Hundreds if not thousands of emails fly around your company every day – client correspondence, strategy discussions, fiscal analyses and everything in between. It’s remarkably easy to delete an email containing important company information. How do you know which emails to save, exactly how best to save them and for how long? These are the things an email retention policy should clearly outline and so if you don’t have these answers at the ready – your business needs to design and implement one.
The reasons why you will benefit from an official email retention policy are simple – emails contain valuable company data and you don’t want to lose that data accidentally or through the negligence of any single employee. Email clients like Gmail offer easy-to-use archiving but are you certain that this is being used correctly? Do your employees understand the difference between deleting and archiving email? This is an important distinction – archiving removes the email from your inbox to avoid clutter but saves it indefinitely for future use. Deleting sends that same email to the trash (where it can still be retrieved) but marks it for actual deletion in a short period of time. Email retention policies and subsequent employee training offer significantly better protection for your company data assets.
A proper email retention policy can also shield your company from litigation and fines in the event of future e-discovery proceedings. You need to know what your specific industry requires in terms of regulatory compliance and then shape your email retention policy around that. The legal requirements vary by industry (i.e. 5 years for Public Companies according to Sarbanes Oxley) but it’s extremely important that your electronic data assets are in compliance at all times and an email retention policy will ensure this.
Now you’ve recognized the need for an email retention policy, designing one is the next step. The policy should solve the following issues: how to capture inbound and outbound messages (and their attachments), how to easily retrieve the retained emails (search), how to be in compliance with regulations relating to your business or industry specifically, and how to ensure that your retained data assets are secure or encrypted. To help design your policy first consider a few questions. What emails are relevant to keep? How long do you want to keep them? Determining the length of time to keep relevant emails will be partly dependent on your compliance requirements – start with the minimum required and work from there for an appropriate solution. In general, retaining emails for a longer amount of time than necessary exposes you to security and legal risks, however shorter retention periods may annoy your veteran employees who fear losing old email chains and the important data contained within. You must balance these when deciding on the parameters for your email retention policy. You can also segment your emails in order to only retain those necessary for compliance and in order to reduce your overall risk while being sensitive to the potential for data loss.
The last step for your email retention policy is implementation. How will you ensure that your employees are fully informed on the new policy? You’ll need to put measures in place both to train employees on new standard operating procedures as well as to outline the consequences of non-compliance on the new policy. Make sure to check out the different features available between Office 365 and Google Apps.
If you have any more questions about designing or implementing your own email retention policy, Bi101 are the experts. We’ve been through it all and we’re here to help! We will work with you to analyze your business and plan a road for the technological future. Read about some of our amazing success stories here and please reach out to us anytime for a free consultation!