Email Retention and Access Policies: It’s Time for a Review

• Posted by Geoffrey G. Gussis on January 24th, 2005


• Filed in Guides, Tips and Practice Pointers, IT/Software/Internet, Risk Management & Compliance

In a recent article at CIO.com, Ben Worthen points out the need for companies to develop and follow a comprehensive email retention and access policy.  As Ben aptly points out, the risks are greater than the loss of the email itself - which can contain up to 75% of a company’s intellectual property according to a study referenced in the article.  Indeed, many companies are subject to regulations that require them to retain and have the ability to access emails sent years ago.  The cost of noncompliance can be significant - the article refers to a $10 million fine that the SEC imposed on the Bank of America last year "when it failed to turn over e-mails to the SEC in a timely manner (currently interpreted as only 36 to 72 hours)."  If your inbox looks like mine, then it’s probably a good time to forward the article to your CIO and ask how your email retention and access policy is developing.