Problem solve Get help with specific problems with your technologies, process and projects.

E-mail retention security policy

What is a recommended e-mail retention policy? I understand e-mail retention will be different when dealing with an incident; however, what would be a sound policy and why?

This is such a tricky area, because it depends on a myriad of state, federal and other laws. I know that HIPAA, Sarbanes-Oxley Act, SEC, NASD and other federal regulations all have specific requirements on document retention that affect e-mail. Not being a lawyer and understanding your particular situation, it's hard to give a specific answer on this. I would suggest for starters reading the e-mail retention white paper and possibly speaking with a lawyer or consultant about your specific circumstances.

For more info on this topic, please visit these SearchSecurity.com resources:
  • Security Policies Tip: The security policy document library -- Site Security Handbook
  • Security Policies Tip: Writing a security policy
  • White paper: Developing Effective Security Policies

  • This was last published in August 2003

    Dig Deeper on Email and Messaging Threats-Information Security Threats

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.