Fallacy: An archive does not allow you to permanently delete an email
I read with interest a recent Mimecast blog which refers to a TechCrunch article on the News Corporation phone hacking scandal. The archiving vendor alludes to the concept of an email archive making it possible to permanently delete an email from circulation.
Perhaps I mis-read the intention of the writer, but here's a home-truth speaking from experience:
Even if you maintain a central archive of your emails, be it on-premise or the cloud, deleting any given email from said archive is highly unlikely to delete all copies of the email.
This is because any given email is likely to exist in many other places besides an archive (and print outs in a crate), including:
- on past backups of your email and archive servers
- in personal email archives (aka PST files) that can exist on the user’s own hard disk or even a memory stick, and
- assuming it wasn't just an internal email, in the archive of the organisation with whom an incriminating email was exchanged.
The first 2 examples are becoming easier to tackle. Earlier this month Microsoft released its own tool to find and 'round up' the contents of PST files and for many years now our UK-based email management organization has been delivering services and software to aid the search and recovery of emails from backups, PSTs and other locations.
So yes - implementing a robust archive along with sound and defensible policies for deletion can significantly reduce your eDiscovery costs and limit your exposure, but if the crunch comes, the incriminating emails can and will come out of the woodwork more easily than you think.