Search Images Maps Play YouTube News Gmail Drive More »
Sign in
Screen reader users: click this link for accessible mode. Accessible mode has the same essential features but works better with your reader.

Patents

  1. Advanced Patent Search
Publication numberUS20060156381 A1
Publication typeApplication
Application numberUS 11/034,483
Publication dateJul 13, 2006
Filing dateJan 12, 2005
Priority dateJan 12, 2005
Also published asUS7703125, US20060156382
Publication number034483, 11034483, US 2006/0156381 A1, US 2006/156381 A1, US 20060156381 A1, US 20060156381A1, US 2006156381 A1, US 2006156381A1, US-A1-20060156381, US-A1-2006156381, US2006/0156381A1, US2006/156381A1, US20060156381 A1, US20060156381A1, US2006156381 A1, US2006156381A1
InventorsTetsuro Motoyama
Original AssigneeTetsuro Motoyama
Export CitationBiBTeX, EndNote, RefMan
External Links: USPTO, USPTO Assignment, Espacenet
Approach for deleting electronic documents on network devices using document retention policies
US 20060156381 A1
Abstract
An approach is provided for deleting electronic documents on network devices using a document retention policy. The document retention policy specifies one or more deletion criteria for documents belonging to each of a plurality of document classifications. The document retention policy is defined by document retention policy data that is managed by a document retention policy manager. The document retention policy manager disseminates the document retention policy data to network elements over a communications network. The document retention policy manager determines whether a retention policy audit should be performed and if so, signals the network elements to conduct a retention policy audit. The network elements are configured to conduct the retention policy audit by deleting electronic documents in accordance with the document retention policy. The network elements are further configured to generate and provide to the document retention policy manager report data that indicates results of performing the retention policy audit.
Images(6)
Previous page
Next page
Claims(45)
1. A computer-implemented method for deleting electronic documents on network devices, the computer-implemented method comprising:
retrieving document retention policy data that specifies one or more deletion criteria for each of a plurality of electronic document classifications;
transmitting the document retention policy data to one or more network devices over a communications network;
determining whether a retention policy audit should be conducted; and
if the retention policy audit should be conducted, then
signaling the one or more network devices to cause the one or more network devices to perform the retention policy audit, wherein performing the retention policy audit includes
identifying, from the plurality of electronic document classifications, one or more electronic document classifications for which the corresponding one or more deletion criteria are satisfied, and
deleting one or more electronic documents associated with the identified one or more electronic document classifications, and
receiving, from the one or more network devices, audit report data that indicates results of the one or more network devices performing the retention policy audit.
2. The computer-implemented method as recited in claim 1, wherein the deletion criteria include a time duration for each of the plurality of electronic document classifications.
3. The computer-implemented method as recited in claim 1, wherein the deletion criteria include a deletion time for each of the plurality of electronic document classifications.
4. The computer-implemented method as recited in claim 1, wherein the deletion criteria include the occurrence of one or more events.
5. The computer-implemented method as recited in claim 1, further comprising allowing a user to create and edit the document retention policy data.
6. The computer-implemented method as recited in claim 1, wherein providing the document retention policy data to one or more network devices is performed in response to the document retention policy data being updated.
7. The computer-implemented method as recited in claim 1, wherein determining whether a retention policy audit should be conducted includes determining whether user input has been received indicating that the retention policy audit should be conducted.
8. The computer-implemented method as recited in claim 1, wherein determining whether a retention policy audit should be conducted includes determining whether audit schedule data indicates that the retention policy audit should be conducted.
9. The computer-implemented method as recited in claim 1, wherein the audit report data indicates whether one or more data files could be deleted.
10. A computer-readable medium for deleting electronic documents on network devices, the computer-readable medium carrying instructions which, when executed by one or more processors, cause:
retrieving document retention policy data that specifies one or more deletion criteria for each of a plurality of electronic document classifications;
transmitting the document retention policy data to one or more network devices over a communications network;
determining whether a retention policy audit should be conducted; and
if the retention policy audit should be conducted, then
signaling the one or more network devices to cause the one or more network devices to perform the retention policy audit, wherein performing the retention policy audit includes
identifying, from the plurality of electronic document classifications, one or more electronic document classifications for which the corresponding one or more deletion criteria are satisfied, and
deleting one or more electronic documents associated with the identified one or more electronic document classifications, and
receiving, from the one or more network devices, audit report data that indicates results of the one or more network devices performing the retention policy audit.
11. The computer-readable medium as recited in claim 10, wherein the deletion criteria include a time duration for each of the plurality of electronic document classifications.
12. The computer-readable medium as recited in claim 10, wherein the deletion criteria include a deletion time for each of the plurality of electronic document classifications.
13. The computer-readable medium as recited in claim 10, wherein the deletion criteria include the occurrence of one or more events.
14. The computer-readable medium as recited in claim 10, further comprising additional instructions which, when executed by the one or more processors, causes allowing a user to create and edit the document retention policy data allowing a user to create and edit the document retention policy data.
15. The computer-readable medium as recited in claim 10, wherein providing the document retention policy data to one or more network devices is performed in response to the document retention policy data being updated.
16. The computer-readable medium as recited in claim 10, wherein determining whether a retention policy audit should be conducted includes determining whether user input has been received indicating that the retention policy audit should be conducted.
17. The computer-readable medium as recited in claim 10, wherein determining whether a retention policy audit should be conducted includes determining whether audit schedule data indicates that the retention policy audit should be conducted.
18. The computer-readable medium as recited in claim 10, wherein the audit report data indicates whether one or more data files could be deleted.
19. An apparatus for deleting electronic documents on network devices, the apparatus comprising:
one or more processors; and
a memory communicatively coupled to the one or more processors and storing one or more instructions which, when executed by the one or more processors, cause retrieving document retention policy data that specifies one or more deletion criteria for each of a plurality of electronic document classifications;
transmitting the document retention policy data to one or more network devices over a communications network;
determining whether a retention policy audit should be conducted; and
if the retention policy audit should be conducted, then
signaling the one or more network devices to cause the one or more
network devices to perform the retention policy audit, wherein
performing the retention policy audit includes
identifying, from the plurality of electronic document classifications, one or more electronic document classifications for which the corresponding one or more deletion criteria are satisfied, and
deleting one or more electronic documents associated with the identified one or more electronic document classifications, and
