Are retention rules and ediscovery an alternative to cloud backup?
A Guide to Data Retention in Gmail
6 Dec 2021
6 min read
With over 5 million business users, Gmail has grown to become Google’s most successful product yet and one of the most popular email clients globally.
Widespread adoption of Gmail by business users for everyday communication also means an increase in data loss due to human error and cyber threats.
This article explores the different ways in which Google Workspace administrators can retain Gmail data.
1. What is Gmail data retention?
Gmail data retention can be defined as the preservation of emails to prevent loss of critical data or to meet compliance regulations.
Google does not take responsibility for safeguarding any user Gmail data and this onus falls on an organization’s IT administrator.
1. 1. Default Gmail retention in Google Workspace
Deleted Gmail emails move to the user’s Trash where it stays for a 30-day period, during which time, the user can restore them directly. After the 30-day period, users will no longer have access to the deleted email in their Trash. However, an Administrator can restore the email(s) from the Admin Console within the next 25 days, after which the email gets permanently deleted.
Below is a diagram illustrating the movement of a Gmail email from the moment it gets deleted to the time of recovery (from the user recycle bin or the admin console).
For different ways to recover Gmail emails, click here.
Limitations of default Gmail retention
The default retention setting in Google Workspace alone is not enough:
The emails retained in a user’s Gmail account is counted towards the total Google storage (including the email attachments and the emails in the Spam and Trash folders).
Emails are permanently deleted after the retention period expires. Deleted emails are only stored for a limited period in the individual user recycle bin and the admin console- after which it is permanently deleted.
1.2. Native retention settings to secure Gmail
Google Workspace also offers native retention settings in Google Vault to help organizations retain Gmail emails efficiently, and for a longer duration, even after it is deleted by the user.
According to Google, Vault is an information governance and eDiscovery tool that helps organizations retain, hold, search, and export users’ Google Workspace data.
Using Vault, organizations can:
Set retention rules to retain data for a specific period
Set retention rules to delete data after a certain date
Identify, preserve, and collect user data as a part of eDiscovery
Below is a diagram summarizing the basic capabilities of the two data retention features available with Google vault.
To know more about what is Google Vault, Vault retention rules, holds, and license requirements, read our in-depth article.
1.2.3. Gmail retention using retention rules in Google Vault
Organizations can set specific retention rules to secure emails. With retention rules, organizations can:
Retain emails for a specific period: Organizations can configure retention rules in Google Vault to preserve relevant Gmail emails for a specific period. These emails will continue to be retained even when users delete the file.
Delete emails when no longer needed: Organizations can set retention rules to delete sensitive or unwanted emails from the user accounts and purge it from the Google systems.
There are two types of retention rules that can be applied to Google Workspace data-
Default Retention Rules and
Custom Retention Rules
Default retention rules
Organizations can modify/use a default retention rule to keep the emails in a service for all licensed accounts for a specific time. Default retention rules cannot be applied to specific accounts or time periods, and there can only be one default retention rule for each service.
Organizations can apply a default rule apply only if a custom rule or a hold is not already in place.
Custom retention rules
Unlike default retention rules, custom retention rules can be fully customized to an organization’s needs. Custom retention rule set for Gmail and Groups can be set by organizational units, date ranges, and specific search terms.
Businesses can set custom retention rules to preserve specific emails for a certain period. Organizations can set more than one custom retention rule. The custom retention rules supersede the default retention rules.
The Gmail retention rule with the latest expiration date takes precedence over the other rules.
How to secure Gmail emails using retention rules?
To set custom retention rule for Gmail email, follow the below steps:
Step 1: Sign-in to Google Vault using the Super Administrator credentials.
Step 2: Click “Retention”.
Step 3: Click “Custom Rules” from the navigation bar on top.
Step 4: Click “Create”.
Step 5: Select “Gmail” under the Service drop down, select the Scope (organizational units), add conditions if any (e.g.: sent date, subject line, username etc.), duration of the retention period, and action to be taken after the expiration of the policy.
Step 6: Click “CREATE”
What happens when a Gmail email gets deleted after applying a retention rule?
Once a retention rule is applied, the data is preserved throughout the specified retention period even if the user deletes it from their account or Trash. The diagram below illustrates how a deleted Gmail email can be recovered when a retention policy is applied.
1.2.4. Gmail retention using eDiscovery in Google Vault
eDiscovery is the process of identifying, preserving, and presenting data as relevant evidence in a legal case. Using “Matters” in Google Vault, administrators can run searches to identify, and place holds to preserve Gmail emails from different accounts. Gmail messages, attachments in Sent, Drafts (that are not deleted), Trash, Archive and Spam folders can be protected by Google eDiscovery.
Matters are virtual containers that hold all the searches, exports, and holds related to a specific eDiscovery project.
An eDiscovery hold takes precedence over a retention rule applied to specific content in Google Workspace services.
How to secure Gmail emails using eDiscovery?
To place a hold on Gmail emails using the eDiscovery tool in Google Vault, follow the below steps:
Step 1: Sign-in to a Google Vault with Super Administrator credentials.
Step 2: Click “Matters”.
Step 3: Click “Create” or open an existing Matter.
Step 4: Click “HOLDS” from the top navigation bar.
Step 5: Click “Create”. Enter a name for the Hold,click “Gmail” under the Service drop-down. Choose a specific account or org units as the scope of the Hold,add conditions of the search (sent/received date, query terms).Click “CREATE”.
The emails on hold remain preserved until the hold is removed, the user account gets deleted, or the organization’s Vault license expires.
Administrators can remove the hold by deleting it.
Can you delete emails that are put on eDiscovery hold in Google Workspace?
Users can delete the emails from their accounts even if an eDiscovery hold is applied. The emails then disappear from the individual user’s account.TheSuper Administrator or a Vault user with specific privileges, however, can continue tosearch for, preview, and export the delete emails from the Vault.
1.2.5. Can retention rules and eDiscovery holds be used as an alternative to cloud backup to secure Gmail emails?
In short, no. eDiscovery and retention rules cannot be used as an alternative to a third-party backup solution to secure Gmail emails. While their basic data protection capabilities can secure critical business data from getting deleted or lost, a third-party backup solution offers much more.
Unlike Vault, third-party backup solutions like SysCloud offer features like automated backups, single-click restores, cross-user email restore that decrease recovery times and minimize negative impact on productivity.
Absence of restore Features- Unlike SysCloud, backup Google Vault does not help with data restoration at the click of a button. Additionally, SysCloud also allows organizations to restore individual emails and labels to a different user account (cross-user restore).
Deleted user accounts- If an administrator removes a Gmail user account in the organization’s Google Workspace domain, all emails related to that user is lost even if the account was placed on hold.
SysCloud backup, on the other hand, retains all backed-up emails related to deleted or suspended users, at no additional cost.
Comprehensive Backup- While Google Vault’s eDiscovery and retention rules help organizations preserve emails, it is not a backup solution. Third-party backup tools like SysCloud are capable of automatically backing up all Gmail data. SysCloud backup also provides the capability to export or restore the backed-up content with just a few clicks.
Outages- Gmail outages lock users out of important data for hours, impacting business productivity. Unlike eDiscovery holds, backup tools like SysCloud can help organizations access their files during outages and continue work during the downtime.