Hello, for audit, file retention and litigation defense purposes, we have the need to maintain a permanent record of all files sent out by, and received by, a company employee – exactly as they were sent. Litigation often involves documenting/proving exactly what the file contained when it left the organization, and exactly what it contained when it came into an organization. We do this easily now with our FTP system and are investigating how this could be achieved with Liquidfiles. We’ve determined that we can do this easily for outbound files using your API to perform the send function, making a static copy of the outgoing file for permanent records, but see a problem with inbound file deliveries. This issue being, that when a file comes in via a file request action, Liquidfiles dutifully sends an email to the internal user so the file can be downloaded. The issue is, the user could, at their discretion, delete the file after they retrieve it – leaving us with no audit copy of how the file was when it came in. My suggestions:rnrnCreate a setting that can be made to effectively establish a litigation hold (or whatever you want to call it) that prevents a user from being able to delete an incoming file for:rnA set duration or an action by an administrator, or some other action (equally available through the API), that would give an organization the opportunity to retrieve the upload event in its entirety (files, upload data i.e: file received, requesting employee, from whom the file was requested, date, time, message ID, etc).rnPerhaps an alternate would an automatic action could occur upon an upload event that, when files are received and the litigation hold action is enabled, that a copy of the file is moved to an administrative folder along with all the aforementioned upload event data (before the user notification email is sent, or at least before the user is able to delete the file) - for later administrative action. This would allow the user to clean up (delete files) his folders while allowing the company to have its litigation copy.rnThe event and its event data (files, upload data i.e: file received, requesting employee, from whom the file was requested, date, time, message ID, etc), is written to a log/message action file.rnAllow a setting to be made to include an administrative notification email to be sent to notify in the case an upload event occurred.rnNot wanting to be greedy, but programmers willing, allow for a reminder action to occur (like a recurring calendar event in Outlook) at some set frequency, until some administrative action has occurred or the event has been acknowledged.rnrnrnrn My use case, using the API, would be as follows:rnrnAn upload event has occurred, an administrative notification has been sent, and the event data has been written to a message or event log accessible via the API.rnUsing the API, we’d pole the server at prescribed intervals and check the event data log to retrieve the event and associated event data, and retrieve the file(s) and event data, using the API, for inclusion in our internal litigation hold systems.rnAfter successful retrieval, use the API to delete the administrative copy of the file upload event.rnrnHope that makes sense.