receiving, from the one or more network devices, audit report data that indicates results of the one or more network devices performing the retention policy audit.
20. The apparatus as recited in claim 19, wherein the deletion criteria include a time duration for each of the plurality of electronic document classifications.
21. The apparatus as recited in claim 19, wherein the deletion criteria include a deletion time for each of the plurality of electronic document classifications.
22. The apparatus as recited in claim 19, wherein the deletion criteria include the occurrence of one or more events.
23. The apparatus as recited in claim 19, wherein the memory further stores additional instructions which, when executed by the one or more processors, causes allowing a user to create and edit the document retention policy data.
24. The apparatus as recited in claim 19, wherein providing the document retention policy data to one or more network devices is performed in response to the document retention policy data being updated.
25. The apparatus as recited in claim 19, wherein determining whether a retention policy audit should be conducted includes determining whether user input has been received indicating that the retention policy audit should be conducted.
26. The apparatus as recited in claim 19, wherein determining whether a retention policy audit should be conducted includes determining whether audit schedule data indicates that the retention policy audit should be conducted.
27. The apparatus as recited in claim 19, wherein the audit report data indicates whether one or more data files could be deleted.
28. A computer-implemented method for deleting electronic documents on network devices, the computer-implemented method comprising:
receiving at each of a plurality of network devices over a communications network, document retention policy data from a document retention policy manager executing on another network device, wherein the document retention policy data specifies one or more deletion criteria for each of a plurality of electronic document classifications;
receiving, at each of the plurality of network devices from the document retention policy manager executing on the another network device, an instruction to conduct a retention policy audit; and
in response to receiving the instruction at each of the plurality of network devices, an audit processor on each of the plurality of network devices causing the retention policy audit to be conducted by
identifying, from the plurality of electronic document classifications, one or more electronic document classifications for which the corresponding one or more deletion criteria are satisfied, and
deleting one or more electronic documents associated with the identified one or more electronic document classifications;
causing audit report data to be generated that indicates results of performing the retention policy audit, and
causing the audit report data to be provided to the document retention policy manager over the communications network.
29. The computer-implemented method as recited in claim 28, wherein the deletion criteria include a time duration for each of the plurality of electronic document classifications.
30. The computer-implemented method as recited in claim 28, wherein the deletion criteria include a deletion time for each of the plurality of electronic document classifications.
31. The computer-implemented method as recited in claim 28, wherein the deletion criteria include the occurrence of one or more events.
32. The computer-implemented method as recited in claim 28, wherein the document retention policy manager on each of the plurality of network devices is configured to allow a user to specify which of the plurality of electronic document classifications each of a plurality of electronic documents belongs to.
33. The computer-implemented method as recited in claim 28, wherein the audit report data indicates whether one or more data files could be deleted.
34. A computer-readable medium for deleting electronic documents on network devices, the computer-readable medium carrying instructions which, when executed by one or more processors, cause:
receiving at each of a plurality of network devices over a communications network, document retention policy data from a document retention policy manager executing on another network device, wherein the document retention policy data specifies one or more deletion criteria for each of a plurality~of electronic document classifications;
receiving, at each of the plurality of network devices from the document retention policy manager executing on the another network device, an instruction to conduct a retention policy audit; and
in response to receiving the instruction at each of the plurality of network devices, an audit processor on each of the plurality of network devices causing the retention policy audit to be conducted by
identifying, from the plurality of electronic document classifications, one or more electronic document classifications for which the corresponding one or more deletion criteria are satisfied, and
deleting one or more electronic documents associated with the identified one or more electronic document classifications;
causing audit report data to be generated that indicates results of performing the retention policy audit, and
causing the audit report data to be provided to the document retention policy manager over the communications network.
35. The computer-readable medium as recited in claim 34, wherein the deletion criteria include a time duration for each of the plurality of electronic document classifications.
36. The computer-readable medium as recited in claim 34, wherein the deletion criteria include a deletion time for each of the plurality of electronic document classifications.
37. The computer-readable medium as recited in claim 34, wherein the deletion criteria include the occurrence of one or more events.
38. The computer-readable medium as recited in claim 34, wherein the document retention policy manager on each of the plurality of network devices is configured to allow a user to specify which of the plurality of electronic document classifications each of a plurality of electronic documents belongs to.
39. The computer-readable medium as recited in claim 34, wherein the audit report data indicates whether one or more data files could be deleted.
40. An apparatus for deleting electronic documents on network devices, the apparatus comprising:
one or more processors; and
a memory communicatively coupled to the one or more processors and storing instructions which, when executed by the one or more processors, cause
receiving at each of a plurality of network devices over a communications network, document retention policy data from a document retention policy manager executing on another network device, wherein the document retention policy data specifies one or more deletion criteria for each of a plurality of electronic document classifications;
receiving, at each of the plurality of network devices from the document retention policy manager executing on the another network device, an instruction to conduct a retention policy audit; and
in response to receiving the instruction at each of the plurality of network devices, an audit processor on each of the plurality of network devices causing the retention policy audit to be conducted by
identifying, from the plurality of electronic document classifications, one or more electronic document classifications for which the corresponding one or more deletion criteria are satisfied, and
deleting one or more electronic documents associated with the identified one or more electronic document classifications;
causing audit report data to be generated that indicates results of performing the retention policy audit, and
causing the audit report data to be provided to the document retention policy manager over the communications network.
41. The apparatus as recited in claim 40, wherein the deletion criteria include a time duration for each of the plurality of electronic document classifications.
42. The apparatus as recited in claim 40, wherein the deletion criteria include a deletion time for each of the plurality of electronic document classifications.
43. The apparatus as recited in claim 40, wherein the deletion criteria include the occurrence of one or more events.
44. The apparatus as recited in claim 40, wherein the document retention policy manager on each of the plurality of network devices is configured to allow a user to specify which of the plurality of electronic document classifications each of a plurality of electronic documents belongs to.
45. The apparatus as recited in claim 40, wherein the audit report data indicates whether one or more data files could be deleted.
Description
FIELD OF THE INVENTION

