CA & DA legal exclusions
Good afternoon! The topic has come up at my company before but no action was required previously. Of course, the story has changed and now I need to fix things.
We have a legal department that would like all their emails excluded from searches, unless the search is being performed by certain individuals, so that the legal department emails remain strictly confidential and ensure that they are not accidentally captured or worse, exported.
In CA, I've set it up so certain departments synchronize with Active Directory groups. Like most companies, employees in one department may also be members of another department - there are seldom any truly strict boundaries. One of the departments I created in CA is "Legal" and it synchronizes with an Active Directory group that contains all the Legal employees at our company. However, all those same employees are also member of a group called "The Whole Company" which synchronizes with the Active Directory group "Everyone" because it's possible that a CA search might need to include every employee at my company.
We do not currently synchronize with any Active Directory groups for DA - so, no custodian are setup. We currently use all free-form addresses for searches in DA.
Maybe I need to eliminate "The Whole Company" group as part of the requested change but I'm a bit confused on the varying possibilities on accomplishing my goal. I thought all I might need to do would be to establish a department partition that only contains the Active Directory group "Legal" and then their emails would not show up when searching any of the other departments.
Any input on what others have done would be extremely helpful. I realize there may be more information needed in order to provide a helpful response, so I will provide additional information if I can.
We are currently running EV/CA/DA 10.4.
While EV_Ajay is correct in that you need to deactivate those Legal Users within CA, you still have the possibility of messages between them and any other Monitored Employee showing up in a Department's review set. This is due to the fact that the messages would still be tagged with the Department ID of the other Monitored Employees and are, therefore, eligible for Random Sampling in those Departments.
As you are on EV/CA/DA 10.0.4, your best bet to ensure e-mails to or from the legal folks are never sampled is to install Enterprise Vault Dat Classification Service (EV-DCS) and have messages to or from those folks tagged with the exclusion tag. With that exclusion tag in place, you can be assured that those items will never be sampled and can be excluded from most CA and DA searches.
Yes, EV-DCS is another expense and more servers that need to be implemented, and there are other ways to exclude such messages, but those other ways are more work in terms of the configuration of the search criteria used in CA and DA. Your Symantec Account Manager should be able to help you obtain resources needed to better determine the best fit for your company's implementation of CA and DA.
I apologize for this post sounding like a sales pitch. I just wanted you to have enough information to make an informed decision as to how to proceed.