Q

E-mail retention security policy

What is a recommended e-mail retention policy? I understand e-mail retention will be different when dealing with an incident; however, what would be a sound policy and why?


This is such a tricky area, because it depends on a myriad of state, federal and other laws. I know that HIPAA, Sarbanes-Oxley Act, SEC, NASD and other federal regulations all have specific requirements on document retention that affect e-mail. Not being a lawyer and understanding your particular situation, it's hard to give a specific answer on this. I would suggest for starters reading the e-mail retention white paper and possibly speaking with a lawyer or consultant about your specific circumstances.


For more info on this topic, please visit these SearchSecurity.com resources:
  • Security Policies Tip: The security policy document library -- Site Security Handbook
  • Security Policies Tip: Writing a security policy
  • White paper: Developing Effective Security Policies

  • This was first published in August 2003

    Dig deeper on Email Security Guidelines, Encryption and Appliances

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    This Content Component encountered an error
    Close