According to Statista, in 2018 there were approx. 281 billion emails exchanged, including personal ones and in 2020 the number is expected to increase by 10%. In 2018, there were 128.8 billion business emails sent and received per day, according to Radicati.
Which are the laws that govern email archiving?
This volume of email represents an important source of business information as well as legal responsibility. Businesses need to consider how they are complying with constantly evolving email archiving regulations. In the US,regulations like Sarbanes-Oxley (SOX), the Health Insurance Portability and Accountability Act (HIPAA), Federal Rules of Civil Procedure (FRCP), Freedom of Information Act 2000 (FOIA), Financial Industry Regulatory Authority (FINRA) and Securities and Exchange Commission Rules (SEC Rule 17a-4 & Rule 17a-3) and many others, are meant to control how businesses manipulate their electronic records. In 2006, a law was passed mandating data archiving, forcing companies to keep track of their emails and to store them for long-term access.
The law also states you need to know how the archiving system works, be able to use it quickly and efficiently, and to be able to retrieve the requested emails efficiently.
The regulatory landscape in Europe shifted with the launch of GDPR in 2018. Article 5 describes in detail how personal data should be seen and handled. Amongst others, it requires businesses to have visibility and control over deleted and archived email, as failure to protect the data in email correspondence could result in a substantial noncompliance penalty.
What are the penalties for failing to comply with the email archiving requirements?
If your business doesn’t comply with email archiving laws, you may face serious consequences. Penalties are severe. If relevant data can’t be retrieved, you may end up paying considerable amounts of money.
One of the highest compliance fines assessed were due to HIPAA violation. The New York-Presbyterian Hospital and Columbia University for $4.8 Million, according to telemessage.com.
With GDPR fines, any company found in breach of the GDPR, can be fined up to 4 percent of annual global revenue or €20 million, whichever is greater.
In 2019, GDPR enforcement brought more than €50 million in fines, under the Articles 5 and 15 (which control the way personal data is manipulated, including email archiving), according to the enforcementtracker.
So why should you be looking for an email archiving solution?
Since all companies need to implement solutions and policies to avoid litigation, you should be looking for an email archiving product to help you manage all your email data. Beside the legal factor, there are other important aspects when choosing your email archiving solution.
- Ease of use
The purpose of an email archiving solution is to effectively store all your company’s communications and be able to retrieve them quickly. If you rely on IT to search and generate the requested data, it may create a long queue of support tickets for them and create a solution that isn’t really doing its job. When evaluating email archiving solutions, ook for those that allow delegation and access to employees/team managers so they can work and access their data history. Make sure the solution also stores the changes made by the users on the archive files.
- Make sure the solution can handle more than one email server
Many organizations work on multiple servers. Choose a product that can handle multiple email clients.
- Ensure offline access to the archive server
This is a critical aspect when choosing your solution. In the case of server downtime, loss of connectivity or when email is down, users should still have access to their email history to ensure business continuity.
- Cost of Ownership
Your email archiving solution should have reporting features that save time and costs by identifying business issues, minimizing legal risk and managing productivity by reporting on the valuable business data found in your archive.
- Compliance and e-discovery
As described above, email is subject to multiple regulations for compliance and e-discovery, both in the United States and in Europe. Your email archiving system must allow users to retrieve and find emails quickly and easily, as well as implement governance policies for retention and removal. In order for the IT managers to be fully compliant, your solution should be:
- Automatically archiving
- Enable data control - you should be able to know where, when and for how long is your data stored and archived
- Provide an Audit log – your archiving solution should be able to log all activities for auditing purposes
What Should an Email Archiving Policy Include?
Once you select an email archiving solution that can respond to your business needs, one priority should be to set up policies for all stakeholders that interact with it. It’s important to be as clear as possible, especially if you’re in a highly regulated industry such as Finance or Medical. A solid email archiving policy should include:
Why? It should respond to this question, why did you implement the policy. It should clearly state the regulations that are controlling your activity – locally and industry wise.
How? How will the data be stored, for how long and how will your organization access the information?
Other questions that should be answered in the policy documentation are what system will you use? Who is involved in the implementation and who will have access? How will the employees access the system? What is the retention and removal process? All this information should be clearly described in the policy document so employees understand the implications of the email archiving system.
Want to learn more?
All of the above and much more will be covered in an upcoming GFI Software webinar session.
EMEA: 2020. February 5. 11:00AM CET - register here
US: 2020. February 5. 11:00AM PST - register here