Emails & Law

FirebarUK · 3 Mar 2007 at 18:18

This should perhaps be in GD, but I thought I'd try in here...

Is there anything in British law that states companies must keep emails indefinately, incase they are required for future legal action etc? The same applies to browsing history. I'm having problems looking this up and finding an answer

I thought you system admins would probably know anyhow

Spuds · 4 Mar 2007 at 00:29

I can't say for certain but I don't think their is any requirement to keep emails although it may be in a companies best interest to keep certain ones for future reference.

At my last work I only kept about 1% of the emails I received daily incase I needed to refer to them again.

fini · 4 Mar 2007 at 00:37

no there's not.

fini

SiriusB · 4 Mar 2007 at 02:41

The police can obtain your emails from the company's ISP or the company who provides you with email since any emails coming or going have to pass through their servers. Although having said that I have no idea if these companies are required to keep records for any set amount of time either.

Moredhel · 4 Mar 2007 at 10:31

Most medium to large companies maintain their own mailservers, rather than use an upstream provider.

If I remember rightly the RIP act has something to say about the data retention requirements if they do that. But I can't remember what and I'm not prepared to wade through the text of the act to find out.

the-void · 4 Mar 2007 at 10:32

I may be wrong, but I think that there is a European law going through that is requiring ISP's to keep emails for 12/24 months for terrorism purposes (so they say). Therefore I imagine there must be no law already that requires anyone to keep emails.

Moredhel · 4 Mar 2007 at 10:34

If it's a European law it may only be there to standardise existing legislation accross Europe, or to force some states who have no such law already to implement it if the majority of other states already have it.

ricky1981 · 4 Mar 2007 at 10:34

FirebarUK said:
This should perhaps be in GD, but I thought I'd try in here...

Is there anything in British law that states companies must keep emails indefinately, incase they are required for future legal action etc? The same applies to browsing history. I'm having problems looking this up and finding an answer I thought you system admins would probably know anyhow

Depends on the time of company you are and the content of the email. For example, there are tighter controls on financial companies (typically ~7 years retention), but for construction it applies only to documents surrounding a project (which must be kept for 10 years from the date of completion).

For most other companies the main driver for email retention is in the event of legal action (either taken by the company or action taken against you) so you have evidence to support your case.

Browsing history is a more difficult area and the law in that area mostly comes into effect in terms or protecting people from "harmful" content. As far as I am aware there is no obligation to keep records of websites visited although most companies tend to do so for HR purposes.

bitslice · 4 Mar 2007 at 10:40

(as previous posters have said, no requirement to store)

in the USA they have Sarbanes Oxley Compliance to worry about

but certainly in manufacturing you need to record everything going in or out,
in case there is a query about what was agreed with the client.

I store everything indefinitely anyway (email, files, web history),
storage is cheap - but finding what you are looking for is another problem

The other day I was asked for a plan to store production data for a minimum of 25 years....

.

.

Moredhel · 4 Mar 2007 at 11:06

big BIG storage array and subversion with autoversioning? You'd keep every revision of every document on your system, along with new and documents that for all intents and purposes to the user are deleted will still be there for you as an admin.

GarethDW · 4 Mar 2007 at 21:51

The Financial Services Authority regulates the company where I work, and they have stipulated that we have to keep all emails for a minimum of 6 years.

Also, I think that Basel II says something about this too - although again this will only apply to organisations within the financial services sector.

FirebarUK · 4 Mar 2007 at 23:39

Many thanks for your input. It would be interesting to see if future government legislation will require this, as already said - due to anti-terrorism procedures etc.