Yes and I think that works with many areas and in many products.
But when you have confidential information in the mix - especially stuff that might have SEC implications - it changes the game.
A few years ago, I did a contract with a company that had a system that deleted all email greater than a year old. While the official answer was that it was "to save space and improve network performance" I suspect the unstated reason was to prevent fishing expeditions.
If your email is being cc'd outside the org and read by actual humans, that introduces some awkward problems.. and may force people to admit the actual reason for the policy. ;)
But when you have confidential information in the mix - especially stuff that might have SEC implications - it changes the game.
A few years ago, I did a contract with a company that had a system that deleted all email greater than a year old. While the official answer was that it was "to save space and improve network performance" I suspect the unstated reason was to prevent fishing expeditions.
If your email is being cc'd outside the org and read by actual humans, that introduces some awkward problems.. and may force people to admit the actual reason for the policy. ;)