Setting up eDiscovery and Email Retention

Organizations which use emails as their primary mode of communication for their business should be cautious about accidental data loss and regulatory compliance laws. Zoho Mail's eDiscovery portal allows admins to retain emails and recover them at any point in time.

Steps to enable eDiscovery

Follow the below instructions to setup eDiscovery for your organization:

1. Log in to your Admin account at https://ediscovery.zoho.com.
2. Alternatively, you can log in to Zoho Mail Admin Console and select eDiscovery on the left pane. The eDiscovery portal welcomes you with a small intro to email retention and eDiscovery.
3. Select Enable eDiscovery and click Next. A pop-up message confirms that you have successfully enabled eDiscovery for your organization.
   

Defining retention period

Almost every governmental regulations require "records" to be captured, managed, retained for specific periods of time, and made available to the governmental agency when asked. These records can include hard copy content, email, voicemail, instant messages, and social media.

The considerations for establishing and maintaining your organization’s email retention policy remain the same; they are: business needs, legal requirements, organizational culture, approaches to retention policies, litigation holds, automation, and implementation.

Steps to define a default retention policy

1. Once you enable eDiscovery, the next step is to choose the Default retention period. The default retention policy determines the period for which the emails of all users in the organization would be retained.
2. By default, the retention period is 365 days. You can either define a specific number of days as the retention period or choose Retain forever, based on your requirements.

Defining retention rule

The retention rule acts as an email filter for emails to be allowed into the eDiscovery service for archival. It provides you with the option to choose the types of emails that you want to retain in the eDiscovery portal such as sent emails or received emails or retain only a specific sub-set of sent/ received emails and so on.

Define the appropriate Retention Rule to ensure you retain the required emails while not filling up your user's storage with unnecessary emails. This rule gets saved as EDISCOVERY_FILTER and will be applied to your entire organization. Admins can create custom email filters for specific users based on their organization's requirements.

Steps to define a default retention rule

1. Once you define the retention period, you can go ahead and define the Default retention rule.
2. Choose from the granular options available and set the ingestion rule for the eDiscovery portal.
3. Click the Next button.

• Retain all emails
• Retain based on the conditions such as
• Retain all sent emails Retain all sent emails - outside the organization
• Retain emails sent - only within the organization
• Alternatively, you can specify selected domains and choose to retain the emails that are sent only to those domains.
• Retain all received emails
• Retain all received emails - from external organization accounts
• Retain emails received - only within the organization
• Alternatively, you can specify selected domains and choose to retain the emails that are received from those domains.
• Retain all deleted and/or spam emails.

Selecting user accounts

Once you define the retention period and retention rule, you must select the users for whom email retention should begin.

Steps to enable user accounts for eDiscovery

1. Enter a user's name in the search bar to select specific users to enable retention.
2. Alternatively, select the checkbox on the header and click on Select all users to enable retention for all the user accounts.
3. Click the Retention drop-down.
4. Select Enable Retention to start the retention process for the selected set of users.

Once you enable the retention, the emails that get delivered to these user accounts will be retained in the eDiscovery portal, based on the retention rules. The retention period will be based on the default retention rule applied to the accounts. The sync to the eDiscovery portal may take a while, after which you will be able to search/ view/ export the retained emails from the portal.

 Customizing retention policy

By clicking on the Retention tab, admins can view the set default retention policies and the list of custom retention policies. Note that when an email is expired beyond the set retention period, it will be automatically cleaned up or purged, once in every 10 days. Just below the default retention policy, you will find an option to create a new custom retention policy. In case there are any special or custom requirements that need certain emails, based on custodians or certain conditional criteria, to be retained for a different period of time, the administrators can define custom retention policies. Custom retention policies can be defined based on various parameters.

To define new custom policies, follow the below steps:​​

1. Click the Create custom retention policy button and provide a Name for the custom policy.
   
2. Select the desired mailbox category:
   • All accounts - All user accounts and shared mailboxes will be included.
   • Specific user accounts - Admin can select one or more user mailboxes in the User mailboxes field.
   • Specific shared mailboxes - Admin can select one or more shared mailboxes in the Shared mailboxes field.
3. Click the drop-down and select a predefined duration or Custom range.
4. Select the start and end dates if you chose custom range.
5. In the Condition query, provide the conditions based on which you want to define the custom policy for email retention from the granular options provided:
   • Contains - contains text/ email address in the entire email
   • Subject - subject contains the selected term
   • Content - email content contains
   • From - from email address contains
   • To - To email address contains
   • Cc - Cc email address contains
   • Bcc - Bcc email address contains
   • Reply To - Reply to email address contains
   • Has attachment - Only the emails with attachment
   • Attachment name - Attachment content contains
   • Attachment content - Attachment content contains
   • Only outgoing emails - Include only outgoing emails
6. Select whether you want to retain the emails marked as spam.
7. Choose Only deleted emails to retain only the emails deleted from the mailbox that match the entered condition query.
8. Choose Retain forever or enter the number of days to retain the emails that match the conditions.
9. Click Preview results to check whether the condition query provides the expected results.
   
10. Click Save retention to save the custom retention policy.
    

You can create and save multiple retention policies for different purposes. Mostly each custom retention policy will differ based on periods of retention and the conditions required for retention.

Email Filters for eDiscovery

Every organization's need for data retention varies according to the industry and its business needs. Some may require storing all emails of the entire organization for compliance purposes, while others may choose to store certain VIP mailboxes or certain client communication emails which were sent to or received from outside the organization.

As an administrator, you will know your organization's goals for retention and can determine what needs to be retained in eDiscovery. In order to control what gets stored/retained you can create an eDiscovery Email Filter. You can do this in the following ways:

1. While enabling eDiscovery, you can select the filter criteria by which only a subset of emails get retained. This filter (EDISCOVERY_FILTER) is a default email filter and it is applied to all user mailboxes.
2. To have more fine-grained or granular control on specific filters on certain mailboxes, say group mailboxes or emails from a certain department, etc. you can create custom Email Filters.

Steps to add eDiscovery Email Filters (Custom Email Filter)

1. Navigate to Email Filters under Retention Policies.
2. Click Add Filter and provide a Filter Name.
   
3. Select either All emails or Emails based on conditions below.
4. If you select All emails, mention the users and click Save.
5. In case you select Emails based on the conditions below, specify all the conditions:
   • All sent emails (emails sent only within the organization or emails sent outside the organization)
   • All received emails (emails received from within the organization or received from outside the organization)
   • Mention specific domain(s) under the All sent emails and All received emails category.
   • Deleted emails
   • Exclude spam emails
6. Add the user mailboxes for whom the custom filter must be applied.
   
7. Add the shared mailbox addresses to which you want to apply the filter and click Save.
8. Navigate to the Associated users or Associated shared mailboxes tabs to add or delete the mailboxes.

Once the filter is saved, the new custom filter will appear under the list view. Click on the filter name to view its details or edit permissions, if required.