What data retention and destruction rules regarding email do you have in place? Does the same Record Retention Period apply to all emails?

Relationship ManagementData Privacy & Protection
2.5k viewscircle icon1 Upvotecircle icon4 Comments
Sort by:
Legal Manager in Educationa year ago

We are currently working through the retention period for emails however we expect to have different retention periods depending on the nature of the emails. Similar to Jonathan we will be guided by business needs and legal requirements but will also look at the impacts of holding them too long

Lightbulb on1
Information Security Manager in Insurance (except health)a year ago

Email retention periods will vary based on business needs and legal requirements. While blanket retention periods like 1, 3, or 7 years can be implemented, specific emails may require longer retention due to particular record retention requirements. Your legal / Records Management team is a critical stakeholder in this project. The best solution is a flexible system for diverse retention needs, including potential legal holds affecting multiple users.

Lightbulb on1
Vice President in Bankinga year ago

1 to 7 years based on the data.

Manager, Cybersecurity in Travel and Hospitalitya year ago

One year policy.

Lightbulb on1

Content you might like

If two RFP bids are neck-to-neck on core requirements, which factor becomes the ultimate tie-breaker?

Proven outcomes – Documented success stories and measurable KPIs32%

Implementation confidence – Detailed plan, risk mitigation, and resource readiness43%

Total cost – Clear TCO, price protections, and exit terms39%

Innovation & future readiness – Ability to scale, adapt, and support emerging needs15%

Vendor relationship strength – Cultural fit, governance model, and executive commitment14%

View Results

What sorts of challenges have you encountered in adapting your governance framework to address AI adoption across business units, and how are you attempting to resolve these?

Read More Comments

What is the primary reason your organization chose its approach to internal sensitivity labeling?

For user awareness: We use visible markings to ensure users are constantly reminded of the document's sensitivity.

To avoid distracting users: We use no visible markings to prevent headers and watermarks from interfering with readability and collaboration.

To simplify the labeling process: We use a standardized approach to minimize user confusion and streamline adoption.

Compliance or policy requirement: Our choice is dictated by specific regulatory or internal compliance mandates.

Other: Our reason is not listed above.

My organization does not utilize sensitivity labels.

My organization does not use the internal nor public sensitive labels.

My organization is a public organization (state or federal).

View Results

Which tech conference do you intend to attend in person next year or have already participated in this year, and what motivated your choice?

Read More Comments

We are currently evaluating a new Infosec awareness platform to replace or augment our existing solution with the goal of aligning with our strategic shift toward Human Risk Management. 
This initiative is driven by the need to: 
1. Deliver tailored, real-time awareness based on user behavior and risk profile 
2. Improve training relevance through role-specific content and interactive formats 
3. Ensure compliance through automated consequence management & lifecycle integration 
4. Consolidate LMS platforms and reduce duplication 
5. Host all training modules on our training content hosting platform which requires SCORM compatibility 
The platform must integrate with our existing identity and access management tools (Entra, SailPoint etc), support phishing simulations with Outlook integration, and provide access glass screening capabilities. We are also looking for customizable content aligned with Organisation look and feel, and automated reinstatement of access upon compliance.
Does any one have any experience or recommendation for such as tool?