Solved

Best practice in maintaining corporate email for legal reasons?

Posted on 2006-06-08
16
993 Views
Last Modified: 2008-01-09
What is the best way to keep corporate email communications available
in the event that legal authorities may require those records in
coming years? Electronically through software or, would it actually
be better to keep huge searchable PDF documents of all email activity?

0
Comment
Question by:machine_run
  • 3
  • 2
  • 2
  • +6
16 Comments
 
LVL 12

Expert Comment

by:Scotty_cisco
Comment Utility
.PST files backed up IMHO
0
 
LVL 95

Expert Comment

by:Lee W, MVP
Comment Utility
I don't see how a huge searchable PDF would be efficient.  Not to mention, PDFs don't handle attachments.  I'd suggest you investigate some e-mail compliance software.  If you use exchange, simply storing backups may be sufficient.  But in the past months I've read of some tools in eweek that specifically archive e-mail for compliance reasons.

Just search google for "email compliance" and you will get a large list of software, articles, and discussions on the topic.

This article seemed potentially interesting.
http://www.s-ox.com/Feature/detail.cfm?ArticleID=1068
0
 
LVL 95

Expert Comment

by:Lee W, MVP
Comment Utility
PST files are ok, but I'm not sure they would qualify as "compliant" - problem being that some legal regulations MAY want any message that hits the mail server backed up and exporting to a PST file would not get deleted messages if they were new and quickly deleted.
0
 
LVL 2

Assisted Solution

by:michael_hering
michael_hering earned 80 total points
Comment Utility
Scotty_cisco,

The correct answer depends on your organization's legal requirements. If your organization is subject to strict compliance stipulations, such has HIPPA or Sarbanes-Oxley, then you would be best served by spec'ing out some software that is designed to meet these requirements. There are several softwares available for archiving email for this exact purpose.

If you are not subject to outside regulation, you can do a whole spectrum of options. Anything from configuring your email server to retain email for a certain number of days after deletion to storage of old email in PSTs.

I hope this helps.
0
 
LVL 16

Accepted Solution

by:
The--Captain earned 80 total points
Comment Utility
?!?

You should consult your corporate legal team to determine what data you are *currently* legally required to retain, and retain *only* that data.

The only compelling reasons to retain data are for *your* benefit (not big brother's), and as currently required by law.

I think Microsoft learned this the hard way in their case with the US DoJ - I believe they have now implemented a policy where all emails not critical to current operations are deleted.

Also, there are liability issues to consider when retaining data - just ask the VA, who is currently facing a lawsuit that some have wondered is the most costly lawsuit in goverment history...

Once your legal team tells you what data the law requires you to retain (since I have no idea), I'll be happy to provide some opinions on how to do it...

Cheers,
-Jon
0
 
LVL 3

Expert Comment

by:livedrive777
Comment Utility
There are enterprise mail archiving solutions that allow for searchable database driven archiving of emails.  Some even allow end users to restore their entire mailbox to the state as of any time/date in the past.  One I just came across that seems to fit some of your basic requirements is this one: http://www.gfi.com/mailarchiver/
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 90 total points
Comment Utility
michael_hering and The--Captain are 100% correct.  Before you implement a solution you must KNOW what the problem is.  If your company does not have a legal group or a laywer, get one.  If you are asking about keeping e-mail for legal reasons then you need a laywer.

Once you figure out what your legal requirments are then you can look at setting policies that allow you to meet the requirments, then you look at products that allow you to meet your policies and then ENFORCE THEM 100%.  If you have ONE e-mail that you should NOT have because of your polocies, they are going to want you to produce all e-mails.

The PDF file ain't that bad of an idea.  The company that I work for has been supenaed a few times.  You should see the look on the lawyer's faces when you say "Sure we have the last five years of e-mail.  It is printed off and stored in our warehouse, shouldn't take more that a year to go through it. Exactly what words did you want us to search for?"
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 6

Expert Comment

by:nexissteve
Comment Utility
We have implmented Legato Email Extender recently for this very reason.

I suggest you take a peek at it, The other plus to e-mail extender is you can ge rid of those damn annoying PST's

Cheers

Steve
0
 
LVL 3

Expert Comment

by:norgan
Comment Utility
i keep a backup tape of full backup every month and keep a yearly forever. if you need to keep email then do a brick level backup to tape and set your rotation policy to include a kept tape for however long you are required to keep records.
0
 
LVL 3

Expert Comment

by:livedrive777
Comment Utility
I have heard of the Legato system as well and like the sound of it.  Again, I think you should be looking at something like that or some other DB driven enterprise app.  it is going to be much much easier to manage than PDFs or Tape backups.
0
 
LVL 1

Author Comment

by:machine_run
Comment Utility
Thanks to all. It does depend on individual company circumstances as you've
pointed out. It looks like quite an inconvenience for business.
0
 
LVL 57

Expert Comment

by:giltjr
Comment Utility
Thanks  but PLEASE IMHO you should:

Unaccept my answer, all I did was re-enforce michael_hering and The--Captain answers.  

You can then accept either of their answers and give an assist to the other. If you wish you can also give me an assist.

To unaccept an answer:

     http://www.experts-exchange.com/help.jsp#hi17
0
 
LVL 2

Expert Comment

by:michael_hering
Comment Utility
Thanks giltjr in your honesty on this. It's nice when credit is given where due. =)
0
 
LVL 16

Expert Comment

by:The--Captain
Comment Utility
>Thanks giltjr in your honesty on this

I've been discovering that giltjr is a very good person to know...

Cheers,
-Jon
0
 
LVL 57

Expert Comment

by:giltjr
Comment Utility
Thanks for the compliments guys.  I may have some weird quirks and be a bit overzealous at times, but I am always trying to be fair.  

michael_hering, welcome aboard and hopefully you will this as great of a site as I and others have.  

The--Captain, you and the other admin's have a thankless job and I do want to say thank you for the hard work you put in and the contributions you make.  You also are a very good person to know.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
My smart TV isn't so smart 14 70
Route summarization 9 40
Nexus OS - OSPF Command 3 28
contractual requirements for app hosting 3 22
What is IRC? IRC (Internet Relay Chat) is a form of communication between multiple users. It is available freely to anyone with inernet access. IRC is a great way to communicate with others e.g. There is an IRC channel for Ubuntu Linux, which is fo…
#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now