Establishing an Effective Email Retention Policy

Despite the new collaborative communication tools on the market that combine unified messaging, video and/or other social media instruments, emails are still number one for both private users and enterprise business use.  According to the most recent Email Statistics Report from the Radicati Group, almost 113 billion emails were sent in 2015 for business reasons on a single day worldwide. Private individuals added another 93 billion emails to an astonishing figure of around 206 billion emails daily.

Modern enterprises rely on working email servers more than ever, but have difficulties coping with the ever growing amount of incoming and outgoing emails.  In addition, the market researchers from Radicati expect the amount of business emails to rise at a rate of at least 3 percent every year to an estimated 128 billion emails in 2019 worldwide.

Companies have other problems besides handling incoming and outgoing emails: An increasing number have to be stored for long periods of time due to laws and regulation, both on national level and multi-national levels.  With those facts in mind, how do companies free up storage space without risking penalties or fines when issues of litigation arise?  An effective email retention policy is a must for every company regardless of its size.  But how is that done?

Before writing your email retention policy there are several points to consider and to do:

Build a Team

Emails have an enormous impact on the productivity of all employees, so it's vital to build a team of specialists from every department before establishing an email retention policy.  Regardless of whether the emails will be retained using manual or automatic processing, every employee should have knowledge about how they handle “their” emails before they are stored.

Check Your Retention Requirements

Before you establish your email retention policy, you should check your necessary retention times. Because there are so many laws and regulations to cover, it's wise to divide all to be stored emails by:

     a)  The duration they have to be kept

If some emails have to be kept for seven years, for example, while others have only to be kept for two or four years, you could create three different storage folders which can be deleted after the necessary time has passed. This could be risky in some circumstances since emails that are normally required to be kept for a shorter period can have longer retention periods when they are related with another document with a longer storage period.

In this case an alternative approach can better suit your needs:

     b)  Choose the longest retention period for the email

If an email is related to a case where long retention periods are mandatory, it's wise – even if it is sometimes not necessary – to retain every email which interlinks with it to also be stored for this long.

As pointed out before, it makes sense in some cases to retain certain emails in relation to other documents, but these are most likely cases in which a project has a long reliability or impact. We're talking about highly regulated business fields, such as financial institutions or energy providers, offering long-lasting products and services (e.g, long credits and mortgages, construction of nuclear, coal or water power plants, etc.).

Most likely, the emails an ordinary enterprise has to retain is not connected to these fields, therefore you can:

Segment emails

Retention periods can - as we have pointed out - vary widely, therefore, storing your email according to the duration they have to be kept can be a wise approach. In this case all emails kept for four years are stored in a storage space for this duration, as other length emails are stored in different spaces or folders. According to your email retention policy, these emails can then be securely deleted after the scheduled expiration date.

Appropriate email retention policy structure

With these three important points considered it is now time to write down the email retention policy.  There are certain points a policy should contain. In most cases an email retention policy should include at least these points:

• Person or department responsible for the overall email policy
• Scope/coverage
• Purpose of the policy
• Procedures
• Responsibilities and relevant persons in each department
• Consequences (If the policy is not followed)

Lastly, it's important to mention that any email retention plan depends highly on the IT environment used. Whether the company uses a highly sophisticated archiving system or tape backups, the processes for keeping the emails accessible are the same.

It's also a good idea to consider  the problem of an unexpected data loss due to malfunction of the backup or archiving solution.  Therefore, the email retention policy should go hand in hand with a proper disaster recovery plan, which every company should already have in place.  In case of a data loss, the disaster recovery plan specifies all mandatory steps to be taken (including getting help for a professional data recovery specialist) to recover data. If such a plan is not available, it's likely that even through a proper email retention plan is established and running, emails needed for investigation cannot be accessed and huge fines must be paid.

Author:  Michael Nuncic