For many years customers running POSTINI (which later got migrated to Google Vault) had the luxury of having free leaver licenses for those employees who had left the organisation. This free license allowed the business to retain the email data of the ex-employees. Organisations with lengthy POSTINI contracts were later provided Vault Former Employee (VFE) licenses, also for free.
Archive User licenses
Now that those contracts are coming to an end, Google are moving organisations from VFE to Archive User (AU) licenses, however AU licenses are not free ($4 - Business Plus, $7 - Enterprise Plus, per user per month.)
So many organisations are now looking at this data and having conversations around retention rules for ex-employees. As previously discussed migrating emails does not seem to be an option favoured by many. After all, emails are private and personal by design, they should not be migrated to another employee with “insider knowledge” who would browse through 1000’s of emails to find a crumb or two of juicy information.
An alternative approach is to move email data from Google Vault/GMail to cloud storage or a database, using solutions such as Got Your Back as
Do we need ex-employee email communications?
Why do organisations want to retain ex-employee email communications? Many organisations will need to retain historical data for legislation reason, and if this is the case the Google Archive User license is perfect for them. Data is retained in it’s original format unmodified, with strong audit controls in place.
Backing Up Google Workspace
Backing up Google Workspace is becoming more and more important as
So, what are your thoughts?
It’s becoming a complex landscape for organisations with so many options and areas to consider.
- What are you doing with ex-employee email communication?
- Are you backing up your Google Workspace accounts?
- Do you need access to historical email communications and if so why?
- What are your thoughts on the rights of the individual?
- Do you have any recommendations or suggestions?
had a similar discussion with a friend who is working for an org that is in the process of migrating from google to microsoft on what needs to be migrated/kept. emails for active employees were migrated using a migration tool. ended up creating multiple vault exports to PST for email for former employees to be kept as an archive in cold storage.
though i don’t have much experience with VFE license, very interested in this conversation. From what I have observed in previous conversations, I feel like their are regional differences (EMEA vs. AMER)
@hjkimbrian what regional differences are you referring to? When we had a discussion on the UK&I Community Google Meet the EU representatives definitely had more “email is personal and private” opinion, as did some from AMER, but not all.
the notion that email (in a corporate managed solution) is “personal” is a misunderstanding of many. even in the EU.
All, yes, ALL, emails are corporate owned information, and can be reviewed, analysed and stored as the corporation requires.
There are some limitations of course : if you specifically labelled your email subject “PRIVATE” or a similar state, that can be understood that the information within is of a personal nature, then the contents of the email may not be shared, used or distributed without the email account owner (the person in personal,) giving explicit consent. Unless that information is of a sort to breach legal or ethical or company policy rules and regulations. (You cannot hide the fact you took a bribe by talking about it in an email and then ensuring to label it “Private”). then that protection is no longer available. (Note that information that is inherently private is always private (health records for example) even if they are not labelled as such !
Most of the time, email is stored as a risk aversion solution. If anyone ever sues for wrongdoing, etc.. you retain the evidence proving or disproving the claim (contract negotiations, promises made etc..)
There are legal retention rules for certain activities, but it is not necessary to retain everyone email more that what is reasonable. Reasonable will depend on your business cycle (if you product takes 18 months to build and has a life-cycle of 25 years.. you will have longer retention periods…)
While the GFE licences where available, they where the simplest and cheapest option… with the AU licences.. that now is not necessarily the option.
A good retention policy requires a good look at why you need to retain it, how you need to retain it and what are the impacts if you don’t. it is not and should not be a simple lets just keep everything forever !
As for individuals… create a private email account and don’t use your corporate email for personal communication. simple.
Hope this helps.
You also make an excellent comment “A good retention policy requires a good look at why you need to retain it, how you need to retain it and what are the impacts if you don’t. it is not and should not be a simple lets just keep everything forever !”
Organisations absolutely need to start looking at their retention needs, and understand why they need to keep emails, where they need to be kept and for how long.
In the view of someone working in a governmental organisation, a municipality/county in Sweden, which is a part of EU, I’d go with GDPR’s least amount of data processing possible (a paraphrase, not a quote), so our email policy is to delete everything within 90 days.
The base rule is that “email isn’t to be considered a document archive”. If something is of such importance that it needs to be retained more than 90 days, then it should be documented elsewhere.
Therefore we also have no backup for email, other than the redundancy offered by O365 and Google Workspace. For the entire school district, 4k students 1500 staff, we also have zero backup for the other services, other than the redundancy of Workspace and retention in Vault (also set to 90 days after deletion for both Gmail and Drive).
We do have very strict national and local rules on what data MUST be retained, but that is logged in an e-archive system, and is mainly official decisions, either from requests by the inhabitants of the municipality (“I want to rebuild my house, can I?”), or things that public service workers decide in their day to day work (“This area is to be used as a park or parking.”).
90 days and no backup? That’s the first time I read something like that.
Thanks for sharing it
Can I repeat that “wow” here? No backups and only 90 days retention policy? This is for ALL governmental email data?
But this shows how effective the Swedish governmental systems can be!