TechNews

Things to Consider Before Creating an Email Retention Policy

Advancing technology, system modernization, and changes in the organizational structure push companies to constantly test, modify, and update their email retention policies.

Besides these internal factors, laws and regulations also frequently change and businesses need to keep their retention policies up to date in order to remain compliant.

However, creating an effective email retention policy isn’t always easy. And after you’ve determined what’s important enough to be kept and for how long it should be retained, making sure that everyone within the organization is adhering to the policy can be even more challenging.

Here are a few things you should consider in order to write a simple and effective email retention policy everyone will follow.

The Importance of Email Retention Policy

Not every business approaches email retention the same. While some organizations may decide to keep all their electronically stored data indefinitely, there’s no legal obligation to do so.

In fact, this probably isn’t the best approach, mainly because it can turn out to be too costly. Creating a clear retention policy can help reduce the storage costs, but also reduce the cost of handling large volumes of electronic data during litigation.

While storage costs can be easily estimated, the costs of eDiscovery are highly unpredictable. If a company retains all emails, it may be requested to identify and review emails they didn’t legally have to keep, and the costs of doing so can quickly add up.

That’s why retaining only the important emails and deleting them after the set period can be extremely useful. However, make sure to consult your legal team in order to avoid the premature deletion of any legally important documents.

Record classification

The first and essential step to creating an email retention policy is defining what constitutes a record within the organization. Secondly, you need to categorize records and determine different record types. Only then you can proceed to decide how long you should retain each of your record types.

Additionally, establishing how accessible a certain type of records should be over time will determine the form in which documents will be stored.

Legal Requirements

Retention periods for many record types are determined by the relevant laws and regulations within the state as well as the industry. For industries dealing with particularly sensitive information, such as the healthcare industry and the financial industry, these retention periods can go up to 7 years.

Health Insurance Portability and Accountability Act (HIPAA) ensures that sensitive information about patients and patient correspondence are safely kept and protected from the public domain. Failing to comply can lead to serious consequences, including criminal penalties up to $250,000 in fines and up to 10 years in prison.

Regardless of the industry, penalties for non-compliance are quite hefty. For example, Sarbanes-Oxley Act (SOX) imposes not only fines, but also up to 20 years in prison for those who purposefully alter, destroy, or falsify any document or record with the intent to obstruct or influence the investigation or proper administration of any matter.

It’s usually a good idea to keep important records and communications for at least 7 years, depending on specific circumstances and the industry standard. This policy applies not only to email, but also to text messages, voicemail, and social media communication among others.

Organizational Culture

The organizational culture and behavioral habits of your employees should inform the creation of your email retention policy.

You should conduct meetings with your employees to gather the insights that will help you develop an efficient policy, but also explain to them how the policy benefits the entire organization.

When employees are accustomed to having complete freedom in organizing their emails, they may express some resistance toward accepting the retention policy and even intentionally develop workarounds to avoid it. You might even need to incorporate technical safeguards to mitigate those workarounds.

Automation

While experts suggest every business should have a retention policy that imposes strict retention timelines and delete their documents according to this plan, this can be quite a burden for employees if it requires too much employee interaction.

To avoid risks of employee non-compliance, you can turn to automation to help you facilitate your email retention policy.

The best way to take retention automation to the next level is by investing in an on-premise email archiving solution. These solutions allow you to safely keep emails in a repository, that will not only help alleviate bloat in your email system but also allow you to perform keyword searching and seamlessly handle litigation.

The next steps

Once you’ve taken all these factors into consideration and created an email retention policy that fits your needs, you’re not done yet. Actually implementing your policy is just as important as creating a perfect set of rules.

Make sure that your email retention policy is concise and easy to understand, and that you put it in writing so your employees can refer to it as needed.

Communicating your plan and making every step of the rollout clear is crucial, so you should make sure that department leaders and managers are actively working on educating their teams and helping them follow through.

Creating and implementing an email retention policy is a huge task, so be patient and give it time. You can even implement a pilot project only in one department and use it as a test phase to work out all the issues and patch them up before the company-wide rollout.

By following these tips, you can make sure that your email retention policy will not only help you ensure legal compliance and keep your email storage clutter-free, but also ensure that your policy is a good fit for your particular needs and organizational culture and that employees are actually following the rules.

Shares: