How long does everyone retain email backups for? I have been looking on a few websites like Becta to find out if we are legally obliged to hold email for a certain amount of time but can't find anything useful..
I am using the journal function at the moment on our exchange 2007 server along with tape backups using backup exec 12 but and am considering something more suitable if we have to keep it for x years.
What do you guys use for your email archiving?
Users can keep their own mail as long as they want, and our backups are just done daily.
I also use journaling in exchange. Each day i put the appropriate e-mails into folders labeled the date. Works a treat.
Just got Zimbra up and running and enabled journalling on it (Well postfix's "always_bcc" option to a journal account)
Not looked at backups yet though its next on my list...
Thanks for your comments. So we aren't legally obliged to keep hold of emails for a certain amount of time?
If you're really unsure, it will be worth check with your LEA to find out if they have any policies on this.
It depends :-)
Originally Posted by ssiruuk2
If they relate to contracts (eg purchasing etc) then you may need to keep them (but finance people tend to just print and file everything!)
You may need to keep stuff in case of disciplinary or grievance procedures - if someone says "I told person X on numerous occasions that they should/shouldn't do Y" then email proof is important.
You may need to keep stuff because someone makes a Freedom of Information request and it would be reasonable for you to have that information (unless you have an enforced policy which says "all email is deleted after 1 year")
The key thing is that you must have a policy which is agreed on and reasonable steps are taken to enforce that policy.
Incidentally, those who are squirelling away copies of all email need to make extremely sure that access to that mail is very tightly controlled.
Currently there is no legal time frame on how long emails should be retained for, here in the UK.
However, I would say it is helpful to your school and college for you to keep hold of them and have a full archive in place -You never know when someone might put a FOI request in to you, this could be a member of the public, student, a company or the media. - In which case your educational establishment will have 20days to respond with the information requested.
Email archives are also very useful for HR investigations -If you are ever taken to court for any reason over a disupute, emails can be used in court as evidance providing they are fully encrypted -See Waterford Technologies email archive
Email Archiving for Education
The legal standing is that your email archive policy should follow what you publish it as ... I know, chicken and egg.
Base it around your records retention schedule if needed ... look for the longest retained item and work out whether it is worth archiving emails in case one email is covered in there ... and then go to the next longest retained item.
It is common for one year to be an acceptable limit but your milage may vary.
The area where DPA and FoIA come into play is how you deal with those archives. If you keep an archive for a year in backup form them plan who you might retrieve a single email from a single user as part of a request (ie a personnel based request from one of your staff concerned that consultation was not made properly during a change in the working conditions and he is requesting to see conversations about it between the Head and the Chair of Governors ... remembering that saying 'oh ... that conversation didn't take place' is not an answer and you *have* to look for it!)
You may require a VM install of exchange (other email servers are available) and you restore that to a particular date ... I doubt people would restore over the live system ... would people do that with mail stores nowadays?
The other option are the purchased tools that archive direct from the server (actually, most mail is routed through them as a relay IIRC) and these are easier to search ... consider how often you are likely to require to search. Some of these systems can also be used to keep mailbox sizes down due to archiving ... a possible cost saving (but unlikely in a school ... it tends to be *large* institutes that need this!)
Maybe I'm missing something here, but why does the FOI have anything to do with email retention? If someone makes an FOI request, we must give up whatever emails we have - whether that be from the last 10 years or only 10 days. No?
Here, staff retain emails for as long as they see fit - the .pst is in their MyDocs and counts to their quota, so it is up to them. Student email is typically deleted over the summer break - we've got better things to do with disk space and AV scan/backup times than retain endless copies of their MSN-esque chat histories.
If someone makes a FoI request then you have to give up the information you have stated you retain in your policies. If you retain information about student discipline for 3 years and some of that conversation has been over email ... you can see where I am going? Also remember the FoI does not just apply to electronic information but hard copy too ... tink of the amount of space this takes up in filing. Electronic storage of scanned documents are one solution to help with this too. Some of these can integrated into your MIS already, saving a chunk of work, but the email side has to done separately really.
It is not the responsibility of user to retain email, but the responsibility of the employer. It is *your* job to have the solution for this. Yes, there is a cost associated with it ... it is not a backup either, that is a different beast and it would be expected that you also backup your archive system too.