Problem solve Get help with specific problems with your technologies, process and projects.

E-mail retention security policy

What is a recommended e-mail retention policy? I understand e-mail retention will be different when dealing with...

an incident; however, what would be a sound policy and why?

This is such a tricky area, because it depends on a myriad of state, federal and other laws. I know that HIPAA, Sarbanes-Oxley Act, SEC, NASD and other federal regulations all have specific requirements on document retention that affect e-mail. Not being a lawyer and understanding your particular situation, it's hard to give a specific answer on this. I would suggest for starters reading the e-mail retention white paper and possibly speaking with a lawyer or consultant about your specific circumstances.

For more info on this topic, please visit these SearchSecurity.com resources:
  • Security Policies Tip: The security policy document library -- Site Security Handbook
  • Security Policies Tip: Writing a security policy
  • White paper: Developing Effective Security Policies

  • This was last published in August 2003

    Dig Deeper on Email and Messaging Threats-Information Security Threats

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    Start the conversation

    Send me notifications when other members comment.

    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

    Please create a username to comment.