Re: Email Archiving

["Walters, Caroline (cw8de)" <cw8de () ESERVICES VIRGINIA EDU>]

I agree with Matt about having and following a good records retention policy and records retention and disposition 
schedules for all records (paper and electronic).  For email - saving it all is NOT the best plan and maintaining years 
of back-up tapes is just asking for trouble when the discovery requests requires searching through all the tapes.  
Example:  In a 2009 lawsuit involving as a third party The Office of Federal Housing Enterprise Oversight.  The agency 
was held in contempt after agreeing to search all back-up tapes and then not meeting the deadline because they had so 
many back-up tapes and had agreed to too many search terms (400).  The search resulted in the required production of 
660,000 documents at a cost of $6 million to review and produce the required records (this represents 9% of their total 
budget).  The courts did not relieve them of these costs.

Keeping it all forever is not an option - managing your records/documents, destroying them according to your 
policy/schedule, and doing this consistently is the best protection to huge discovery costs.  More information about 
records management (including policy and retention schedule development) can be found at ARMA International - the 
professional association for records managers and administrators - www.arma.org<http://www.arma.org>.

If you plan to archive email - do it based upon the content of the email and only keep the email for the time required 
by your records retention schedule.  Do not schedule email as a type of record - email is just the transmission method 
for information - it's the content of the information that makes the difference.

If you or anyone else has questions about records management issues, I'd be happy to answer them off the list.

Caroline

Caroline J. Walters, MA, MLS
University Records Officer/Records Management
Information Security, Policy, and Records Office (ISPRO)
Office of the Vice President/CIO
University of Virginia, 2400 Old Ivy Rd.
Box 400898, Charlottesville, VA 22904-4898
Phone: (434) 243-9162
Fax: (434) 243-9197
Email: cjwalters () virginia edu


From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Matt 
Arthur
Sent: Wednesday, January 20, 2010 10:33 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Email Archiving

Brad,

Two pieces of advice:
1) Create and meticulously follow a retention policy.  I don't think how long you 'retain' data is as important as how 
long you say you will retain it, but that is why I am sending along the second piece of advice,
B) talk to your General Council and policy officer to be sure of any regulatory or legislative requirements.

And if all else fails, go stay at a Holiday Inn overnight to gain expertise and knowledge.
______________________________________
Matthew K. Arthur, CISSP | Director - Incident Communications Solutions
Information Services & Technology | Washington University in St. Louis
Campus Box 1110, 7425 Forsyth Blvd, St. Louis, MO 63105-2161
314.935.3899 o | 314.323.9246 c | arthur () wustl edu<mailto:arthur () wustl edu>
P Please consider the environment before printing
This email, including attachments may include confidential and/or proprietary information, and may be used only by the 
person or entity to which it is addressed. If the reader of this email is not the intended recipient or his/her 
authorized agent, the reader is hereby notified that any dissemination, distribution or copying of this email is 
prohibited. If you have received this email in error, please notify the sender by replying to this message and delete 
this email immediately.



From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Brad 
Alexander
Sent: Wednesday, January 20, 2010 9:21 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Email Archiving

We are installing a new email system here on campus and my question is, is it a law that we are required to have email 
archiving?

I have been doing a little light reading of the Federal Rules of Civil Procedures and EDiscovery, but now I am more 
confused.

I see that 17 states have adopted the rule and another eighteen states are considering it.  I thought a federal rule 
was mandatory for all states.




IS staff will never ask you for your password. Do not share your password with others.

----------------------
[cid:image001.jpg@01CA99BF.B7BFBD00]