What is an Email Retention Policy and Why Does Your Business Need One?

We’ve all become so accustomed to using email in our daily personal and working lives that we really don’t give a whole lot of thought to it.  It’s the fastest way to communicate with others in the course of the day, and the emails we send and receive – in general – never see the light of day again once they’ve been read.

People have different opinions when it comes to the maintenance of their inbox.  Some delete messages immediately, while others have never deleted a single thing.  Somewhere between these two extremes lies the average user, who periodically takes inventory of their email and cleans out their folders.  And data backups record everything.

Amidst the thousands of emails that circulate through a company, relevant information can be found.  Reference material, contracts, personnel issues, and proprietary information mingle with meeting requests, off-topic messages, and company news, making for a sizeable amount of data.  Sifting through this mass of messages to separate the wheat from the chaff, as it were, is the reason many businesses have an email retention policy in place.

What is an Email Retention Policy?

Understand that there is a difference between archiving and retention.  Archiving allows a business to keep email messages for an indefinite period, mostly for documentation or to comply with industry or government regulations.  Because virtual space (i.e., the cloud) takes up no physical space, it’s possible to amass a sizeable backup of messages.  Retention, however, determines how long an email should remain in the system before it’s automatically deleted.  This determination, in many cases, is influenced by laws and regulations.

Why do you need it?

There are three primary reasons a business should have an email retention policy in place:

  • Knowledge management
  • Regulations
  • Legal concerns

Information contained within business emails is useful in many ways, for a variety of reasons.  The most obvious of these reasons is the accessibility of the knowledge contained within emails, especially as it applies to future projects.  If your business is regulated by government or industry standards, email retention is particularly important, and laws regarding this can vary on a local, national, and industry level.  Similarly, retained emails can be a strong factor in any litigation your business may be involved in.

How do you decide what’s important?

The central issue in a retention policy is ease in search and retrieval.  As such, not every single email that is sent or received in your system may be worth keeping.  Categorizing emails can help to define which emails are not required for retention.  By establishing categories and actively utilizing these categories with every email received, you remove non-essential messages such as spam or duplicate emails and delete irrelevant emails that would otherwise clog up an efficient search and retrieval system.

Every business and every industry is different, of course, but in general, emails that should be retained include:

  • Decisions, directives, policies, or disciplinary actions communicated to employees by management via email
  • Emails to customers for the purpose of conducting business
  • Emails communicating financial information to investors, partners, agents, or others who may make decisions based on this information
  • Communications that comply to government or industry regulations (such as HIPAA)

Once you’ve established what should be retained, the next step is to determine how long it should be kept.  Again, industry standards and government regulations can play a role here.  Keep in mind that emails that have been placed on legal hold cannot be deleted.  Whatever schedule you adopt for the deletion of retained emails, be sure it complies with the particular criteria of your industry.

Communicating your retention policy to your employees

Emails generated and received by your employees will make up the bulk of what’s being archived, so it makes sense to communicate your retention policy to your staff.  They need to be aware of what is being retained, and for how long, and what their role is in the process.  If you choose to engage your staff in self-regulation of their emails, provide them with easy-to-follow rules for categorizing.  Above all, employees should be made aware that their email communications will be archived for a period of time.  This is particularly important for employees that leave your organization for whatever reason.

Establishing and administrating an email retention program is best undertaken with the advice of both your IT department and a legal professional, particularly if your business is subject to government rules and/or industry regulations.  Retention policies also benefit from periodic review to determine if adjustments need to be made.

Does your business have an email retention policy?