Educause Security Discussion mailing list archives
Email retention policies - regulatory considerations
From: "Hearn, David L." <DHearn () ADMIN FSU EDU>
Date: Thu, 16 Dec 2004 08:55:48 -0500
Good morning all, I am in the beginning stages of researching and generating Email retention guidelines for my group (and for possible dissemination within the University). I am quite comfortable with the technical considerations and disaster recovery(DR) best practices, but am finding I am out of my area of expertise when attempting to integrate Legal and Regulatory considerations into these guidelines. As a public institution, we operate under fairly overarching sunshine laws and are subject to Public Records Requests where we must provide electronic correspondence upon request within a reasonable period. Is there anyone out there who has a formal policy the specifically spells out IT (SysAdmin) responsibilities regarding retention with these regulatory considerations in mind? I've done some research and some organizations completely punt and state that responding to Public Records Requests is the responsibility of the user or department and that IT bears no responsibility for responding to these requests, regardless of DR capabilities. Having seen the other side in action, however, I know a good plaintiff lawyer will cut that assertion to shreds if comprehensive DR backups do indeed exist. I also know some government and financial sectors have addressed this issue by implementing complete indexed\searchable journaling of all Email correspondence. As a University, where personal freedom of expression is highly valued (and the costs of a journaling system are prohibitive), this is not a politically viable solution. I'd love to hear how this is being addressed. Thank you for your time and consideration. David Hearn FSU - OTI Windows System Admin david.hearn () fsu edu w -(850)644-2591 m -(850)528-4309 f - (850)644-8722 ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- Email retention policies - regulatory considerations Hearn, David L. (Dec 16)