ACLs Important for Email DMS

Users are accustomed to documents being put into a document management system (DMS), so that others will be able to see the document. That's the sort of application for which these systems have been designed.

But when it comes to putting their email into a corporate archive, some users freak out. Suddenly, their email contains a lot of highly personal material. They're right. Much of email is very confidential in nature. Privacy is very important; access to others should only be on a selected basis, and according to a policy that's understandable by everyone.

Hence the importance of finely grained access controls for archived email.

... David Ferris

One Comment

  1. Ralph Ehlers
    Posted July 29, 2008 at 5:17 AM | Permalink

    Hi David,
    I think that much more important than technical provisions like access controls is a corporate policy on how personal/private data is being treated. That has to include a definition of ‘personal’ and of ‘private’ data, which should go beyond E-Mail format. if that has reasonable rules there will likely be no need for fine grained access controls, which tend to be cumbersome in practice. The consequence of such a policy will be that users themselves will have to make a clear distinction between private stuff and other!


  2. Posted July 30, 2008 at 2:34 AM | Permalink


    That’s interesting. So if I understand you correctly, you think it’s enough for users to categorize a piece of stored info as either:
    * Private–only I or specifically qualified admins can see it
    * Personal–this has got nothing to do with work
    * Anyone can have access

    And that this, for most organizations, works well enough.

    Did I understand you correctly?


  3. Ralph Ehlers
    Posted July 30, 2008 at 3:15 AM | Permalink

    Hi David,
    what users have to do will be governed by the E-mail policy. US companies are likely not to grant any special protection to private messages, but EU-based companies very likely have to. How that will get defined and what it actually means for user based categorization has to be clarified in the policy. What you had termed ‘personal’ may actually be in a grey zone between private and business.

    From our legal folks I learned that e.g. the content of Outlook’s ‘Contact’-folder is considered personal information, even though only address data relevant to business might be stored there. In several European countries that area requires at least special attention by the legal people.

    As for access to mailboxes and archived items in general, that also should be defined in the policy. A pragmatic approach might be to state that in general mailboxes and archived items are protected and can be accessed only by their owner, however, under special circumstances access by well defined groups of administrators and legal operatives should be allowed, examples of such circumstances could be trouble shooting, direct response to and postmortems of cyber attacks, e-discovery for litigation and regulatory audits and criminal prosecution. This should apply to mailbox content and to archived items in the same way.


  4. Posted July 31, 2008 at 6:37 AM | Permalink

    Thanks for elaborating.

    I appreciate that privacy will frequently be handled differently, depending on the country. I also like your point that policy will dictate who can do what. I also like your attempt to find several rough-and-ready categories which are usually sufficient.

    Nevertheless, for example, I would think that often people will work in project teams, where it will need to be okay for certain other members of the project team, and their successors, to access relevant ESI. Given that, I would expect a finer level of granularity to be required than just public/private/personal. But perhaps I haven’t yet fully digested your point–david

Post a comment

You must be logged in to post a comment. To comment, first join our community.