> After the attack we put a 3 month retention limit on most emails and messages. I recommend this to anyone doing sensitive work! You miss the old emails sometimes but it's worth it.
How are pro-delete policies like these impacted by the discovery-process in law? Or even Sarbanes-Oxley?
Great question. IANAL but my understanding is that outside of some specific regulatory requirements in specific industries you're free to put these policies in place as long as you do it before you have any expectation that you're going to be sued.
That's another reason to bite the bullet and put these policies in place now: once you actually have a specific fear of being sued it's maybe too late, because at that point changes to your retention policy could be construed as interfering with the legal process.
You can also have your policy exempt certain categories of documents (like financial records) and that's okay too as long as you're consistent about it.
How are pro-delete policies like these impacted by the discovery-process in law? Or even Sarbanes-Oxley?