Main Nav

We are planning to move our student e-mail service to Gmail (Google Apps for Higher Education). I am being asked by my project board to look in to the option of enforcing e-mail retention policy (i.e. 360 days). Has anyone done that with student e-mails using Gmail? Google does provide a service in conjunction with Postini that costs about $25 a year per user – very cost prohibitive for student e-mail solution.

 

Please let me know if you have been able to address the retention issue in some fashion without breaking the bank.

 

Regards,

 

 

********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

AttachmentSize
image001.gif7.56 KB

Comments

I think the question of why is a good one.  Keeping in mind that you probably already have a retention policy in place that causes email to students from faculty and staff to be retained  the practical effect of a student email retention policy would be to retain student to student or student to whomever email and I honestly can't think of a legitimate reason why you would want to do that.

Keith

***************************************************************************************************
Keith Boswell
Director of Information Technology and Engineering Computer Services
College of Engineering, North Carolina State University
Raleigh, North Carolina, 27695-7901

919-515-7930
***************************************************************************************************



We have everyone on Google Mail -- faculty, staff, students. We use Postini for faculty and staff, but not for student accounts.

P.S. The price you mention does not include the substantial educational discount.

Rick
Associate Provost for Technology & Information Systems
Wake Forest University


Kyle's point is spot on.  I'm not sure what others are doing and would love to hear, but rather than accommodate general records retention policy into email retention policy, I'm trying to separate the two.

For one thing, I'm very uncomfortable with mixing up content that is specifically adressed in our records retention policy into the mess of email where users and accounts come and go and things are easy to delete.  Plus, some kinds of information need to be retained for very long periods; that's not a good "floor" on which to build an email retention policy. 

I am suggesting (and it's largely accepted at this point) that we revise our records retention policy to state that email can never be used to achieve compliance. Compliance can be achieved by digitally or physically filing things, or by ensuring data that is preserved in the ERP. 

This would free us up to set email retention based only on other factors, probably at one year.

I'd love to hear others' thoughts on this!

Thanks,

Ethan

——
Ethan Benatan, Ph.D.
Vice President for IT & 
Chief Information Officer
503.699.6325   

MARYLHURST UNIVERSITY
You. Unlimited.



I should add that we chose to set Postini to retain one year of faculty and staff email. This choice was not driven by our document retention policy. As others have noted, blanket email retention is not the best way to support an institution's document retention and destruction policy.

Rick
Associate Provost for Technology & Information Systems



Message from rpickett@mail.sdsu.edu

Ethan,

We took the opposite approach and don't believe that email data should be considered any differently than other information that is covered by existing data retention policies.  We believe that the content, rather than the medium, dictates the appropriate procedures. This appears to be borne out in several E-discovery requests that I've received.  As a public university we are subject to additional requirements that aren't levied on private institutions. 

As soon as email no longer meets an operational need, in digital or paper format, we don't want it kept. We took the position that we will not archive any deleted email beyond a basic backup period.  In our 'legacy' email system (Mirapoint) it was 14 days for tape rotation.  Now that we moved to Google for employees it is 30 days, a period that is controlled by Google until it is irretrievably lost.  If we had control over the deletion period it would be 14 days, or less. 

Our Guidelines (we prefer 'guidelines' to 'policy' whenever possible) is at: http://bfa.sdsu.edu/policies/pdf/emailretnpolc.pdf

Chief Information Officer
San Diego State University
San Diego CA 92182-1604
Rich.Pickett@SDSU.edu
ETS.SDSU.edu
619-594-8370


From: Ethan Benatan <ebenatan@MARYLHURST.EDU>
Reply-To: "The EDUCAUSE CIO Constituent Group Listserv <CIO@LISTSERV.EDUCAUSE.EDU>" <CIO@LISTSERV.EDUCAUSE.EDU>
Date: Tue, 6 Mar 2012 17:12:19 -0800
To: "The EDUCAUSE CIO Constituent Group Listserv <CIO@LISTSERV.EDUCAUSE.EDU>" <CIO@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [CIO] E-mail Retention and Gmail

Kyle's point is spot on.  I'm not sure what others are doing and would love to hear, but rather than accommodate general records retention policy into email retention policy, I'm trying to separate the two.

