Manage Retention Policies with Google Vault
Learning Objectives
After completing this unit, you’ll be able to:
- Set up and default and custom retention rules.
- Configure a legal hold.
- Search and export data.
Archive, Hold for Legal, and Search and Export Data
Create Retention Rules
Before Vault will preserve data you must have a retention rule. There are two types.
- Default: This global rule applies to your entire organization. You can define a default retention rule for each type of data supported. Default rules define how long to keep data and what to do with the data once the time has elapsed. Default rules are only triggered if no custom rules or holds apply.
- Custom: Custom rules offer more flexibility than the default rules. For example you can create a custom rule and apply to OUs. You can set date ranges and enter search terms to match data such as Gmail messages. Custom rules always override the default rule, and if multiple retention rules apply to a message or file, it’s retained according to the rule with the longest retention coverage period.
In this exercise, you define a default and a custom retention rule for Gmail.
You receive the following email from Sam Morse.
Hello Awesome Admin,
I’ve been thinking about how we retain information in Google Workspace. I want to ensure that we retain our email for a year even if the email has been deleted from the user account. At the same time I would like to keep executive emails for 5 years. I understand that Google Workspace offers us the capability to do that. Can you make this happen?
Regards,
Sam Morse, CEO
Indeed we can.
Configure a Custom Retention Rule for Executives
Sam wants all mail to be archived for a period of one year after which it can be expunged. Messages from any executives should be retained for 5 years. Start by creating a custom rule that will apply to the executive only.
- If you are not already signed in, sign in to your domain as the administrator at admin.google.com.
- Open a new browser tab and open vault.google.com. This will open Google Vault.
- Click the Retention card.
- Click the Custom Rules tab.
- Then, click Create.
- In the Service field, select Gmail, then click Continue.
- Select the Executive Organizational unit, then click Continue.
For the purposes of this exercise you can skip the conditions section. This section however is useful if you want to define date criteria or search terms for this rule. - Click Continue.
- Change the duration value from Indefinitely to Retention period and configure the following parameters.
1825 days
(5 years).- Ensure Purge only permanently deleted messages is selected.
- Then, click Create.
- Read the informational messages that follow, tick them, and click Accept to create the rule.
This custom rule will expunge any message over 5 years old that the user has already deleted. This rule is applied to the Executive OU only. Now we will add the default rule.
- Click the DEFAULT RULES tab, then click the Gmail icon in the services list.
- Change the duration value from Indefinitely to Retention period, then enter 365 days (1 year) and ensure 'Purge only permanently deleted messages' is selected. Note: If you choose the second option this rule may expunge messages that users want to keep.
- Click Create. Read the informational messages that follow, tick them, and click Accept to create the rule.
The default rule above will automatically expunge all deleted messages after 1 year. Note that the custom rule you created initially overrides the default rule so the Executive OU's deleted messages are retained for 5 years.
The Gmail service includes a compliance setting 'Email and chat auto-deletion' that enables you to automatically delete email and chat after a specified number of days. You should not use this feature alongside Vault. More details can be found in the Control email and chat message storage article.
Create a Matter and Place Users on Hold
In Google Vault, a matter is a container for all the data related to a specific topic, such as a litigation case or investigation. A matter includes:
- Saved search queries
- A list of accounts with data on litigation hold
- A list of the accounts that can access the matter
- Export sets for the matter
- An audit trail for the matter
In this exercise, you create a matter and place two user accounts on hold.
You receive the following email from Sam Morse.
Hello Awesome Admin,
We have an issue with Project X, and I need to ensure we retain all relevant emails relating to this project. I know we expunge messages over 1-year old but I need them to be retained until the situation is resolved for the following employees.
lars.ericsson@yourdomain,
jon.baird@yourdomain
Regards,
Sam Morse, CEO
Can do, Sam.
- If you are not already signed in, sign in to your domain as the administrator at admin.google.com.
- Open a new browser tab and open vault.google.com. This opens Google Vault.
- Click the Matters card.
- Then, click Create.
- In the dialog box, enter Matter name
Project X
then click Create. - Click the Holds tab.
- Then, click Create.
- Enter a Name of
Project X related messages
. - In the Service field, select Gmail.
- Then, click Continue.
- Ensure Type is set to Specific accounts and enter the following email addresses into the box below:
lars.ericsson@yourdomain
jon.baird@yourdomain
- Click Continue.
You could at this point use the conditions section to refine the data to hold. For example, if Project X only started 2 months ago, you might want to retain only messages after the project started, or you might want to use search terms to hold only messages that make reference to Project X. See Use search operators. In this case however, you retain all messages for the two accounts above. - Click Create.
Messages for the two users will now be retained until the hold is lifted. At this point you can share the hold from the hold list. You can also edit the hold as needed.