This invention relates generally to electronic document management, and more specifically, to an approach for deleting electronic documents on network devices using document retention policies.

BACKGROUND

The approaches described in this section are approaches that could be pursued, but not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated, the approaches described in this section may not be prior art to the claims in this application and are not admitted to be prior art by inclusion in this section.

Many businesses have implemented document retention policies to define conditions under which documents are to be destroyed. Businesses typically destroy documents to reduce costs attributable to maintaining old documents and to reduce potential legal liability. Document retention policies may apply to physical documents as well as electronic documents.

One of the problems with document retention policies is the difficulty in uniformly applying a document retention policy to all copies of a particular document. For example, a document retention policy may specify the destruction of a particular document after a specified time. Some copies of the particular document may be readily obtained and destroyed. Other copies of the particular document may exist but may be difficult to locate. For example, copies of the particular document may have been sent to remote storage and may be difficult, if not impossible, to locate. In other situations, the existence of some copies of the particular document may not even be known. This may occur, for example, if copies of the particular document were made, but no record was made documenting that the copies were made. This can be potentially damaging if the unknown copies are later discovered in litigation by an adverse party. Furthermore, in some situations, adverse inferences may be drawn when only select copies of electronic documents are deleted. This problem is particularly acute for electronic documents, where many copies of a particular electronic document may be unknowingly made and stored at intermediate network node locations. As a result of this problem, document management systems have been developed to implement document retention policies for electronic documents. The effectiveness of these systems necessarily depends upon knowing about the existence of all copies of electronic documents and the locations of those copies. With the proliferation of wired and wireless networks, the many different types of network devices, e.g., computers, hand-held devices, personal digital assistants (PDAs), and the many different forms of electronic documents, e.g., email and messages, it is increasingly difficult to track the existence and location of all copies of an electronic document.

Based on the foregoing, there is a need for an approach for deleting electronic documents on network devices that does not suffer from limitations of prior approaches.

SUMMARY

An approach is provided for deleting electronic documents on network devices using a document retention policy. The document retention policy specifies one or more deletion criteria for documents belonging to each of a plurality of document classifications. For example, the document retention policy may specify that documents belonging to a particular document classification are to be deleted after a specified time, at a specified time or in response to the occurrence of a particular event. The document retention policy is defined by document retention policy data that is managed by a document retention policy manager. The document retention policy manager disseminates the document retention policy data to one or more network elements over a communications network. The document retention policy manager determines whether a retention policy audit should be performed. If so, then the document retention policy manager signals the one or more network elements to conduct a retention policy audit. The network elements are configured to conduct the retention policy audit by deleting electronic documents in accordance with the document retention policy. The one or more network elements are further configured to generate and provide to the document retention policy manager report data that indicates results of performing the retention policy audit.

According to one aspect of the invention, a computer-implemented method is provided for deleting electronic documents on network devices. Document retention policy data is retrieved that specifies one or more deletion criteria for each of a plurality of electronic document classifications. The document retention policy data is transmitted to one or more network devices over a communications network. A determination is made whether a retention policy audit should be conducted. If the retention policy audit should be conducted, then the one or more network devices are signaled to cause the one or more network devices to perform the retention policy audit. Performing the retention policy audit includes identifying, from the plurality of electronic document classifications, one or more electronic document classifications for which the corresponding one or more deletion criteria are satisfied and deleting one or more electronic documents associated with the identified one or more electronic document classifications. Audit report data is received from the one or more network devices that indicate results of the one or more network devices performing the retention policy audit.

According to another aspect of the invention, a computer-implemented method is provided for deleting electronic documents on network devices. Document retention policy data is received at each of a plurality of network devices over a communications network from a document retention policy manager executing on another network device. The document retention policy data specifies one or more deletion criteria for each of a plurality of electronic document classifications. An instruction to conduct a retention policy audit is received at each of the plurality of network devices from the document retention policy manager executing on the another network device. In response to receiving the instruction at each of the plurality of network devices, an audit processor on each of the plurality of network devices causing the retention policy audit to be conducted by identifying, from the plurality of electronic document classifications, one or more electronic document classifications for which the corresponding one or more deletion criteria are satisfied, and deleting one or more electronic documents associated with the identified one or more electronic document classifications. The audit processors also cause audit report data to be generated that indicates results of performing the retention policy audit and cause the audit report data to be provided to the document retention policy manager over the communications network.

BRIEF DESCRIPTION OF THE DRAWINGS

In the figures of the accompanying drawings like reference numerals refer to similar elements.

FIG. 1 is a block diagram that depicts an arrangement for deleting electronic documents using a document retention policy according to an embodiment of the invention.

FIG. 2 is a table that depicts example document retention policy data.

FIG. 3 depicts an example implementation of document retention policy manager.

FIG. 4 is a block diagram that depicts an example implementation of secure system.

FIG. 5 depicts a file information table, in accordance with an embodiment of the invention.

FIG. 6 is a flow diagram that depicts an approach for deleting electronic documents using a document retention policy according to an embodiment of the invention.

FIG. 7 is a block diagram of a computer system on which embodiments of the invention may be implemented.

DETAILED DESCRIPTION

In the following description, for the purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the present invention. It will be apparent, however, to one skilled in the art that the present invention may be practiced without these specific details. In other instances, well-known structures and devices are shown in block diagram form in order to avoid unnecessarily obscuring the present invention. Various aspects of the invention are described hereinafter in the following sections:

    • I. OVERVIEW
    • II. ELECTRONIC DOCUMENT MANAGEMENT ARCHITECTURE
    • III. DOCUMENT RETENTION POLICIES
    • IV. CREATING, MAINTAINING AND DISTRIBUTING DOCUMENT RETENTION POLICIES
    • V. ENFORCING A DOCUMENT RETENTION POLICY USING AUDITS
    • VI. IMPLEMENTATION MECHANISMS
      I. Overview

An approach is provided for deleting electronic documents on network devices using a document retention policy. The document retention policy specifies one or more deletion criteria for documents belonging to each of a plurality of document classifications. For example, the document retention policy may specify that documents belonging to a particular document classification are to be deleted after a specified time, at a specified time or in response to the occurrence of a particular event. The document retention policy is defined by document retention policy data that is managed by a document retention policy manager. The document retention policy manager disseminates the document retention policy data to one or more network elements over a communications network. The document retention policy manager determines whether a retention policy audit should be performed. If so, then the document retention policy manager signals the one or more network elements to conduct a retention policy audit. The network elements are configured to conduct the retention policy audit by deleting electronic documents in accordance with the document retention policy. The one or more network elements are further configured to generate and provide to the document retention policy manager report data that indicates results of performing the retention policy audit.

II. Electronic Document Management Architecture

FIG. 1 is a block diagram that depicts an arrangement 100 for deleting electronic documents using a document retention policy according to an embodiment of the invention. Arrangement 100 includes a secure system 102, a workstation 104, a multifunction peripheral (MFP) 106, a personal computer 108 and a document retention policy manager 110 communicatively coupled to a network 112. Network 112 may be implemented by any mechanism or medium that provides for the exchange of information between the elements depicted in FIG. 1. Examples of network 112 include, without limitation, a network such as a Local Area Network (LAN), Wide Area Network (WAN), Ethernet or the Internet, or one or more terrestrial, satellite or wireless links. Although the various elements are depicted in FIG. 1 as being external to network 112, any of these elements may be implemented within network 112, depending upon the requirements of a particular implementation.

Secure system 102 is a system configured to maintain data in a secure manner. For example, secure system 102 may include a gateway or other mechanism for controlling access to data stored in secure system 102. Workstation 104 is any type of workstation and MFP 106 is any device that performs one or more functions, such as printing, copying, facsimile or scanning. Personal computer 108 is any type of personal computer.

Although embodiments of the invention are described herein in the context of managing documents on secure system 102, workstation 104, MFP 106 and personal computer 108, the approach for managing documents is applicable to a wide variety of devices. Other example devices include, without limitation, wired or wireless devices such as personal digital assistants (PDAs), portable or laptop computers and other network devices.

III. Document Retention Polices

According to one embodiment of the invention, a document retention policy specifies one or more deletion criteria for a plurality of electronic document classifications. FIG. 2 is a table 200 that depicts example document retention policy data. FIG. 2 depicts the document retention policy data organized in tabular format for explanation purposes only and the document retention policy data may be stored in any type of data structure or format, depending upon the requirements of a particular implementation. Furthermore, document retention policy data 122 is not limited to the example data depicted in table 200 and may include fewer data types or more data types than depicted in FIG. 2, depending upon the requirements of a particular implementation.

In the example depicted in FIG. 2, table 200 includes a document classification column, a deletion criteria column, a document type column (“O”=official; “P”=private) and a classification description column. Each row of table 200 specifies a retention policy for a particular document classification. For example, the document classification L1 pertains to meeting records and has a document retention policy that specifies that documents in this classification are to be deleted after five years. In this example, the “L” in the document classification “L1” refers to a legal requirement where the length of retention is specified by law. As another example, the document classification C4 pertains to project “A” data and has a document retention policy that specifies that documents in this classification are to be deleted after the project has been completed. In this example, the “C” in the document classification “C4” refers to a corporate standard.

Any number and types of document classifications and deletion criteria may be used, depending upon the requirements of a particular implementation, and the invention is not limited to any particular number or types of document classifications or deletion criteria. For example, as described above, the deletion criteria may specify a time duration that may be applied on a document-by-document basis, based upon the creation date or storage date of the electronic documents. As another example, the deletion criteria may specify a date certain at which all constituent documents of an electronic document classification are to be deleted. As another example, the deletion criteria may specify that all documents associated with an electronic document classification are to be deleted in response to the occurrence of an event. Example events include a notification from administrative personnel and the completion of a project, as described above.

IV. Creating, Maintaining and Distributing Document Retention Polices

According to one embodiment of the invention, document retention policy manager 110 provides for the creation and management of document retention policies that are defined by document retention policy data. FIG. 3 depicts an example implementation of document retention policy manager 110. In this example, document retention policy manager 110 is configured with a graphical user interface (GUI) 300, a retention policy editor 302 and a retention policy auditor 304. Document retention policy manager 110 also includes document retention policy data 306, audit schedule data 308 and audit report data 310. Document retention policy data 306 is described in this section, while audit schedule data 308 and audit report data 310 are described in later sections.

Retention policy editor 302 is configured to allow users to create, store and manage document retention policies via GUI 300. For example, retention policy editor 302 allows users to create document retention policy data 306, such as the document retention policy data contained in table 200, through the use of various editing controls. This may include, for example, allowing a user to edit “raw” document retention policy data 306 or display one or more templates on GUI 300 and allow the user to enter data into available fields. Alternatively, a user may retrieve existing document retention policy data 306 from a storage medium. Users may then edit and store the document retention policy data 306. Users may also use the editing controls provided by retention policy editor 302 to delete document retention policy data 306. Document retention policy data 306 may be stored in a volatile memory, such as a random access memory (RAM), and/or stored on a non-volatile memory such as one or more disks, optical media or tape.

According to one embodiment of the invention, document retention policy manager 110 is configured to distribute document retention policy data 306 to secure system 102, workstation 104, MFP 106 and personal computer 108. Document retention policy manager 110 may be configured to automatically provide document retention policy data 306 to those elements that require the data. Document retention policy manager 110 may be configured to query secure system 102, workstation 104, MFP 106 and personal computer 108 to determine which of these elements requires document retention policy data 306. Alternatively, these elements may request document retention policy data 306 from document retention policy manager 110. Furthermore, retention policy auditor 304 may be configured to provide document retention policy data 306 to secure system 102, workstation 104, MFP 106 and personal computer 108 in response to document retention policy data 306 being updated. For example, suppose that a user updates document retention policy data 306 using retention policy editor 302. An administrator may determine that document retention policy data 306 needs to be updated to reflect a change in a document retention policy. According to one embodiment of the invention, retention policy auditor 304 is configured to automatically detect that document retention policy data 306 has been updated and provide the updated document retention policy data 306 to secure system 102, workstation 104, MFP 106 and personal computer 108.

V. Enforcing a Document Retention Policy Using Audits

Document retention policy manager 110 is configured to enforce document retention policies using audits. According to one embodiment of the invention, retention policy auditor 304 is configured to signal one or more of secure system 102, workstation 104, MFP 106 and personal computer 108 to perform an audit. Retention policy auditor 304 may cause audits to be performed in response to user input. For example, administrative personnel may indicate, via GUI 300, that a retention policy audit is to be performed. Retention policy auditor 304 may also cause audits to be performed based upon a schedule specified by audit schedule data 308. In response to receiving the signal to conduct a retention policy audit from retention policy auditor 304, each of these elements conducts an audit. For purposes of explanation, the audit process is described herein with respect secure system 102, although the approach is applicable to the other elements depicted in FIG. 1., namely, workstation 104, MFP 106 and personal computer 108, as well as any other type of element.

FIG. 4 is a block diagram that depicts an example implementation of secure system 102. In this example, secure system 102 includes a GUI 400, a document manager 402, an audit processor 404, a file classifier 406, a file handler 408 and an operating system 410. Secure system 102 also includes document retention policy data 306, received from document retention policy manager 110, a file information table 412 and audit report data 414. GUI 400 may be implemented by any mechanism that allows secure system 102 to convey information to a user. Document manager 402 performs a variety of document management tasks for secure system 102. For example, document manager 402 interacts with document retention policy manager 110 to coordinate the request and/or receipt of document retention policy data 306.

According to one embodiment of the invention, when secure system 102 receives an audit signal from document retention policy manager 110, document manager 402 provides the audit signal to audit processor 404. Audit processor 404 examines document retention policy data 306 to identify document classifications for which the corresponding deletion criteria have been satisfied. For example, if at least one year has elapsed since document classification C3 was activated, then the deletion criteria are satisfied and electronic documents associated with document classification C3 are to be deleted. Audit processor 404 then identifies documents stored on secure system 102 that are associated with document classification C3 and causes the identified documents to be deleted from secure system 102. In situations where a file cannot be deleted because it is no longer located on secure system, then audit processor 404 indicates this fact in report data provided to document retention policy manager 110. This situation may occur, for example, if a data file was stored on a removable media, such as a floppy disk, a removable disk drive or a portable storage device. The use of report data is described in more detail hereinafter.

According to one embodiment of the invention, audit processor 404 uses a file information table, such as the file information table 500 depicted in FIG. 5, to determine which documents are associated with a particular document classification. File information table 500 includes data that indicates, for each electronic document, a file name, a creation data, a location and a classification. The file name is the name of the file that contains the electronic document. The classification is the same as the document classification from table 200. The creation date is the creation date of the file that contains the electronic document. The creation date is useful for identifying particular electronic documents to be deleted on a document-by-document basis. For example, a particular document classification may have associated deletion criteria that specify deletion after one year from creation date of the document. In this situation, different electronic documents that have different creation dates, although all associated with the same particular document classification, are deleted at different times because of their different creation dates. The location indicates whether the file is stored locally on the particular element or on a removable storage media. For example, an “L” indicates that a particular electronic document is stored locally on secure system 102, while an “R” indicates that the particular electronic document is stored on a removable media or at another location.

According to one embodiment of the invention, document manager 402 manages the creation and maintenance of file information table 500. Document manager 402 operates in conjunction with file handler 408 to create and populate file information table 500. For example, file handler 408 detects that a save or copy command has been issued to operating system 410 and in response, creates an entry in file information table 500 for the file that was saved or copied. File handler 408 may also detect that a file name has been changed and update the corresponding file name in file information table 500. File classifier 406 then interacts with a user through GUI 400 to obtain the classification for each file, or to copy the classification of the original file, in the case of a file copy.

After performing a retention policy audit, audit processor 404 causes the generation of audit report data 414 that indicates results of performing the audit. For example, audit report data 414 may indicate files that were deleted in response to deletion criteria being satisfied. Audit report data 414 may also indicate files that could not be deleted, for example, because the files are located on removable media. Audit processor 404 then causes the audit report data 414 to be provided to document retention policy manager 110.

FIG. 6 is a flow diagram 600 that depicts an approach for deleting electronic documents using a document retention policy according to an embodiment of the invention. In step 602, initial or updated document retention policy data is provided to network devices. For example, document retention policy manager 110 provides document retention policy data 306 to secure system 102, workstation 104, MFP 106 and personal computer 108 when these devices are initially put into service, and then at other times when document retention policy data 306 is updated.

In step 604, a determination is made whether a retention policy audit should be performed. For example, as described herein, retention policy auditor 304 may determine that a retention policy audit is to be performed in response to user input, based upon audit schedule data 308, or some other criteria.

In step 606, if a retention policy audit is to be performed, then the network devices are signaled to perform a retention policy audit. For example, policy auditor 304 signals the audit processor 404 on each network device. In step 608, the network devices perform the retention policy audit. For example, the audit processor 404 in each network device performs the retention policy audit.

In step 610 the network devices generate and provide report data that indicates results of performing the retention policy audit. For example, the audit processor 404 on each network device causes report data to be generated and provided to document retention policy manager 110.

VI. Implementation Mechanisms

The approach described herein for deleting electronic documents using a document retention policy is applicable to any type of data and not just electronic documents. For example, the approach is applicable to emails, message data and audio/video data.

FIG. 7 is a block diagram that illustrates a computer system 700 upon which an embodiment of the invention may be implemented. Computer system 700 includes a bus 702 or other communication mechanism for communicating information, and a processor 704 coupled with bus 702 for processing information. Computer system 700 also includes a main memory 706, such as a random access memory (RAM) or other dynamic storage device, coupled to bus 702 for storing information and instructions to be executed by processor 704. Main memory 706 also may be used for storing temporary variables or other intermediate information during execution of instructions to be executed by processor 704. Computer system 700 further includes a read only memory (ROM) 708 or other static storage device coupled to bus 702 for storing static information and instructions for processor 704. A storage device 710, such as a magnetic disk or optical disk, is provided and coupled to bus 702 for storing information and instructions.

Computer system 700 may be coupled via bus 702 to a display 712, such as a cathode ray tube (CRT), for displaying information to a computer user. An input device 714, including alphanumeric and other keys, is coupled to bus 702 for communicating information and command selections to processor 704. Another type of user input device is cursor control 716, such as a mouse, a trackball, or cursor direction keys for communicating direction information and command selections to processor 704 and for controlling cursor movement on display 712. This input device typically has two degrees of freedom in two axes, a first axis (e.g., x) and a second axis (e.g., y), that allows the device to specify positions in a plane.

The invention is related to the use of computer system 700 or an MFP with a similar structure for implementing the techniques described herein. According to one embodiment of the invention, those techniques are performed by computer system 700 in response to processor 704 executing one or more sequences of one or more instructions contained in main memory 706. Such instructions may be read into main memory 706 from another machine-readable medium, such as storage device 710. Execution of the sequences of instructions contained in main memory 706 causes processor 704 to perform the process steps described herein. In alternative embodiments, hard-wired circuitry may be used in place of or in combination with software instructions to implement the invention. Thus, embodiments of the invention are not limited to any specific combination of hardware circuitry and software.

The term “machine-readable medium” as used herein refers to any medium that participates in providing data that causes a machine to operation in a specific fashion. In an embodiment implemented using computer system 700, various machine-readable media are involved, for example, in providing instructions to processor 704 for execution. Such a medium may take many forms, including but not limited to, non-volatile media, volatile media, and transmission media. Non-volatile media includes, for example, optical or magnetic disks, such as storage device 710. Volatile media includes dynamic memory, such as main memory 706. Transmission media includes coaxial cables, copper wire and fiber optics, including the wires that comprise bus 702. Transmission media can also take the form of acoustic or light waves, such as those generated during radio-wave and infra-red data communications.

