Mr. Dunn,
 
I am writing in reference to your article entitled "In Depth: E-Mail
Management.  I am particularly concerned about the following statement:
 
"Many industries have regulations such as the Health Insurance
Portability and Accountability Act in health care, and all public
companies are governed by Sarbanes-Oxley.  These and other rules require
companies to retain and archive E-mail for three to seven years."
 
This statement is wrong.  Neither HIPAA or Sarbanes Oxley either
specifically or in general establish a retention time for email. Both
require retention of records for various lengths of time.  But specific
retention of email is not even mentioned.  SEC regulations do have such
requirements, but only for emails relating to very specific activities.
 
I would like to suggest a follow up story called the "Great E-Mail
Hoax".  Stories like yours in industry magazines continue to perpetuate
the myth of specified email retention even after readers continually
write to correct the error.  I suggest you read the comments of the
following for some examples:
http://www.cio.com/comment_list.html?ID=1568
 
Bill Roach, CRM
Enterprise EDMS Coordinator
State of North Dakota
ITD/Records Management
701-328-3589

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance