Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1035
  • Last Modified:

Best practice in maintaining corporate email for legal reasons?

What is the best way to keep corporate email communications available
in the event that legal authorities may require those records in
coming years? Electronically through software or, would it actually
be better to keep huge searchable PDF documents of all email activity?

0
machine_run
Asked:
machine_run
  • 3
  • 2
  • 2
  • +6
3 Solutions
 
Scotty_ciscoCommented:
.PST files backed up IMHO
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
I don't see how a huge searchable PDF would be efficient.  Not to mention, PDFs don't handle attachments.  I'd suggest you investigate some e-mail compliance software.  If you use exchange, simply storing backups may be sufficient.  But in the past months I've read of some tools in eweek that specifically archive e-mail for compliance reasons.

Just search google for "email compliance" and you will get a large list of software, articles, and discussions on the topic.

This article seemed potentially interesting.
http://www.s-ox.com/Feature/detail.cfm?ArticleID=1068
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
PST files are ok, but I'm not sure they would qualify as "compliant" - problem being that some legal regulations MAY want any message that hits the mail server backed up and exporting to a PST file would not get deleted messages if they were new and quickly deleted.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
michael_heringCommented:
Scotty_cisco,

The correct answer depends on your organization's legal requirements. If your organization is subject to strict compliance stipulations, such has HIPPA or Sarbanes-Oxley, then you would be best served by spec'ing out some software that is designed to meet these requirements. There are several softwares available for archiving email for this exact purpose.

If you are not subject to outside regulation, you can do a whole spectrum of options. Anything from configuring your email server to retain email for a certain number of days after deletion to storage of old email in PSTs.

I hope this helps.
0
 
The--CaptainCommented:
?!?

You should consult your corporate legal team to determine what data you are *currently* legally required to retain, and retain *only* that data.

The only compelling reasons to retain data are for *your* benefit (not big brother's), and as currently required by law.

I think Microsoft learned this the hard way in their case with the US DoJ - I believe they have now implemented a policy where all emails not critical to current operations are deleted.

Also, there are liability issues to consider when retaining data - just ask the VA, who is currently facing a lawsuit that some have wondered is the most costly lawsuit in goverment history...

Once your legal team tells you what data the law requires you to retain (since I have no idea), I'll be happy to provide some opinions on how to do it...

Cheers,
-Jon
0
 
livedrive777Commented:
There are enterprise mail archiving solutions that allow for searchable database driven archiving of emails.  Some even allow end users to restore their entire mailbox to the state as of any time/date in the past.  One I just came across that seems to fit some of your basic requirements is this one: http://www.gfi.com/mailarchiver/
0
 
giltjrCommented:
michael_hering and The--Captain are 100% correct.  Before you implement a solution you must KNOW what the problem is.  If your company does not have a legal group or a laywer, get one.  If you are asking about keeping e-mail for legal reasons then you need a laywer.

Once you figure out what your legal requirments are then you can look at setting policies that allow you to meet the requirments, then you look at products that allow you to meet your policies and then ENFORCE THEM 100%.  If you have ONE e-mail that you should NOT have because of your polocies, they are going to want you to produce all e-mails.

The PDF file ain't that bad of an idea.  The company that I work for has been supenaed a few times.  You should see the look on the lawyer's faces when you say "Sure we have the last five years of e-mail.  It is printed off and stored in our warehouse, shouldn't take more that a year to go through it. Exactly what words did you want us to search for?"
0
 
nexissteveCommented:
We have implmented Legato Email Extender recently for this very reason.

I suggest you take a peek at it, The other plus to e-mail extender is you can ge rid of those damn annoying PST's

Cheers

Steve
0
 
norganCommented:
i keep a backup tape of full backup every month and keep a yearly forever. if you need to keep email then do a brick level backup to tape and set your rotation policy to include a kept tape for however long you are required to keep records.
0
 
livedrive777Commented:
I have heard of the Legato system as well and like the sound of it.  Again, I think you should be looking at something like that or some other DB driven enterprise app.  it is going to be much much easier to manage than PDFs or Tape backups.
0
 
machine_runAuthor Commented:
Thanks to all. It does depend on individual company circumstances as you've
pointed out. It looks like quite an inconvenience for business.
0
 
giltjrCommented:
Thanks  but PLEASE IMHO you should:

Unaccept my answer, all I did was re-enforce michael_hering and The--Captain answers.  

You can then accept either of their answers and give an assist to the other. If you wish you can also give me an assist.

To unaccept an answer:

     http://www.experts-exchange.com/help.jsp#hi17
0
 
michael_heringCommented:
Thanks giltjr in your honesty on this. It's nice when credit is given where due. =)
0
 
The--CaptainCommented:
>Thanks giltjr in your honesty on this

I've been discovering that giltjr is a very good person to know...

Cheers,
-Jon
0
 
giltjrCommented:
Thanks for the compliments guys.  I may have some weird quirks and be a bit overzealous at times, but I am always trying to be fair.  

michael_hering, welcome aboard and hopefully you will this as great of a site as I and others have.  

The--Captain, you and the other admin's have a thankless job and I do want to say thank you for the hard work you put in and the contributions you make.  You also are a very good person to know.
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

  • 3
  • 2
  • 2
  • +6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now