Common forms of machine-readable media include, for example, a floppy disk, a flexible disk, hard disk, magnetic tape, or any other magnetic medium, a CD-ROM, any other optical medium, punchcards, papertape, any other physical medium with patterns of holes, a RAM, a PROM, and EPROM, a FLASH-EPROM, any other memory chip or cartridge, a carrier wave as described hereinafter, or any other medium from which a computer can read.

Various forms of machine-readable media may be involved in carrying one or more sequences of one or more instructions to processor 704 for execution. For example, the instructions may initially be carried on a magnetic disk of a remote computer. The remote computer can load the instructions into its dynamic memory and send the instructions over a telephone line using a modem. A modem local to computer system 700 can receive the data on the telephone line and use an infra-red transmitter to convert the data to an infra-red signal. An infra-red detector can receive the data carried in the infra-red signal and appropriate circuitry can place the data on bus 702. Bus 702 carries the data to main memory 706, from which processor 704 retrieves and executes the instructions. The instructions received by main memory 706 may optionally be stored on storage device 710 either before or after execution by processor 704.

Computer system 700 or an MFP with a similar structure also includes a communication interface 718 coupled to bus 702. Communication interface 718 provides a two-way data communication coupling to a network link 720 that is connected to a local network 722. For example, communication interface 718 may be an integrated services digital network (ISDN) card or a modem to provide a data communication connection to a corresponding type of telephone line. As another example, communication interface 718 may be a local area network (LAN) card to provide a data communication connection to a compatible LAN. Wireless links may also be implemented. In any such implementation, communication interface 718 sends and receives electrical, electromagnetic or optical signals that carry digital data streams representing various types of information.

Network link 720 typically provides data communication through one or more networks to other data devices. For example, network link 720 may provide a connection through local network 722 to a host computer 724 or to data equipment operated by an Internet Service Provider (ISP) 726. ISP 726 in turn provides data communication services through the world wide packet data communication network now commonly referred to as the “Internet” 728. Local network 722 and Internet 728 both use electrical, electromagnetic or optical signals that carry digital data streams. The signals through the various networks and the signals on network link 720 and through communication interface 718, which carry the digital data to and from computer system 700, are exemplary forms of carrier waves transporting the information.

Computer system 700 can send messages and receive data, including program code, through the network(s), network link 720 and communication interface 718. In the Internet example, a server 730 might transmit a requested code for an application program through Internet 728, ISP 726, local network 722 and communication interface 718. The received code may be executed by processor 704 as it is received, and/or stored in storage device 710, or other non-volatile storage for later execution. In this manner, computer system 700 may obtain application code in the form of a carrier wave.

In the foregoing specification, embodiments of the invention have been described with reference to numerous specific details that may vary from implementation to implementation. Thus, the sole and exclusive indicator of what is, and is intended by the applicants to be, the invention is the set of claims that issue from this application, in the specific form in which such claims issue, including any subsequent correction. Hence, no limitation, element, property, feature, advantage or attribute that is not expressly recited in a claim should limit the scope of such claim in any way. The specification and drawings are, accordingly, to be regarded in an illustrative rather than a restrictive sense.

Referenced by
Citing PatentFiling datePublication dateApplicantTitle
US8189218 *Jul 20, 2006May 29, 2012Samsung Electronics Co., Ltd.Image forming device and printing system having selective printing function of address book and printing method thereof
US8275720 *Jun 12, 2008Sep 25, 2012International Business Machines CorporationExternal scoping sources to determine affected people, systems, and classes of information in legal matters
US8407345 *Oct 30, 2007Mar 26, 2013Nextlabs, Inc.Enforcing application and access control policies in an information management system with two or more interactive enforcement points
US8515924 *Jun 30, 2008Aug 20, 2013International Business Machines CorporationMethod and apparatus for handling edge-cases of event-driven disposition
US20090313196 *Jun 12, 2008Dec 17, 2009Nazrul IslamExternal scoping sources to determine affected people, systems, and classes of information in legal matters
Classifications
U.S. Classification726/1
International ClassificationH04L9/00
Cooperative ClassificationG06F21/6209, G06F2221/2137, G06F2221/2143, G06Q10/10
European ClassificationG06Q10/10, G06F21/62A
Legal Events
DateCodeEventDescription
Jan 12, 2005ASAssignment
Owner name: RICOH COMPANY, LTD., JAPAN
Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:MOTOYAMA, TETSURO;REEL/FRAME:016160/0496
Effective date: 20050110