Ask the Expert

E-mail retention security policy

What is a recommended e-mail retention policy? I understand e-mail retention will be different when dealing with an incident; however, what would be a sound policy and why?

    Requires Free Membership to View

This is such a tricky area, because it depends on a myriad of state, federal and other laws. I know that HIPAA, Sarbanes-Oxley Act, SEC, NASD and other federal regulations all have specific requirements on document retention that affect e-mail. Not being a lawyer and understanding your particular situation, it's hard to give a specific answer on this. I would suggest for starters reading the e-mail retention white paper and possibly speaking with a lawyer or consultant about your specific circumstances.

For more info on this topic, please visit these resources:
  • Security Policies Tip: The security policy document library -- Site Security Handbook
  • Security Policies Tip: Writing a security policy
  • White paper: Developing Effective Security Policies

  • This was first published in August 2003

    There are Comments. Add yours.

    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to: