eDiscovery part two: best and worst practices

In part one of our eDiscovery series, we discussed the basics of email retention and eDiscovery. As you implement a new email retention policy or look into replacing your existing one, it's important to weigh all aspects of your needs and choose the best option available. An email retention policy—and the tools that go along with it—should aim to support business continuity during a time-consuming court case while not interfering with your team's everyday productivity.

eDiscovery best practices

Best practices:

One size doesn't fit all

Every business is unique with respect to how it functions, how long its projects span, how much data is collected, and so on. The average retention period will also vary among different industries, depending on their needs and local organizational policies. The bank's requirements will be different from those of a healthcare company or an insurance firm.

It is important for your retention policy to adhere to your industry's standards and address your organization's concerns. We recommend creating custom retention policies, instead of following a default retention policy, to be sure you retain emails for the duration that best fits your needs.

A highly secure system

Security and privacy are absolutely crucial when it comes to business email, and even more so for retained emails. Since every email is a potential piece of evidence or proof of communication, such critical data should be protected with highly secure systems using authorization-only access.

Well-informed employees

An email retention policy across your organization is not only important for your business continuity, but for your employees' safety too. Your employees must be aware that committing crimes or breaking policies through email will not be overlooked. Keep your people well-informed about your retention policies, so they know they will be held accountable and also take confidence in the fact that any investigation involving them will be fair.

Clear activity audits

Obviously, only a select few employees should have access to retained emails. These few should also be held accountable by recording every activity carried out, along with the date, time, and purpose.

What to avoid:

Counting on email backup

Most businesses make the mistake of assuming that email backup and retention are one and the same. Backup is simply holding email data for short periods of time, with little to no search capabilities. Retention is meant for longer periods of time, often with special conditions applied and enforced. While they may seem similar, basic email backup will not suffice for legal procedures and content discovery.

Manual retention

It may be tempting to decide to move emails periodically manually instead of implementing an automated email retention procedure. However, this is not tamper-proof or a productive use of company time. The better practice would be to integrate a third-party retention tool with your email, or better still, choose an email provider with built-in retention and eDiscovery.

Retention with no eDiscovery

A good email retention policy with no quick eDiscovery function in place isn't very useful. Knowing the email you're searching for is saved there somewhere isn't a relief if you can't find it. An exhaustive eDiscovery tool to perform advanced searches and find the information you're looking for is key, not only for efficiency but also for legal examination.

Ignoring suspended accounts

If a complaint is lodged against your company or there is a potential data leak, there's no guarantee that the breach came through one of your existing employees. In cases of intellectual data theft, the people involved are often former employees. So, it's important that your e-mail retention policy covers suspended accounts within your organization to prevent data loss due to employee turnover.

Does your business have an email retention policy in place? If so, how many of these best practices does your policy follow?

In our next and final post in this series, we'll show you how Zoho Mail's built-in Email retention and eDiscovery module works. Stay tuned!

Don't miss the next post: subscribe to Zoho Blogs or follow us on Twitter:@ZohoMail

Part 3

Comments

2 Replies to eDiscovery part two: best and worst practices

  1. Standard: every email is a potential proof or contact proof, such important data should be protected with high security systems using authorized access only.

Leave a Reply

Your email address will not be published.

The comment language code.
By submitting this form, you agree to the processing of personal data according to our Privacy Policy.

Related Posts