ABSTRACT
Author’s Note: This chapter discusses the security and privacy aspects concerning the use of electronic
mail in the workplace, and is intended to inform the security professional of some of the various issues
that need to be addressed when formulating an e-mail retention policy. The information presented in this
chapter, including potential policy suggestions, reflects the combined experiences of many organizations
and does not reflect the security or legal policy of any one organization in particular. The security
professional will need to apply the concepts presented in this chapter to best suit the business, legal, and
security needs of his or her own organization. In addition, the chapter discusses legal matters pertaining
to e-mail use, but should not be construed as giving legal advice. The security professional should consult
with legal counsel skilled in these areas before determining an appropriate course of action. The views
expressed are solely those of the author and not of any organization or entity to which the author belongs
or by which he is employed.