Whether it is to meet operational needs for litigation readiness and eDiscovery, for compliance reasons or end-user liability, to save costs, or to solve other issues that come with corporate email communication, an email retention policy is always a great asset to help manage, store and archive corporate email messages. Even more so when research estimates that up to 75% of email content is considered critical to the successful operation of an organization (Osterman).
The answer for most organizations will clearly be yes! Companies which fall under Sarbanes-Oxley, SEC 17a-3/4, NASD 3010 or HIPAA regulations will need to have an email retention policy. Organizations seeking to pass a SAS 70 audit will want to have a policy even if no law or regulation requires it. Companies involved in litigation may find themselves required by court order to retain emails if they do not already have a policy in place. And even if a particular business does not fall under any of these categories, it may still want to implement an email retention policy to protect against general legal risk or customer complaints, and also to take advantage of the operational benefits email retention offers.
This can vary from industry to industry, and smaller companies may have different requirements from larger ones. If a company has a Documents Retention Specialist, they should consult him or her first to check what may be required and what policies are already in place regarding the retention of paper records. A company's corporate counsel is another resource, and should have specifics on any laws or contractual obligations that could affect an email retention policy. The important things to include are: clear, easy to understand requirements that are well documented, explained to all users, and that are enforced consistently across the organization. A policy should also address when email should be deleted, and provide a way to ensure that this occurs when it should. Business stakeholders should be also be consulted to ensure that the policy supports, rather than hinders, their business needs.
A legal hold is a process which an organization uses to preserve all forms of relevant information when litigation is reasonably anticipated. The legal hold is initiated by a notice or communication from legal counsel to an organization that suspends the normal processing of records, such as backup tape recycling, archiving, and other management of documents and information.
It is likely that an organization will be involved in litigation at some point during its history. Legal holds can come into play and could supersede any email retention policy that addresses destruction of data. It is therefore important to ensure that the technical systems in use have a way to store all email for any or all users covered by any court order or discovery request, and that it can prevent users from inadvertently deleting emails.
The answer is now. Especially in the following cases:
Email retention policy benefits in summary
With a comprehensive email retention policy in place that has been developed with the cooperative efforts of senior management, technology, legal and other sectors within the organization, together with the technology that can enforce and enhance the policy, such as email archiving software like GFI Archiver, email administrators can be well positioned to handle legal and operation issues if they occur.