What is a recommended e-mail retention policy? I understand e-mail retention will be different when dealing with an incident; however, what would be a sound policy and why?
This is such a tricky area, because it depends on a myriad of state, federal and other laws. I know that HIPAA, Sarbanes-Oxley Act, SEC, NASD and other federal regulations all have specific requirements on document retention that affect e-mail. Not being a lawyer and understanding your particular situation, it's hard to give a specific answer on this. I would suggest for starters reading the e-mail retention white paper and possibly speaking with a lawyer or consultant about your specific circumstances.
For more info on this topic, please visit these SearchSecurity.com resources:
Dig Deeper on Email and Messaging Threats-Information Security Threats
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.