Email Retention - Newbie 2281

  • Hello.
    I’d like to know what the ‘rules’ are in regards to email retention and duration of the retention.
    Thanks in advance.

  • The ‘rules’ on this are not driven by SOX.
    There may be statutory rules on document retention that you have to comply with and these will vary depending on what jurisdictions are relevant to you. In many cases 3-4 years would not be sufficient, indeed I have seen many instances where 6-10 years would be required.
    Obviously you would not need to retain this on your live mail server but can archive where appropriate.

  • You may search the net on retention guidelines and this is usually a legal issue, but beware of retaining emails too long. Typically, most companies like to have policies to retain emails for no more than 30 days, but I can tell you as an employee I typically retain 2 years. The reason I say this is a legal issue is because information that is retained regardless of relevance can always be called by a subpoena.

  • Hi - While I’m uncertain if SOX 404 has been recently amended, based on PCAOB/SEC recommendations last year – the typical timeframe shared in the past is 7 years, (esp. for financially related email). While this can and should be archived offline, companies should have the capability to reconstruct email history if an SEC investigation were to take place.
    This thread has a # of links that might help:

Log in to reply