Wednesday, December 24, 2008

New white paper on email retention requirements and policies is available


Today, Web Buyer’s Guide, Message Labs (part of Symantec), and the sPolicy Institute offer a white paper on email retention practices in organizations (especially IT and financial institutions). The paper is by Nancy Flynn (executive director of the ePolicy Institute, author of “Blog Rules”, a book published by the AMA early during the debate on (controversial) blogging and the workplace. The link for downloading the PDF whitepaper is here.

I recall hearing back around 2001 that employers often encouraged associates to delete unnecessary emails because they could simply become fodder for litigation later. Now the legal climate seems to have changed. Employers should have policies on what constitutes “business records” and need to have regular policies for backing up and preserving email “business records”, to the point that information technology departments often must perform major projects to comply.

Email retention policies can be driven by other requirements, such as Sarbanes-Oxley (SOX), the Health Insurance Portability and Accountability Act (HIPAA), and the Graham-Lleach-Bliley Act (GLBA), and NYSE, NASD and SEC regulations.

No comments: