Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

You can have a data retention policy and delete email after a certain period of time, you don't have to keep them just because they are created.

Of course the nature of email makes it difficult to make sure the policy has been enforced.



Public and other regulated companies are subject to minimums on the retention policy. They do have to keep them just because they were created.

The standard enforcement protocol is to block all non-company webmail (and other messaging systems) and SMTP so everything runs through corporate Exchange or IM configured with the appropriate retention policy.

I expect that as creating and dealing with wiretap recordings gets easier, we'll see email retention policies extended to voice communications. Currently that only exists for certain highly sensitive positions that interact with the public, AFAIK.


SEA Rule 17a-4(b)(4):

> Every member, broker and dealer [...] shall preserve for a period of not less than three years, [...] Originals of all communications received and copies of all communications sent [...] (including inter-office memoranda and communications) [...]

https://www.law.cornell.edu/cfr/text/17/240.17a-4


For personal use or many companies, you can get by with a common sense data retention policy and systematically delete aged-out emails.

That's not true for banks; they have specific reporting laws to comply with for anything that gets emailed.


For insurance companies, you're largely bound by whatever policies and procedures you define in your MAR specifications.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: