What are the Storage rqmts by law for employee emails, IM's, phone calls and faxes?  How long back?

Posted on 2008-06-14
Last Modified: 2013-11-14
The laws that passed a few years back for Sarbanes Oxley and E-discovery require by law a company to store employee emails, IM's, phone calls and faxes for any legal issues that may arise.  The info I find does not clearly state how long this data must be stored and accessible when need to be searched upon.  I need this information to plan accordingly for a SAN.
Question by:jcs1977
  • 3
  • 2

Author Comment

ID: 21816496
why can no one answer this question and why does everywhere you go the law says you have to retain but no specifics????
LVL 54

Expert Comment

ID: 21827175
From what I have read on the law the period can be different in some cases and there are even some "grey" areas.  The general rule I have read and what I have heard the SEC, if it matters, uses is 7 years.  Let me know if you need more details.  There are actually companies and software made to help compliance with this and they would probably be a great resource for options and info if this act is one that will affect your company.


Author Comment

ID: 21871972
More details would be good or point me towards a reputable company.  
LVL 54

Accepted Solution

b0lsc0tt earned 500 total points
ID: 21877032
I don't have a specific company to recommend.  You should probably find one that is in your region or locale anyways.  I would be cautious about some that will sell you services and products but aren't really getting you fully compliant.  This is something where the rule "buyer beware" is adviseable and ignorance is no excuse for failure to comply.  Just a word of caution though.  There are many companies that should be able to help with this.

If you want a general idea then try a search like .  Looking at the sponsored links could be a good way to narrow down your choices.  Also adding your region or state would help.  Big (i.e. public) accounting/auditing firms should know these rules too and could help to point to reputable and good sources for IT related compliance.  Corporate law firms or companies would be another source.

I thought the info at was good and helpful.  If you want some other interesting articles on this then see:

There are lots of others.  I do hope these help.  Let me know if you have a question.

LVL 54

Expert Comment

ID: 21999060
I'm glad I could help.  Thanks for the grade, the points and the fun question.


Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to create SAN for end users 9 48
Can (similar to) Raid be accomplished with backup 20 49
S2D for SMB or vSAN 1 32
Scanning using HP Officejet 4650 6 27
As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
The business world is becoming increasingly integrated with tech. It’s not just for a select few anymore — but what about if you have a small business? It may be easier than you think to integrate technology into your small business, and it’s likely…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
This Micro Tutorial demonstrates  how Internet marketers work with competitive analysis data, and a common task in data preparation is creating separate column for domains. You will then extract from a list of URLs.

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question