Forums

It should have been said at the very beginning of the podcast that all employees should see if their company has a policy regarding document and records management and retention policies regarding emails.

I know that if I did what is recommended in this podcast I would be fired. The company believes that the legal risk of fines associated with deleting company records outweighs the cost of cloud storage space for emails.

Ted

techmgr's picture

Some companies absolutely have policy and regulations with which they must comply around email storage. But if they do, it is only enforceable on the backend email system itself. A policy that depends on individuals to not accidentally delete important emails is not a serious policy. And they will inevitably run into legal trouble. I've built and managed email systems for almost 15 years. It's trivial for an IT dept to ensure that all or selected email is archived even when employees are deleting them in their email client. This goes for hosted email services such as gmail. If the company is serious about archiving email, they are using server-side tools to do so. You may not even be aware of it. 

tedtschopp's picture

Everything you said doesn't change my recommendation. 

Before deleting emails, check with the companies policies controlling employee behavior regarding documents and records management as it relates to email. 

I work for a fortune 200 company in a highly regulated environment where we spend over $300 million dollars a year on IT functions and have the most modern email systems and in order to meet our regulatory obligations we have a policy that controls employee behavior on deleting email. I am one on the governance board at our company that over sees these issues. 

i should also mention that the policies generally don't tell you you can't delete something, they give you the business events that dictate when you can delete a company document or record. 

 

Ted

techmgr's picture

Ted, as a member of the governance board you have set policies for th governance of IT. And the IT department is enforcing those policies by creating duplicates of every email received and sent. When someone deletes an email using their email client, they are only deleting it from a specific server location. They are not deleting the archived email. It's not possible for any individual to delete an archived email using an email client if the IT dept is doing what it should be doing in a regulated industry. 

If you have policies about individuals deleting emails because you really do believe that they are irreversibly deleting emails, then you should have grave doubts about your IT dept. My highly educated guess is that the policies are not necessary because IT is properly archiving everything that comes in and goes out, on separate systems that are not accessible in an way by anyone other than specific IT staff. These archived emails are not accessible by any protocol used by any email client. It is impossible to delete the email, because the email is on an entirely different system that is not an actual "email system".

Why do I care? Because I care about security and governance of IT. Policies about email are enforced by the IT department. They must be. What happens if some accidentally deletes an email? No IT dept worth their salt would let that single action put a company in the legal position of non compliance. There are backups. Email servers are not archive storage. That's not how email protocols work. Your IT dept likely has not one but multiple, redundant backed up easy to restore file storage for every email that's been deleted by individuals using email clients. As your IT leadership to explain the architecture. Asking people to keep gigs of email in their mail spool is unnecessary. 

tedtschopp's picture

I am in Enterprise Architecture responsible for Collarboration and Content Management and all my previous statements stand. 

its hard for an attorney respresenting our company in a judicial preceding to explain why an employee deleted a company record the company has a legal obligation to keep and reference for business even when there is a backup of said email in 12 other locations. 

When you are employeed by a company and they have a policy that controls employee behavior you signed a paper saying you would behave in accordance with the law and those policies.