If you search for "email archiving" instead of journaling you'll come up with a lot more information. It dates back to court rule changes in 2006. Most of it is hype because of [largely incorrect] articles like this one (just one of the first hits): http://www.itworld.com/security/55954/law-requires-email-archiving It's really something that you would need a lawyer to give you an answer on (I am not a lawyer, this is not legal advice, etc). My [limited] understanding is that if you are required to disclose whether or not you have any electronic document (including email) requested as part of the discovery process. If you do have it, you're required to produce it. Since it being on some hard drive of an employee computer qualifies as having it, many larger companies decided to archive centrally. The rules only require 7 years back (I think), so that's the amount of time it's generally archived for. TL;DR you're not required to archive email, but if you need to know whether or not you have it if asked. Again, my understanding here is pretty limited. If anyone know for certain feel free to chime in. On Thu, Jan 5, 2012 at 12:54 PM, Eric J Esslinger <eesslinger@fpu-tn.com> wrote:
Based on a some I have received off list it seems no-one has ever heard of such a proposal that has had any serious traction so I assume the gentleman was either mistaken, paranoid, or trying to pull a joke on me.
Thank you for the responses everyone. You can now get back to your regularly scheduled regulatory headaches.
__________________________ Eric Esslinger Information Services Manager - Fayetteville Public Utilities http://www.fpu-tn.com/ (931)433-1522 ext 165
-----Original Message----- From: Eric J Esslinger [mailto:eesslinger@fpu-tn.com] Sent: Thursday, January 05, 2012 9:57 AM To: 'nanog@nanog.org' Subject: question regarding US requirements for journaling public email (possible legislation?)
Hope yall had an 'eventless' holiday. (I.e. no pages at 2 am on a holiday morning). Sorry to drop what is possibly just someone misunderstanding something or pulling my leg on the list, but over the holidays I ran into one of my buddies that is also a network admin type and he was griping about mail journalling, which I already do for our corporate email accounts. However, his discussion was in terms of all customer email... Which I said was probably a bad thing to do. His response was there is legislation being pushed in both House and Senate that would require journalling for 2 or 5 years, all mail passing through all of your mail servers.
I've seen nothing, and my google fu has turned up nothing other than corporate requirements, so I ask here. Has anyone heard of such a bill working it's way through either side of congress?
(I am speaking specifically of full email journaling, not just logs, which I do archive for significant amounts of time.)
I also don't want to discuss the pros, cons, merits, costs, goods, or evils of such a requirement, just wanted to know if this is something I should be looking forward towards maybe needing to implement.
Thanks for your attention and may you have a low incident new year. __________________________ Eric Esslinger Information Services Manager - Fayetteville Public Utilities http://www.fpu-tn.com/ (931)433-1522 ext 165
This message may contain confidential and/or proprietary information and is intended for the person/entity to whom it was originally addressed. Any use by others is strictly prohibited.
This message may contain confidential and/or proprietary information and is intended for the person/entity to whom it was originally addressed. Any use by others is strictly prohibited.
-- Ray Soucy Epic Communications Specialist Phone: +1 (207) 561-3526 Networkmaine, a Unit of the University of Maine System http://www.networkmaine.net/