
Organizations need to look at defining a formalized retention policy for electronic records and email documents. This policy should be based on the organization’s retention needs from statutory and legal perspectives, as well as its own internal auditing requirements. In many cases, there may already be records retention policies in place, which should be modified to include electronic records.