Conferences & Events
Events for all Levels and InterestsStay
Jump Start Your Career GrowthStay
Get on the Higher Ed IT MapStay
Uncommon Thinking for the Common Good™Stay
FW: E-mail Retention and Gmail
I think you and Kyle are making a very important point that retention policy has to address removal at the appropriate time as well as retention. My feeling is that every institution is going to have to come to grips with this in terms of what makes sense for that particular institution. My previous institution was a State University and we had to comply with the State retention policy for Massachusetts State Agencies. That ignored students but had very strict rules for employees with different retention policies based on the content of the messages. The rule of thumb was 5 years for messages involving decision-making (with lots of exceptions and caveats), but for messages to or from senior staff (VP and higher) the retention period was “permanent”.
Thankfully I’m now at a private institution where we can craft simpler policies that are easier to implement. On the other hand my previous institution’s response to the complex requirement was to make individuals responsible for complying with retention policy with regards to their own messaging and that might make some sense. Here at Siena we use Postini for employees (faculty and staff) but accepted the Postini default retention of 10 years. My opinion is that is too long. I know of other institutions that have Postini retention measured in months rather than years. If the point is backup and self service recovery of deleted messages that makes sense. I should also say that there is at least one senior officer here who routinely deletes stuff from email and counts on Postini to find messages needed later. Also not unreasonable, but again there should be an institutional policy decision about the acceptable risks of keeping messaging that long.
All of this makes for a very interesting discussion, but doesn’t really address the original question from Anwar; to which I have to add my voice to those saying: why are you worrying about retention of student email? I’ve never heard of a retention policy that covers more than employees. If you do need to retain student email, and Postini is too expensive, you might look at the Barracuda mail archiving solution. It is an appliance based solution and pretty flexible in configuration.
From: Ethan Benatan [mailto:ebenatan@MARYLHURST.EDU]
Sent: Tuesday, March 06, 2012 8:12 PM
Subject: Re: E-mail Retention and Gmail
Kyle's point is spot on. I'm not sure what others are doing and would love to hear, but rather than accommodate general records retention policy into email retention policy, I'm trying to separate the two.
For one thing, I'm very uncomfortable with mixing up content that is specifically adressed in our records retention policy into the mess of email where users and accounts come and go and things are easy to delete. Plus, some kinds of information need to be retained for very long periods; that's not a good "floor" on which to build an email retention policy.
I am suggesting (and it's largely accepted at this point) that we revise our records retention policy to state that email can never be used to achieve compliance. Compliance can be achieved by digitally or physically filing things, or by ensuring data that is preserved in the ERP.
This would free us up to set email retention based only on other factors, probably at one year.
I'd love to hear others' thoughts on this!
Ethan Benatan, Ph.D.
Vice President for IT &
Chief Information Officer