  Again, I think you should be looking at something like that or some other DB driven enterprise app.  it is going to be much much easier to manage than PDFs or Tape backups.
0
 
LVL 1

Author Comment

by:machine_run
ID: 16870057
Thanks to all. It does depend on individual company circumstances as you've
pointed out. It looks like quite an inconvenience for business.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 16870222
Thanks  but PLEASE IMHO you should:

Unaccept my answer, all I did was re-enforce michael_hering and The--Captain answers.  

You can then accept either of their answers and give an assist to the other. If you wish you can also give me an assist.

To unaccept an answer:

     http://www.experts-exchange.com/help.jsp#hi17
0
 
LVL 2

Expert Comment

by:michael_hering
ID: 16871382
Thanks giltjr in your honesty on this. It's nice when credit is given where due. =)
0
 
LVL 16

Expert Comment

by:The--Captain
ID: 16875691
>Thanks giltjr in your honesty on this

I've been discovering that giltjr is a very good person to know...

Cheers,
-Jon
0
 
LVL 57

Expert Comment

by:giltjr
ID: 16877712
Thanks for the compliments guys.  I may have some weird quirks and be a bit overzealous at times, but I am always trying to be fair.  

michael_hering, welcome aboard and hopefully you will this as great of a site as I and others have.  

The--Captain, you and the other admin's have a thankless job and I do want to say thank you for the hard work you put in and the contributions you make.  You also are a very good person to know.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses
Course of the Month5 days, 22 hours left to enroll

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question