Email Archiving & Retention Policies
There are nearly three billion email users worldwide that send and receive more than 300 billion messages every day. In fact, the average office worker receives more than 120 emails per day, making the email far more prevalent than the phone, fax, mail or other forms of communication. It's no surprise that there's an interest in preserving these communications.
Email archiving, or preserving and making emails searchable, has grown from a nice-to-have technology for restoring accounts following a data breach to a must-have technology to meet a growing number of regulations. Regulators want access to emails to identify and prosecute crimes, while lawyers want to easily search emails to speed up the e-discovery process.
Let's take a look at email archiving in greater depth and the easiest way for your small business to meet these growing requirements without breaking the bank.
With more than 300 billion email messages are sent and received every day, it's no surprise that regulators are interested in preserving these communications.
What is Email Archiving?
Email archiving is the process of preserving and making all email to and from an individual account searchable. Often times, this means transferring emails from an email application to some kind of off-platform storage that remains in place even if the email account goes away. The goal is to create a permanent record of all email communications.
There are several reasons to archive emails:
Disaster recovery - Data loss victims can easily restore archived emails to help speed up the recovery process.
Legal discovery - Lawyers can quickly find relevant emails during litigation and reduce their billable hours.
Regulations - Many industries require companies to archive emails to preserve evidence or create a chain of custody.
Optimizations - Archiving emails can help free up storage space and improve the performance of email systems.
There are many different strategies for archiving emails. Some companies manually transfer copies over to a tape backup on a regular interval, while others intercept each email that's sent or received and immediately create a copy. The good news is that cloud-based tools, like Jungle Disk, are making it easier than ever to automate the process at a very low cost.
Several industries require email archiving for compliance purposes, and violations of these regulations can result in severe penalties. For instance, Morgan Stanley was fined $15 million by the SEC in 2006 for delaying the handing over of emails and destroying evidence. Sarbanes-Oxley makes it clear violators can be imprisoned.
Download our free checklist of industry email regulations to see what requirements may face your business.
The most noteworthy industry regulations include:
Finance - The financial industry is required to archive emails under SEC Rule 17a-3 and 17a-4, FINRA Rule 3110, NYSE Rule 440, the Investment Advisers Act and Sarbanes Oxley. These regulations are designed to help regulators identify and prosecute financial frauds, such as pyramid schemes.
Healthcare - The healthcare industry is required to archive emails under HIPAA and FDA Title 21 CFR Part 11. These regulations are designed to enforce the chain of custody when it comes to patient healthcare information.
Government - Government agencies are required to archive emails under the Freedom of Information Act, Patriot Act and other information freedom requirements. These regulations are designed to hold the government accountable by looking at public communications between officials and departments.
Many of these regulations require the preservation of electronic business communications, which extend beyond email to include instant messages, attachments, Bloomberg/Reuters messages, SMS text messages, VoIP messages and other communications. It's important for companies to have archiving solutions in place for each of these channels.
Developing a Retention Policy
Email retention policies are designed to establish how long an email should remain in an email archiving solution before being permanently deleted. These policies depend on your corporate governance rules and government regulations. When developing a policy, it's important to take into account regulations for each department and adhere to best practices.
The most important factors to consider include:
Regulatory compliance - Create a list of industry regulations that apply to your business and the retention periods required for each of them. Then, ensure that your policy meets the minimum requirements for these regulations.
Departments - Create a list of each department and how long their emails may be required to be archived. For instance, accounting emails may have longer requirements than customer support emails or marketing emails.
It's also important to define who can institute a legal hold on emails, as well as who would have access to those emails (e.g. legal team, human resources, outside counsel). Legal holds ensure that emails are not automatically deleted from an email archiving solution when they're needed for e-discovery or for a wide variety of other reasons.
The final steps are getting sign off from the executive and legal team to certify that the policy abides by industry regulations, can be implemented and clearly defines roles and responsibilities when it comes to legal holds. Finally, everyone must be trained to ensure that they know how to use archiving solutions to meet these regulations.
Email Archiving Software
Jungle Disk provides a comprehensive cybersecurity suite that's designed for small businesses with less than 250 employees. For $5 per month per mailbox, the company integrates with Microsoft's Office 365 or Google's G Suite and provides email archiving for only the employees that require it, along with e-discovery and compliant search capabilities.
Don't forget to download our free Checklist of Industry Email Regulations to see what requirements may face your business.
Unlike many competitors, Jungle Disk provides live 24/7 assistance that can be invaluable in the middle of a crisis. The company answers 97 percent of its calls or chats in under 30 seconds with a U.S.-based data security expert on the other end of the line. The platform even monitors emails for phishing and hacking attempts to prevent data breaches.
Other core features include:
- Keep emails from past employees without having to store and operate a full mailbox for them
- Restore emails that were deleted by an email user, even if they were deleted for good from the provider
- Use role-based access controls to carefully control the users that can access email archives
- View comprehensive audit logs and real-time analytics with alerting capabilities to identify any problems
Sign up for Jungle Disk for access to the complete cybersecurity suite, plus email archiving capabilities, at a fraction of the cost of larger enterprise solutions.
The Bottom Line
Email archiving is becoming increasingly important in today's interconnected world. With more than 300 billion messages sent and received each day, lawyers need email archiving to speed up the discovery process and regulators want access to emails to identify and prosecute wrongdoing in court.
Jungle Disk makes it easy to get up-and-running with an email archiving solution that integrates with Microsoft Office 365 or Google G Suite. Sign up for Jungle Disk to get started today!