Establishing an E-Mail Retention Policy: Preventing Potential Legal Nightmares

Author’s Note: This chapter discusses the security and privacy aspects concerning the use of electronic

mail in the workplace, and is intended to inform the security professional of some of the various issues

that need to be addressed when formulating an e-mail retention policy. The information presented in this

chapter, including potential policy suggestions, reflects the combined experiences of many organizations

and does not reflect the security or legal policy of any one organization in particular. The security

professional will need to apply the concepts presented in this chapter to best suit the business, legal, and

security needs of his or her own organization. In addition, the chapter discusses legal matters pertaining

to e-mail use, but should not be construed as giving legal advice. The security professional should consult

with legal counsel skilled in these areas before determining an appropriate course of action. The views

expressed are solely those of the author and not of any organization or entity to which the author belongs

or by which he is employed.