« FOIA Meets Electronic Mail | Main | Electronic Mail Storage In-House or In the Cloud »

November 12, 2009


Feed You can follow this conversation by subscribing to the comment feed for this post.

Patrick Cunningham, CRM, FAI

I'm back and this time I've counter-blogged.


Ben Wright

Patrick: I'm glad your back, and I'm glad you have counter-blogged! The url in your comment does not appear to be a live link. I think I can edit it so it is live. That will let readers be able to click the link to easily jump to your blog post. Thanks! -Ben

[Later...] I can't figure out how to edit your comment so your link is live. But I have made it so readers can go to the link by clicking on your name.

Ben Wright

Patrick: In your good counter-blog article, you suggest three categories for e-mail: 1. non-records (junk), which employees have identified and are destroyed quickly, 2. transitory records, which are also destroyed quickly but not as quickly as non-records, and 3. declared records, which employees have specifically identified as important and categorized for retention according to a schedule. I recently led a workshop at a sizable state government agency to set policy on email retention/destruction. The workshop included the records management dept., the legal dept., IT and other stakeholders. The participants in the workshop agreed on ideas that are similar to your three categories. But here's the tough part, which they had to address: What do you do with messages where employees simply have not taken (and will not take) the time to analyze from a records management perspective? Do you treat them as transitory records that get deleted in a year or so? That's very risky because it will cause you to delete a lot of records that are important. The reason is that employees simply will not take the time to analyze records and place them in categories. A GAO study shows that employees will not do it. Hence, the participants in the workshop decided to keep those records (which could represent 75% of the email) for an indefinitely long time. --Ben

The comments to this entry are closed.

Wright's Online SANS Education

Jackson County Case Study

IT Administrators


  • Follow benjaminwright on Twitter

Custom Professional Training

Local ARMA Quote

  • "The presentation by Mr. Wright, sponsored by Messaging Architects, was engaging and provocative. He delivered insights that challenged some of our views on retaining e-mail, and definitely shattered others." - Terry Mergele, CRM, Program Chair, San Antonio ARMA.
My Photo


  • Attorney Benjamin Wright is the author of technology law books, including The Law of Electronic Commerce (Aspen Publishers) and Business Law and Computer Security (SANS). A featured speaker at industry conferences and professional meetings, Wright teaches e-discovery, data security and cyber investigations law at the SANS Institute. Mr. Wright advises clients on digital law and forensic investigations. He helps tech professional firms write engagement contracts, and otherwise manage their legal liability and right to be paid. Such firms include QSAs, auditors, blockchain analysts, penetration testers and forensic investigators. His telephone is 1.214.403.6642. Wright's e-mail is ben_wright at compuserve dot com (put "BLOG" in subject line to distinguish yourself from spam). Mr. Wright graduated from Georgetown University Law Center 1984.

SANS Quote

  • "The best professional trainer in the country on these issues is Ben Wright." --Stephen H. Chapman, Principal and CEO, Security Advisers, LLC, and student in Mr. Wright's SANS legal training


  • No public statement by Mr. Wright (blog, comment, book, article, video, speech, tweet) is legal advice for any particular situation. If you need legal advice, you should consult your lawyer.

    The purpose of this blog -- and the purpose of all of Mr. Wright's public statements -- are public education and discussion, and not the delivery of legal, technical or other professional advice. If you need advice or complete information, this blog is not the place to get it. Mr. Wright's public statements are offered as-is, with no warranty of accuracy or reliability. Mr. Wright sometimes revises his published ideas. If you use the ideas, you do so at your own risk.

    Mr. Wright's public statements on blogs and the like are not intended to advertise or solicit legal services.

    Mr. Wright's contributions to blogs, web courses and the like constitute part of the online update service for the book The Law of Electronic Commerce. Originally released 1991, and revised continually since then, the book is a reference for lawyers, published by Wolters Kluwer Law.

    The only person responsible for Mr. Wright's words is Mr. Wright.

    Mr. Wright has received money from some organizations he mentions online, such as Netmail/Messaging Architects, SANS Institute and LabMD.

    Mr. Wright strives to comply with all applicable laws. He does not have and never has had intention to infringe the rights of anyone. If any person has any information, suspicion or belief that Mr. Wright has done anything illegal or unethical, he asks that person promptly to notify him at 1.214.403.6642, Dallas, TX. Also, please state publicly on Mr. Wright's blogs or pages that he is wrong. Promptness helps mitigate damage.

    Any person accessing this blog agrees not to use data from it (or from any other public activity or statement by Mr. Wright) in a way that is adverse to Mr. Wright's interests.

    Mr. Wright does not have an attorney-client relationship with any person unless and until he and that person explicitly so agree. Interaction with Mr. Wright through public media does not create an attorney-client relationship. Exchanging private messages with Mr. Wright does not, by itself, form an attorney-client relationship.

    Privacy/Security Vision: Some people provide Mr. Wright private information. Mr. Wright strives to treat such information reasonably according to the circumstances. People should have no more than reasonable expectations about information security. It is unreasonable to expect that the offices, computers, cell phones, brief cases, filing cabinets and online or other services used by Mr. Wright are very secure.

Search Wright's Blogs

Find More on This Blog


Become a Fan

Find More on This Blog