Re: Email Archiving

["j.price" <j.price () DOMAIL MARICOPA EDU>]

The Maricopa Community District bases their record retention policy 
<http://www.maricopa.edu/publicstewardship/pr/retention.php> on the 
approved retention and disposition schedule by the Arizona State Library 
Archives and Public Records <http://www.lib.az.us/records/>.

No need to reinvent the wheel unless absolutely necessary.

Regards, Janet

Tracy Mitrano wrote:
> I largely echo Eva's thoughts posted here.  
>
> There is no comprehensive, overarching federal law requiring record 
> retention.  State laws may come into play, in combination with 
> business needs (which are probably the most prominent of any reason 
> for which to retain records), and the institution should codify those 
> needs in institutional policy, including procedures for the practice 
> of storing/retaining specified electronic mail.  
>
> Here is a link to Cornell's record retention policy, fyi, if it offers 
> some guidance. 
>  http://www.dfa.cornell.edu/dfa/treasurer/policyoffice/policies/volumes/governance/retention.cfm
>
> E-Discovery only kicks into effect if the institution has reason to 
> believe litigation will ensue; no laws, not even FRCP require 
> proactive retention of records.
>
> The particular desires or needs of an institution may be expressed in 
> policy or local practice.  It may be of some interest that in these 
> conversations we consider Fair Information Practices as a guide, 
> largely the practices that state an entity should retain personally 
> identifiable records only for a relevant business purpose, for no 
> longer than is required for that purpose, with appropriate security 
> (administrative, technical and physical) as required to keep the mail 
> private and to dispose of it as soon as it is no longer needed.  These 
> practices (non-inclusive list, for example notice and the ability to 
> correct a mistaken record are also included; a search on the term will 
> provide many resources with comprehensive information about the 
> practices) form the backbone of European Privacy Laws.  It would be 
> well for colleges and universities to begin to consider implementing 
> these practices, certainly those that consider themselves 
> "international" or "global" in scope, or, more simply, have students 
> who come from areas with more developed and comprehensive privacy laws 
> than does the U.S.
>
> Best, Tracy
>
>
> On Jan 20, 2010, at 10:51 AM, Lorenz, Eva wrote:
>
> > Brad,
> > If you have a retention requirement in place, it would affect also 
> > non-email records. Retention is based on content, not on format.
> >  
> > As a start, check with your General Counsel, as others have already 
> > suggested, to determine whether there is a retention schedule in 
> > place and then determine under which retention requirement email 
> > would fall. It is possible that email may be subject to a number of 
> > retention requirements based on the specific content or that a 
> > general “retention bucket” would cover email, if the legislature 
> > addressed the email format specifically.
> >  
> > A general advice that I received from records managers was, if you 
> > keep any email, to always keep the sent email and not delete it. A 
> > specific retention schedule for your business unit or school is 
> > certainly the better way to go.
> >  
> > Retention schedules can be invaluable if you receive discovery or 
> > FOIA requests since you can point to the active schedule and explain 
> > that certain records were disposed off in line with the specific 
> > retention requirement. In our state (NC), retention schedules are 
> > centrally approved by the state (Dept of Cultural Resources) and 
> > certain records must be archived forever (and I mean forever, no 
> > excuses for formats no longer supported etc.)
> >  
> > -       Eva
> >  
> >  
> >  
> > Eva Lorenz
> > ITS Security
> > 2800 ITS Manning
> > 211 Manning Dr
> > CB3420
> > Chapel Hill NC 27599
> >  
> > *From:* The EDUCAUSE Security Constituent Group Listserv 
> > [mailto:SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Brad Alexander
> > *Sent:* Wednesday, January 20, 2010 10:21 AM
> > *To:* SECURITY () LISTSERV EDUCAUSE EDU 
> > <mailto:SECURITY () LISTSERV EDUCAUSE EDU>
> > *Subject:* [SECURITY] Email Archiving
> >  
> > We are installing a new email system here on campus and my question 
> > is, is it a law that we are required to have email archiving?
> >  
> > I have been doing a little light reading of the Federal Rules of 
> > Civil Procedures and EDiscovery, but now I am more confused. 
> >  
> > I see that 17 states have adopted the rule and another eighteen 
> > states are considering it.  I thought a federal rule was mandatory 
> > for all states.
> >  
> >  
> >  
> >  
> > IS staff will never ask you for your password. Do not share your 
> > password with others.
> >
> > ----------------------
> >
> > <image001.jpg>
> >
> >  

--
Janet Price
Information Technology Services
Maricopa Community Colleges
2419 W 14th St
Tempe Arizona, 85281
(480)731-8730

****IMPORTANT NOTICE****
All email communications with Maricopa Community Colleges employees are a matter of public record and subject to 
publication or release under both the State and Federal regulations as they pertain to their relative Freedom of 
Information Acts.