Many people have a simple email retention policy: Keep everything forever. A few people just delete everything once they handle it. Both of these approaches have risks that may be unacceptable to your business, but how would you know that? Well, you have to ask.
Whom should you ask? What is the best way to design email retention policies that both minimize risk and optimize productivity? An article posted to InfoSec Institute’s (an information security training company) CISM domain for Top 5 Email Retention Policy Best Practices,” giving good “starting place” guidance., Compliance & Audit summarizes the “
1. Regulatory minimums: HIPAA, IRS, PCI DSS (Payment Card Industry Data Security Standard), state and local departments of revenue, employee safety and security may dictate how long your organization should keep email. Your legal department should be aware of the requirements.
2. Segment email: Examples in...(register to read more)