Hi Andrea,

I am a consultant, not an end user, but what I have found effective for my
clients is a combination of all of the above. It starts with an email policy
that includes, not just the usual "email is not for sharing off-color jokes
and chain letters", but talks about how to determine if an email is a
record, what to do with it if it is/isn't, how to delete email that
is/isn't, etc. Then comes training to ensure that users have at least been
exposed to the policy and the underlying concepts. Periodic auditing is a
good way to ensure adherence to the policy.

Technology can help, in terms of auto-classification, automated
disposition(!), and the like, but I'm not convinced of the infallibility of
these systems - most of them still require some manual intervention from
time to time. And all of this takes time, energy, and sometimes money. :)

The August Transform Magazine and September AIIM E-Doc Magazine both focused
on email and cover some of the policy aspects as well as the technologies -
and of course take a look at ANSI/ARMA 9-2004, "Requirements for Managing
Electronic Messages as Records" which has a lot of these ideas covered as
well.

Hope this helps - I just recorded a course for AIIM on email and regulatory
compliance and would be happy to discuss with you offline.

Cheers,

Jesse Wilkins
CDIA+, LIT, EDP, ICP
IMERGE Consulting
(303) 574-1455 office
(303) 484-4142 fax
[log in to unmask]
http://www.imergeconsult.com

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance