Wouldn't you prefer encrypted email more than a conversation. You do get a lot o...

_9vzr · on Nov 2, 2016

In some cases, they need to preserve email in case the company is sued and emails are subject to discovery. If these guys want to talk in private, they talk face to face. Email is only for things that should have a papertrail.

maxerickson · on Nov 2, 2016

You can have a data retention policy and delete email after a certain period of time, you don't have to keep them just because they are created.

Of course the nature of email makes it difficult to make sure the policy has been enforced.

closeparen · on Nov 2, 2016

Public and other regulated companies are subject to minimums on the retention policy. They do have to keep them just because they were created.

The standard enforcement protocol is to block all non-company webmail (and other messaging systems) and SMTP so everything runs through corporate Exchange or IM configured with the appropriate retention policy.

I expect that as creating and dealing with wiretap recordings gets easier, we'll see email retention policies extended to voice communications. Currently that only exists for certain highly sensitive positions that interact with the public, AFAIK.

mortehu · on Nov 3, 2016

SEA Rule 17a-4(b)(4):

> Every member, broker and dealer [...] shall preserve for a period of not less than three years, [...] Originals of all communications received and copies of all communications sent [...] (including inter-office memoranda and communications) [...]

https://www.law.cornell.edu/cfr/text/17/240.17a-4

Bartweiss · on Nov 2, 2016

For personal use or many companies, you can get by with a common sense data retention policy and systematically delete aged-out emails.

That's not true for banks; they have specific reporting laws to comply with for anything that gets emailed.

greedo · on Nov 2, 2016

For insurance companies, you're largely bound by whatever policies and procedures you define in your MAR specifications.