This one hit me a bit by surprise. A couple readers wrote about it asking for advise. Our reader Steve found a good authoritative source at Lexis Nexis .
I am not a lawyer, and the article doesn't exactly provide anything new to me. As far as I know, electronic evidence like e-mail archives has been "fair game" for discovery all along and as a sysadmin you could get into trouble for deleting any archives after being asked not to do so.
You may just want to sent the link to your corporate lawyer and have them figure out if any policies need to be changed. This should only affect US based corporations.
I will be teaching next: Intrusion Detection In-Depth - SANS Las Vegas Spring 2020
Dec 1st 2006
1 decade ago