“Retention policy” is a phrase used in a Wall Street Journal article? Wow! It’s time has come!
One person is quoted as saying that retention policies should be 30 days. Retention policies meet the needs of the companies. I generally advise creating “buckets” into which your documents, email included, can fit, and setting retention policies that align with the relevant statutes of limitation.
The technology exists to make records management relatively painless. It hums away in the background.
For years, privacy officers have advocated records retention programs as a balance between keeping data that is necessary and for as long as necessary, with the benefits of deleting it as soon as it is not necessary- e.g., getting rid of the loaded gun lying around before it goes off. If the data has been deleted, it’s hard to be victimized by its breach.