|
 |
| |
Email Retention Policy
In order to create a records retention policy for email, you need to address these important considerations:
 |
Involve all areas of the company |
|
Understand what regulatory or legal factors your company is subject to |
|
Determine how you will enforce the policy |
|
Communicate the new policy to all employees |
Involving all areas of the company:
First, many companies make the mistake of not involving all areas of the company in the creation of the email retention policy.
An email retention policy is not just a legal document, it will effect employee productivity company-wide. It is important that
you understand how employees use the email system. Do they create their own personal archives? How often do they reference old
emails? Understanding these things will ensure you don't put in place procedures that will adversely affect
employee productivity.
|
|
|
| |
Understand the relevant regulatory or legal factors:
Is your company in a heavily regulated industry that has existing data retention requirements? For example, banks and other
financial institutions have data retention requirements under the Gramm-Leach-Bliley Act, brokers and traders have data retention
requirements under the SEC and FINRA regulations, hospitals and other medical institutions need to worry about regulations under
HIPAA and all publicly traded companies in the U.S. have data retention requirements under Sarbanes-Oxley. These regulations
all have retention requirements which include email. Legal considerations mainly revolve around your company's current legal
status (i.e., are you in the midst of a court case which could include discovery of company email). It is always best to have
an email retention policy in place before legal proceedings.
How will you enforce the policy:
Are you planning to put an automated email archiving system in place, or will you rely on manual procedures? You can rely on
manual procedures, but you will need to include step-by-step email retention instructions that employees can follow and employee
training to ensure the policy enforcement. In most cases, an automated email archiving system will ensure policy enforcement
and raise employee productivity.
Communicating the new policy to all employees:
Employee communication and training can lower your compliance risk and legal liability. A good email retention policy
should cover the following:
| 1. |
Person or department responsible for the policy |
| 2. |
Scope/coverage |
| 3. |
Purpose of the policy |
| 4. |
Policy statement: This can include a company philosophy statement about the business/legal/regulatory reasons for records retention |
| 5. |
Definitions |
| 6. |
Responsibilities/Procedures |
| 7. |
Consequences if the policy is not followed |
| 8. |
Effective date |
|
|
|
|
