Many companies typically establish general guidelines around how each category is managed:
- Transitory information is retained only for a relatively short time frame, such as 90 or 180 days.
- Intended records are retained wholly in accordance with what policy dictates. For example, content related to HR matters might be required to be saved for seven years following the termination of the associated employee.
- Business value content is typically retained for an extended time period, based on company policy, such as two or three years, during which time ongoing retention or deletion can be left to user or attorney discretion.
If you don't have time to do it right, will you have time to do it over?
When most organisations first consider e-mail retention, they haven't yet realised the cost and risk impact. This is largely because many different factions in a corporation experience the burdens of messaging growth. Not surprisingly, the first to incur symptoms of e-mail excess is the IT department, as server space is devoured and system performance degrades.
To resolve their problems, IT departments have commonly invested in and implemented conventional e-mail archiving technologies - those that extract messages from the mail environment and store them in a more suitable place, while providing users with ongoing access to their messages.
Organisations often find themselves re-evaluating the investment after several years' time, with many discovering that terabytes upon terabytes of content have been accumulated arbitrarily and that they are uncertain if the information has any business relevance.
When such technologies were initially implemented, companies sidled up to a strategy that mandated the deletion of messages after they had been kept for a static number of years. What seems like a good idea to IT is, of course, not always in the best interest of the corporate legal department or the firm. With large-scale litigation in the headlines every week, and mismanaged e-mail the centerpiece of electronic evidence, lawyers realise that it is neither responsible nor defensible to delete information merely because it has reached a certain age.
Organisations can really only delete e-mail when it is clearly demonstrable what business relevance that information holds, and that its disposal is performed in good faith and in accordance with policy. This is why companies find themselves in a precarious and pressing situation: An inability to ever delete any information leaves the organisation floundering in a mire of unchecked content growth.
The challenge is no longer simply curbing the cost of storing e-mail, but instead, minimising the risk associated with keeping it.
Identify the right approach to e-mail retention
Companies take many different approaches to the capture of e-mail messages. There is, of course, no single strategy that fits the business environment and risk tolerance guidelines of every organisation. Thus, it is critical for companies to understand the cost and risk implications, as well as the business impact that any approach might incur.
Sign up for Computerworld eNewsletters.