In response to Caroline Ives query, I would suggest that people look at
PD5000:- An International Code of Practice for Electronic Documents and
e-Business Transactions for
-       evidence
-       audit
-       long term duty of care
The code promotes the idea of original electronic documents and includes a
section on e-mails.  In Annex A of Part 2 of the code, it suggests that
deletion processes need to ensure that the original, all copies, backups and
external copies are deleted.  Certainly in the event of litigation, backup
copies could be a ticking bomb! (This is already true in the US where data
recovery from backup tapes is currently big business)

It is increasingly important that organisations have a documented policy for
the management of e-mails as part of a wider information/records management
strategy especially where they are identified as 'business records'.

Regards,
Graham Hadingham
Consultant
Iron Mountain (UK) Ltd.
Third Floor, Cottons Centre
Tooley Street
London
SE1 2TT
Tel:       020 7939 1556
Fax:      020 7939 1503
Mobile:  07973 257884
E-mail:  [log in to unmask]
<mailto:[log in to unmask]>
Web:    www.ironmountain.co.uk <http://www.ironmountain.co.uk/>


-----Original Message-----
From: Caroline Ives [mailto:[log in to unmask]]
Sent: 13 September 2004 16:41
To: [log in to unmask]
Subject: Adequate destruction of e-records (and back-ups)

Apologies firstly if this is a topic that has been raised already,(as I
believe it might have been- but  can't seem to find it in the archive).

Although FOI guidance from the Information Commissioner (No.8) says that it
is sufficient to delete "twice," to be considered as 'no longer held,'by
the Authority for FOI purposes; am I right in thinking that this might be
insufficient for other RM obligations, (DP/Legal Disclosure & Discovery and
for compliance with BS 15489,) as information may still be retrievable
through back-ups.

I'd be grateful for any feedback or pointing in the right direction if this
has already been addressed, (particularly if their is any guidance on
adequate destruction under Data Protection).

Many thanks,
Caroline Ives
This email and its attachments are confidential under applicable law and are intended for use of the sender's addressee only, unless the sender expressly agrees otherwise, or unless a separate written agreement exists between Iron Mountain and a recipient company governing communications between the parties and any data that may be so transmitted.  Transmission of email over the Internet is not a secure communications medium.  If you are requesting or have requested the transmittal of personal data, as defined in applicable privacy laws, by means of email or in an attachment to email, you may wish to select a more secure alternate means of transmittal that better supports your obligations to protect such personal data.

If the recipient of this message is not the recipient named above, and/or you have received this email in error, you must take no action based on the information in this email.  You are hereby notified that any dissemination, misuse or copying or disclosure of this communication by a recipient who has received this message in error is strictly prohibited. If this message is received in error, please return this email to the sender and immediately highlight any error in transmittal.  Thank you.