We are reviewing our e-mail retention policy and would like to know if there is a standard or policy already in
place for financial institutions. If not, what are best practices regarding how long to keep e-mails on both the server and the client?
I am not an expert in financial instituion regulations, but I believe government standards define a specific amount of time that e-mails must be retained. You should check with your compliance department to see what requirements you must follow. You can also take a look at PoliVec's Builder product, which help you build security policies. They have a template that follows the standards necessary to adhere to the requirements of the Gramm-Leach-Bliley Act for financial institutions.
For more information on this topic, visit these other SearchSecurity.com resources:
Best Web Links: Securing Financial Services/Banking
Best Web Links: Secure Messaging
Dig deeper on Email Security Guidelines, Encryption and Appliances
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.