For one thing, I'm very uncomfortable with mixing up content that is specifically adressed in our records retention policy into the mess of email where users and accounts come and go and things are easy to delete.  Plus, some kinds of information need to be retained for very long periods; that's not a good "floor" on which to build an email retention policy. 

I am suggesting (and it's largely accepted at this point) that we revise our records retention policy to state that email can never be used to achieve compliance. Compliance can be achieved by digitally or physically filing things, or by ensuring data that is preserved in the ERP. 

This would free us up to set email retention based only on other factors, probably at one year.

I'd love to hear others' thoughts on this!

Thanks,

Ethan

——
Ethan Benatan, Ph.D.
Vice President for IT & 
Chief Information Officer
503.699.6325   

MARYLHURST UNIVERSITY
You. Unlimited.



I like the approach since it gets IT out of the digital content management business, official or not.  We manage digital storage not digital content.  Practically speaking what alternate media do employees transfer official records to, paper (not so great for a sustainability policy)?  Since a records policy relies on individual interpretation and training, has it been audited to know what employees actually do?

Keith Nelson
Chief Technology Officer
Alma College

Email:  nelsonkr@alma.edu
Office:  989/463-7303
Fax:  989/463-7101

From: "Rich Pickett" <rpickett@MAIL.SDSU.EDU>
To: CIO@LISTSERV.EDUCAUSE.EDU
Sent: Wednesday, March 7, 2012 1:17:00 AM
Subject: Re: [CIO] E-mail Retention and Gmail

Ethan,

We took the opposite approach and don't believe that email data should be considered any differently than other information that is covered by existing data retention policies.  We believe that the content, rather than the medium, dictates the appropriate procedures. This appears to be borne out in several E-discovery requests that I've received.  As a public university we are subject to additional requirements that aren't levied on private institutions. 

As soon as email no longer meets an operational need, in digital or paper format, we don't want it kept. We took the position that we will not archive any deleted email beyond a basic backup period.  In our 'legacy' email system (Mirapoint) it was 14 days for tape rotation.  Now that we moved to Google for employees it is 30 days, a period that is controlled by Google until it is irretrievably lost.  If we had control over the deletion period it would be 14 days, or less. 

Our Guidelines (we prefer 'guidelines' to 'policy' whenever possible) is at: http://bfa.sdsu.edu/policies/pdf/emailretnpolc.pdf

Chief Information Officer
San Diego State University
San Diego CA 92182-1604
Rich.Pickett@SDSU.edu
ETS.SDSU.edu
619-594-8370


From: Ethan Benatan <ebenatan@MARYLHURST.EDU>
Reply-To: "The EDUCAUSE CIO Constituent Group Listserv <CIO@LISTSERV.EDUCAUSE.EDU>" <CIO@LISTSERV.EDUCAUSE.EDU>
Date: Tue, 6 Mar 2012 17:12:19 -0800
To: "The EDUCAUSE CIO Constituent Group Listserv <CIO@LISTSERV.EDUCAUSE.EDU>" <CIO@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [CIO] E-mail Retention and Gmail

Kyle's point is spot on.  I'm not sure what others are doing and would love to hear, but rather than accommodate general records retention policy into email retention policy, I'm trying to separate the two.

For one thing, I'm very uncomfortable with mixing up content that is specifically adressed in our records retention policy into the mess of email where users and accounts come and go and things are easy to delete.  Plus, some kinds of information need to be retained for very long periods; that's not a good "floor" on which to build an email retention policy. 

I am suggesting (and it's largely accepted at this point) that we revise our records retention policy to state that email can never be used to achieve compliance. Compliance can be achieved by digitally or physically filing things, or by ensuring data that is preserved in the ERP. 

This would free us up to set email retention based only on other factors, probably at one year.

I'd love to hear others' thoughts on this!

