Re: Email Policy Changes

[Bugbear <gbugbear () gmail com>]

I have to agree with jack on this being a lost cause. I am not saying
don't put restrictions in place but I am suggesting your time may be
better focused elsewhere.

Is there a greater risk of a nefarious user or a frustrated user
forwarding info to another location. I'm going to lean towards to
later especially with a 60 day retention policy.

Having dealt with out legal team on this issue and other similar
things (i.e. MA PI Legislation). Legal will always attempt to go with
the most restrictive policies. While they understand law, litigation,
et al, they often don't understand technology or how end users work
day to day.

Some additional food for thought (you may have addressed these already)

Are we being too restrictive? (The last thing you want to do is push
users to work around policy and technical protections - this will only
increase your risk from a security and legal perspective)

How will we handle litigation holds/requests for everything? < So when
a court requests everything, how are you going to get it, how will you
turn off of Email Retention policies so evidence does not get
discarded, and  how will you manage the tracking of this process. <
thing search (email, files, chat?. etc..), encryption, data/storage
(that can be transferred elsewhere securely and easily).

Policy - Is Company educating users on reasons behind, are users held
accountable?

Hope this helps

Tim


On Mon, Jan 17, 2011 at 12:57 PM, Robin Wood <robin () digininja org> wrote:
> On 17 January 2011 15:40, Craig Freyman <craigfreyman () gmail com> wrote:
> > Our lawyers are demanding a drastic change in the way we handle email at our
> > company. This will be a huge change for our working culture here and I am
> > anticipating major backlash from the users, but "It is what it is."  I was
> > hoping the pauldotcom list would think of ways around their policy. I'll
> > have to develop controls to try and stop people from doing so.
> > Here is what they want to do:
> > Only keep 60 days of email, everything will be deleted on a rolling basis.
> > You can choose to save specific emails to your home drive and that space
> > will be capped.
> > Putting my nefarious user hat on, these are the ways around the policy as I
> > see it:
> >
> > Upload email to a dropbox type account.
> > Saving to USB drives
> > Accessing webmail from a non-company computer and saving it there
> > CD Burning
> > Forwarding to external email accounts IE gmail, hotmail
> > Saving to other places on the network
> >
> > Anyone have any other ideas?
>
> A slight variation on what you've already said, forward to yourself at
> the same inbox after it has been there for a while. That way the date
> stamps would be wrong but you could forward the whole lot yourself
> after 50 days then again after another 50....
>
> Robin
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com