I've been watching with interest how this is unfolding over the pond. So I'm wondering if anyone has pro-actively addressed this before we get encumbered with similar laws? If so how do you approach it? Do you apply you standard Record Retention Policy/Schedule that's used for paper based documents? Or do you do something else?
Surely we can't be expected to keep every email for an almost indefinite period? This would require a constant backup system (so people can't delete emails before the nightly backup gets them) and warehouses full of backup tapes.
The article interestingly doesn't say for how long we should keep this information, even if we did have it to keep. I would be interested to see how this new law, if it ever happens, fits in with DPA laws which state a maximum time period for which things should be kept.
The most commonly proposed solution is to have a silent archiver that is part of your filtering system. As mail is pushed through the filter it gets archived. The problem is that not all mail is relayed via a filter and it can be expensive to buy. Some mail servers also lose some of the additional functionality they may have (over and above that specified within the RFCs) when they are forced to route via a relay before delivering back to the originating server.
We looked into this as we have a mail server, which was almost ready for the students to use..
We use postfix here and one of the commands in our main.cf file was:
always_bcc = mailoutlog
Which means EVERY e-mail sent or recieved would end up also written to an inbox called "mailoutlog", just a standard user with an almost impossible password for security...
We could then as root archive the /home/mailoutlog file to DVD or CD, every few months... as most e-mails are small...
perfect <3
It was also possible we found to mount /home/mailoutlog on another system with a windows share, or a linux share..., for all you who like your networked backup...
With Exchange 2007 and the introduction of the Hub Transport, all e-mail (even internal e-mail within the same server) goes through this Hub Transport, this means you can setup policies to acheive this goal.
Man, the privacy issues.
Yes, I was wondering how it could be justified in light of Data Protection.
I guess there's the old 'Our network, our resources, our information'.
All true, however as I understand it, under the DPA, anyone can request to see the information which you have on them. So, when someone's parents contact you and ask for this, you would have to go through every email in your 5-year archive to see if little Johnny gets a mention. Rather you than me!Originally Posted by mrforgetful
Doesn't RIPA say that mail stored on an organisations computers can be monitored so long as staff are warned in advance.
Data protection is more about the accuracy and security reuired of organisations keeping information about an individual. As what has been discussed here is prinicaply email archiving presumably, you would have access to your own mailbox
The above discussion seems to give the impression that only email matters but what about home directories or shared areas? How should the contents be recorded? just what's on backup at key points or milestone documents such as annual and interim reports, LEA/DfES returns, departmental reviews, development plans etc.?
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks