There are privacy concerns about email content during both transmission and storage.
Since SMTP is not an encrypted protocol, unless you apply encryption at a higher level through something like S/MIME or PGP, the entire message is transmitted around the Internet in clear text, for all with packet-sniffing software to see (if they care).
Also, as Microsoft found out during the anti-trust trial, old email can come back to haunt you in a variety of ways. In Microsofts case, internal memos mined from corporate email archives were presented as evidence by both sides. Did it help them or hurt them? It was probably a bit of both. Think about the potential for this when developing your retention policy.
Theres no getting around it -- email has a disturbing tendency to hang around for longer than you expect, and to be seen by more people than you expect. Whether its an email by a curious user to BEDLAM DL3170, asking what the list (distributed to all of Microsoft.com) was for, personal discussions on a company server that ended up in a temp file seen by a system administrator, an email from one administrator to another about an intrusion that was just detected (which was read by a cracker who then knew to cover his tracks), or messages that should have been sent encrypted that were deleted the next morning by the receiver (but which still sit on backup tapes, protected in the corporate data vault, a year later), the contents just tend to be much less private than you think they are. When in doubt about whether you really should, email something or not, just pick up the phone.
170. Winser, Michael, Bedlam, UserLand discussion group archives, http://static.userland.com/userLandDiscussArchive/msg000484.html
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.