How often should emails be backed up and how long should they be retained?

How often should emails be backed up and how long should they be retained?

Do you have any recommendations on how often email should be backed up and how long it should be retained?

    Requires Free Membership to View

    Login

    When you register for SearchDisasterRecovery.com, you’ll also receive targeted emails from my team of award-winning editorial writers. As you know, an interruption can threaten your organization at any time – and it’s our goal to ensure you’re armed with the right tips and information to help you ensure a swift recovery.

    Rich Castagna, Editorial Director

    By submitting your registration information to SearchDisasterRecovery.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchDisasterRecovery.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

This is a complex topic that depends on your organization's contractual and regulatory obligations, technologies you currently use for email, your business structure and so forth. A security or governance committee is recommended if you're backing up large amounts of data, especially for retention. This is not something storage administrators should have to decide themselves. There are too many legal issues involved and simply too much at stake.

First off, you're going to need to take an inventory of where your email is used and stored (Outlook, the web, personal phones, etc.). Next you need to determine your legal obligations related to email security and retention. How do the federal privacy and security regulations such as HIPAA affect your business? What about state breach notification laws?

You also need to decide how critical any/all of the emails are to your business - not only for future internal reference but also e-discovery. Deciding which emails are important will help to classify the different types of email. If that's too much of a challenge, at least consider separating out the emails that have attachments, since that's where a lot of sensitive information tends to be, and specific users or groups of users. This ensures that their email is handled and stored properly. As for instant messaging and social media messaging, if they're key to the business, you may want to consider bringing them into the scope as well.

This exercise is going to require the input from a lot of different people. You should never assume anything and don't just download someone else's data backup and retention policy and procedures off the Internet and believe that's going to be enough. At the very least, get your lawyer involved as he/she is going to be making a lot of key decisions related to this.

This was first published in August 2009

Back to top