Proton Mail adds data retention policies for organizations (first only visionary)
1 Like
Surprised they didn’t already have this. I would assume most business customers would want this.
They are slow to provide things people need. To do it right with all the right privacy and security, it also times time to develop. Plus, they may not have the resources and manpower of the big tech so that’s another constraint. Even that said, they are still very slow with many things.
2 Likes
Yeah. I get that. Just surprised they would have a business offering without data retention policies. Usually its a pretty critical component.
1 Like
If ProtonMail is trusted to store emails with zero knowledge encryption, does this have any value?
I suppose it would serve as a precaution against data leakage, should your account get breached. But given their encryption scheme, that should only be possible with your account credentials in-hand. Mitigate this risk with proper account security & 2FA, passkey tied to a device
So it’s a duress guardrail? If you are under duress and forced to hand account credentials to an adversary, your data has already been sanitized by policy
I only imagine this is meaningful to a very small number of incredibly high-risk individuals. Still, nice
Your company still has access to the data. You (the employee) are just a user, the account owner is your company.
I think you are misunderstanding which parties are accessing this data.
is to protect your data from proton not from the account owner.
1 Like
Yes it does. Legal requirements on retention apply regardless of encryption and general security practices too. Don’t hold on to data that is no longer necessary.
Retention policy surely is topic in many standard audits, and legal compliance such as with GDPR.
1 Like