Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Best practice in maintaining corporate email for legal reasons?

Posted on 2006-06-08
16
Medium Priority
?
1,031 Views
Last Modified: 2008-01-09
What is the best way to keep corporate email communications available
in the event that legal authorities may require those records in
coming years? Electronically through software or, would it actually
be better to keep huge searchable PDF documents of all email activity?

0
Comment
Question by:machine_run
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +6
16 Comments
 
LVL 12

Expert Comment

by:Scotty_cisco
ID: 16865395
.PST files backed up IMHO
0
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 16865423
I don't see how a huge searchable PDF would be efficient.  Not to mention, PDFs don't handle attachments.  I'd suggest you investigate some e-mail compliance software.  If you use exchange, simply storing backups may be sufficient.  But in the past months I've read of some tools in eweek that specifically archive e-mail for compliance reasons.

Just search google for "email compliance" and you will get a large list of software, articles, and discussions on the topic.

This article seemed potentially interesting.
http://www.s-ox.com/Feature/detail.cfm?ArticleID=1068
0
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 16865434
PST files are ok, but I'm not sure they would qualify as "compliant" - problem being that some legal regulations MAY want any message that hits the mail server backed up and exporting to a PST file would not get deleted messages if they were new and quickly deleted.
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
LVL 2

Assisted Solution

by:michael_hering
michael_hering earned 320 total points
ID: 16865466
Scotty_cisco,

The correct answer depends on your organization's legal requirements. If your organization is subject to strict compliance stipulations, such has HIPPA or Sarbanes-Oxley, then you would be best served by spec'ing out some software that is designed to meet these requirements. There are several softwares available for archiving email for this exact purpose.

If you are not subject to outside regulation, you can do a whole spectrum of options. Anything from configuring your email server to retain email for a certain number of days after deletion to storage of old email in PSTs.

I hope this helps.
0
 
LVL 16

Accepted Solution

by:
The--Captain earned 320 total points
ID: 16865582
?!?

You should consult your corporate legal team to determine what data you are *currently* legally required to retain, and retain *only* that data.

The only compelling reasons to retain data are for *your* benefit (not big brother's), and as currently required by law.

I think Microsoft learned this the hard way in their case with the US DoJ - I believe they have now implemented a policy where all emails not critical to current operations are deleted.

Also, there are liability issues to consider when retaining data - just ask the VA, who is currently facing a lawsuit that some have wondered is the most costly lawsuit in goverment history...

Once your legal team tells you what data the law requires you to retain (since I have no idea), I'll be happy to provide some opinions on how to do it...

Cheers,
-Jon
0
 
LVL 3

Expert Comment

by:livedrive777
ID: 16866036
There are enterprise mail archiving solutions that allow for searchable database driven archiving of emails.  Some even allow end users to restore their entire mailbox to the state as of any time/date in the past.  One I just came across that seems to fit some of your basic requirements is this one: http://www.gfi.com/mailarchiver/
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 360 total points
ID: 16867150
michael_hering and The--Captain are 100% correct.  Before you implement a solution you must KNOW what the problem is.  If your company does not have a legal group or a laywer, get one.  If you are asking about keeping e-mail for legal reasons then you need a laywer.

Once you figure out what your legal requirments are then you can look at setting policies that allow you to meet the requirments, then you look at products that allow you to meet your policies and then ENFORCE THEM 100%.  If you have ONE e-mail that you should NOT have because of your polocies, they are going to want you to produce all e-mails.

The PDF file ain't that bad of an idea.  The company that I work for has been supenaed a few times.  You should see the look on the lawyer's faces when you say "Sure we have the last five years of e-mail.  It is printed off and stored in our warehouse, shouldn't take more that a year to go through it. Exactly what words did you want us to search for?"
0
 
LVL 6

Expert Comment

by:nexissteve
ID: 16868055
We have implmented Legato Email Extender recently for this very reason.

I suggest you take a peek at it, The other plus to e-mail extender is you can ge rid of those damn annoying PST's

Cheers

Steve
0
 
LVL 3

Expert Comment

by:norgan
ID: 16869745
i keep a backup tape of full backup every month and keep a yearly forever. if you need to keep email then do a brick level backup to tape and set your rotation policy to include a kept tape for however long you are required to keep records.
0
 
LVL 3

Expert Comment

by:livedrive777
ID: 16869843
I have heard of the Legato system as well and like the sound of it.  Again, I think you should be looking at something like that or some other DB driven enterprise app.  it is going to be much much easier to manage than PDFs or Tape backups.
0
 
LVL 1

Author Comment

by:machine_run
ID: 16870057
Thanks to all. It does depend on individual company circumstances as you've
pointed out. It looks like quite an inconvenience for business.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 16870222
Thanks  but PLEASE IMHO you should:

Unaccept my answer, all I did was re-enforce michael_hering and The--Captain answers.  

You can then accept either of their answers and give an assist to the other. If you wish you can also give me an assist.

To unaccept an answer:

     http://www.experts-exchange.com/help.jsp#hi17
0
 
LVL 2

Expert Comment

by:michael_hering
ID: 16871382
Thanks giltjr in your honesty on this. It's nice when credit is given where due. =)
0
 
LVL 16

Expert Comment

by:The--Captain
ID: 16875691
>Thanks giltjr in your honesty on this

I've been discovering that giltjr is a very good person to know...

Cheers,
-Jon
0
 
LVL 57

Expert Comment

by:giltjr
ID: 16877712
Thanks for the compliments guys.  I may have some weird quirks and be a bit overzealous at times, but I am always trying to be fair.  

michael_hering, welcome aboard and hopefully you will this as great of a site as I and others have.  

The--Captain, you and the other admin's have a thankless job and I do want to say thank you for the hard work you put in and the contributions you make.  You also are a very good person to know.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question