Thanks,

Ethan

——
Ethan Benatan, Ph.D.
Vice President for IT & 
Chief Information Officer
503.699.6325   

MARYLHURST UNIVERSITY
You. Unlimited.



Message from dthibeau@post03.curry.edu

Ethan,

 

We had the same approach as San Diego State for quite some time, that is, retaining e-mail only for the duration of the normal backup cycle, which in our case amounted to just over 30 days.  However, recently we implemented a change whereby we export the e-mail to a .pst file and burn it to a DVD just prior to deleting it.  We do that for employee only, not students.  The DVD is sent to HR where they keep it however long they feel it is necessary.

 

Dennis Thibeault

Curry College

 

 

From: The EDUCAUSE CIO Constituent Group Listserv [mailto:CIO@LISTSERV.EDUCAUSE.EDU] On Behalf Of Rich Pickett
Sent: Wednesday, March 07, 2012 1:17 AM
To: CIO@LISTSERV.EDUCAUSE.EDU
Subject: Re: [CIO] E-mail Retention and Gmail

 

Ethan,

 

We took the opposite approach and don't believe that email data should be considered any differently than other information that is covered by existing data retention policies.  We believe that the content, rather than the medium, dictates the appropriate procedures. This appears to be borne out in several E-discovery requests that I've received.  As a public university we are subject to additional requirements that aren't levied on private institutions. 

 

As soon as email no longer meets an operational need, in digital or paper format, we don't want it kept. We took the position that we will not archive any deleted email beyond a basic backup period.  In our 'legacy' email system (Mirapoint) it was 14 days for tape rotation.  Now that we moved to Google for employees it is 30 days, a period that is controlled by Google until it is irretrievably lost.  If we had control over the deletion period it would be 14 days, or less. 

 

Our Guidelines (we prefer 'guidelines' to 'policy' whenever possible) is at: http://bfa.sdsu.edu/policies/pdf/emailretnpolc.pdf


Chief Information Officer
San Diego State University
San Diego CA 92182-1604
Rich.Pickett@SDSU.edu
ETS.SDSU.edu
619-594-8370

 

 

From: Ethan Benatan <ebenatan@MARYLHURST.EDU>
Reply-To: "The EDUCAUSE CIO Constituent Group Listserv <CIO@LISTSERV.EDUCAUSE.EDU>" <CIO@LISTSERV.EDUCAUSE.EDU>
Date: Tue, 6 Mar 2012 17:12:19 -0800
To: "The EDUCAUSE CIO Constituent Group Listserv <CIO@LISTSERV.EDUCAUSE.EDU>" <CIO@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [CIO] E-mail Retention and Gmail

 

Kyle's point is spot on.  I'm not sure what others are doing and would love to hear, but rather than accommodate general records retention policy into email retention policy, I'm trying to separate the two.

 

For one thing, I'm very uncomfortable with mixing up content that is specifically adressed in our records retention policy into the mess of email where users and accounts come and go and things are easy to delete.  Plus, some kinds of information need to be retained for very long periods; that's not a good "floor" on which to build an email retention policy. 

 

I am suggesting (and it's largely accepted at this point) that we revise our records retention policy to state that email can never be used to achieve compliance. Compliance can be achieved by digitally or physically filing things, or by ensuring data that is preserved in the ERP. 

 

This would free us up to set email retention based only on other factors, probably at one year.

 

I'd love to hear others' thoughts on this!

 

Thanks,


Ethan

 

——

Ethan Benatan, Ph.D.

Vice President for IT & 

Chief Information Officer

503.699.6325   

 

MARYLHURST UNIVERSITY

You. Unlimited.



Close
Close


Connect: San Antonio
April 22–24
Register Now

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

Close

Digital Badges
Member recognition effort
Earn yours >

Career Center


Leadership and Management Programs

EDUCAUSE Institute
Project Management

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

 

Close
EDUCAUSE organizes its efforts around three IT Focus Areas

 

 

Join These Programs If Your Focus Is

Close

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

 

Close

2015 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.