Last Updated on June 24, 2024 Sarah Gayda
Answers to common questions about deleting emails in your organization & why formalizing a policy could decrease risk during litigation or a breach
You’ve likely heard a lot about email retention policies and email archiving. But how much do you know about email deletion policies and does your organization have one?
An email deletion policy is an important component of your information management program. So, we want to shed light on the topic and answer some common questions we receive from customers and industry professionals.
What is an email deletion policy?
Essentially the inverse of an email retention policy, an email deletion policy causes emails to be deleted after a certain time. This is often dictated by the retention policy set to the email container. Organizations implement email deletion policies to better manage email, control storage costs, and lower their risk exposure.
An example of an email deletion policy might be to set an email retention policy on emails for 2 years. At the end of that 2-year period, end-users’ emails would auto-delete. Your organization would create an email deletion policy specific to your industry and legal regulations.
Why is an email deletion policy important for my organization?
By permanently deleting old content and emails your organization is not required to keep, you are limiting your risk in the event of litigation or a breach. Also, you are making eDiscovery more concentrated and likely much less costly.
For example, organizations who retain ALL emails (rather than just emails that are business records) could see costs run away in an eDiscovery process. During eDiscovery, the requirement is to collect, process and review emails. This could include large volumes of emails that should have been deleted.
Your email deletion policy works in conjunction with your email retention policy. Together, they help you:
- Proactively comply with regulations for your industry as well as internal policies
- Reduce the risks of litigation and security breach
- Share knowledge securely and effectively
Microsoft has a few options for helping you turn these policies into easy–to–use and automatic items. We recommend using Microsoft Purview to set up policies and retention/disposition.
What are the benefits of an email deletion policy for my organization?
There are four main benefits of an email deletion policy:
- Lowers risk of emails and records sitting in Outlook
- Forces users to move email records to SharePoint where they can be discovered while remaining accessible only to those with appropriate access and permissions. Typically, about 5% of emails are records and should be moved to SharePoint
- Reduces inbox clutter and ROT (redundant, outdated or trivial) information
- Increases efficiency of Search, as emails are properly tagged and stored data in SharePoint
What do I do with the email records I need to keep?
Ensure all email records you need to keep are moved to SharePoint Online. Email records, including attachments, should be properly tagged and labelled to adhere to regulations or internal policies and best practices. Colligo Email Manager is a great solution for this.
Why? Outlook is not intended for enterprise storage of records. Users’ mailboxes are private walled-off repositories that are inaccessible to team members that need access to these records. Plus, consolidating records into controlled, appropriately shared repositories is the best way to manage your sensitive and important content.
Read more about email management.
What are the challenges of an email deletion policy?
Your email deletion policy can be difficult for employees who are not properly filing their emails. They may be used to searching for email in their Outlook history for information and may need education and training on proper information management.
Also, email deletion policies can create the perception of lowering transparency for governments. However, this is not necessarily the case; it should be a conversation about risk.
Is an email deletion policy right for my organization?
There is no “one size fits all.” Importantly, any email retention or deletion policy needs to adhere to your specific rules and regulations. If you are a public sector organization, your guidelines are often published.
Among our clients, we see a wide range of email deletion policies. However, most policies dictate deleting email between 6 months and 2 years.
Ultimately, it depends on how much risk you would like to mitigate and what your industry or regional regulations are. Of course, review and work with your corporate legal team or outside council as well!
More questions?
Get in touch with us to discuss an email deletion policy for your organization or how to move email records to SharePoint.
