Vircom’s Opinion On Data Protection And Email Retention Policies

Paris, France, 17 February 2005 – With the growing use of emails to communicate all kinds of information in businesses and privately, one must follow existing implications regarding email retention policies and data protection.

Vircom Inc., developer of ModusTM secure email management solutions has detailed the main guidelines businesses should follow in order to develop an efficient email retention policy.

Email Retention and Storage policies are very much an issue of the legal requirements of the country that the entity is in, as well as the entity itself. This means the policies vary depending on the activity of the company (for example health care, law firm, etc…).

These policies are to be developed at the different levels in the company.

Human Resources/Legal Department – Level
First of all, all email retention policies must be enforced consistently for all staff by the Human Resources or Legal department and communicated effectively.
Human Resources/Legal department policies should:
– State clearly what type of email message content is acceptable and what is not
– Spell out which e-mail messages are to be kept and which are to be deleted
– Be constantly aware of any new legislation and be able to communicate this effectively to all parties and relay the information to all staff

IT Department – Level
It is important to design a specific IT person or team which should be responsible for email retention issues and therefore given the task to:
– Enforce policies on a company-wide basis
– Train staff on all company policies as well as any changes which take place and could affect them directly

Product – Level
Because email retention varies depending upon the category of email and data, companies must be able to operate at the email level and therefore:
– Identify clearly and classify a wide variety of email messages and data
– Define specific retention policies for each category

In the case of email retention, a privacy aspect enters as well. Employees should be aware of the blocked emails and the reason why they are blocked. This should be done either by providing an e-mail retention report or through a web-access to retained emails.

Another policy could then define which categories of emails can be released by the users and which cannot. For instance, a policy could block all e-mails containing abusive language and classify in an “Abusive” category. An additional policy could allow e-mail release for such category. Indeed, if someone releases such a message it is in full knowledge.

In following these processes, organisations can ensure they establish a company policy to protect and secure information both internally and externally.

About Vircom: www.vircom.com
Montreal-based Vircom is a leading developer of cutting-edge Internet infrastructure and secure messaging solutions for the demanding needs of Internet Service Providers (ISPs) and corporate clients. Vircom’s ModusTM secure email management technology incorporates over 10 years of industry expertise, making it a powerful driving force in the defence against spam and email-borne fraud.

Present in Europe since 2003, Vircom Europe has distribution agreements for its Modus anti-spam products with a network of managed security service providers, value-added distributors and resellers in the UK, Sweden, Denmark, The Netherlands, France, Germany, Austria, Switzerland, Portugal, Spain, Italy and Turkey.