Skip to content
BOL Conferences
Thread Options
#366670 - 06/01/05 09:43 PM E-Mail Record Retention Requirements
Anonymous
Unregistered

Are there any regulatory requirements for the retention of e-mail records? This would include both internal and external (to the public) e-mail records.

Return to Top
eBanking / Technology
#366671 - 06/02/05 02:26 PM Re: E-Mail Record Retention Requirements
Andy_Z Offline
10K Club
Andy_Z
Joined: Oct 2000
Posts: 27,748
On the Net
The general rule I follow is if you would retain it on paper, retain in bits and bytes.

SOX has some retention requirements and the SEC does if you're working with securities/NDIPs. Only the SEC specifically mentions email, I believe. I really haven't studied SOX but look at sect. 404 for more.
_________________________
AndyZ CRCM
My opinions are not necessarily my employers.
R+R-R=R+R
Rules and Regs minus Relationships equals Resentment and Rebellion. John Maxwell

Return to Top
#366672 - 06/02/05 02:50 PM Re: E-Mail Record Retention Requirements
Anonymous
Unregistered

Andy's right - it's not specifically mentions in the regs but we decided to follow the SEC guidelines because sooner or later the regualtors will come up with something similar. As Andy said - if you would save it on paper.....

Return to Top
#366673 - 06/05/05 08:11 PM Re: E-Mail Record Retention Requirements
Ken Baer Offline
New Poster
Ken Baer
Joined: May 2005
Posts: 10
Arizona, United States
The SEC requires that email for any employees handling securities trading be maintained in a tamper proof archive. The purpose, of course, is to keep a trail of any insider trading discussions that may have be going on in email.

For the normal banking and non-trading services however, no regs yet. I would just offer a caution. Watch out for employees using email as a de facto document storage system. If it was me, I'd have an "acceptable use" policy that deems email as a transient resource and requires employees to move any important memos or documents to a proper file server or document file cabinet. With that in place and communicated, you could manage (and purge) your email system as appropriate to the capacity of the technology and you can manage your document storage and retention as a separate practice.
_________________________
We help banks solve compliance challenges inexpensively. www.appliedintent.com

Return to Top
#366674 - 06/07/05 05:09 PM Re: E-Mail Record Retention Requirements
Andy_Z Offline
10K Club
Andy_Z
Joined: Oct 2000
Posts: 27,748
On the Net
_________________________
AndyZ CRCM
My opinions are not necessarily my employers.
R+R-R=R+R
Rules and Regs minus Relationships equals Resentment and Rebellion. John Maxwell

Return to Top
#366675 - 07/26/06 03:26 PM Re: E-Mail Record Retention Requirements
Fred P. Offline
New Poster
Joined: Jul 2006
Posts: 1
South Carolina
Can anyone point me to an example of an e-mail retention policy that is SOX compliant? I have read the article by Mike Gundling related to this subject on the Sarbanes - Oxley Compliance Journal page.

Return to Top
#366676 - 07/31/06 07:40 PM Re: E-Mail Record Retention Requirements
Miss Chee Offline
Platinum Poster
Miss Chee
Joined: Aug 2005
Posts: 546
Andy, what do you know about Canadian retention laws?

Return to Top
#366677 - 08/01/06 07:57 AM Re: E-Mail Record Retention Requirements
Andy_Z Offline
10K Club
Andy_Z
Joined: Oct 2000
Posts: 27,748
On the Net
Less than zip. Not much call for it in Central Texas.
_________________________
AndyZ CRCM
My opinions are not necessarily my employers.
R+R-R=R+R
Rules and Regs minus Relationships equals Resentment and Rebellion. John Maxwell

Return to Top

Moderator:  Andy_Z