According to Statista, in 2018 there were approx. 281 billion emails exchanged, including personal ones and in 2020 the number is expected to increase by 10%. In 2018, there were 128.8 billion business emails sent and received per day, according to Radicati.
This volume of email represents an important source of business information as well as legal responsibility. Businesses need to consider how they are complying with constantly evolving email archiving regulations. In the US,regulations like Sarbanes-Oxley (SOX), the Health Insurance Portability and Accountability Act (HIPAA), Federal Rules of Civil Procedure (FRCP), Freedom of Information Act 2000 (FOIA), Financial Industry Regulatory Authority (FINRA) and Securities and Exchange Commission Rules (SEC Rule 17a-4 & Rule 17a-3) and many others, are meant to control how businesses manipulate their electronic records. In 2006, a law was passed mandating data archiving, forcing companies to keep track of their emails and to store them for long-term access.
The law also states you need to know how the archiving system works, be able to use it quickly and efficiently, and to be able to retrieve the requested emails efficiently.
The regulatory landscape in Europe shifted with the launch of GDPR in 2018. Article 5 describes in detail how personal data should be seen and handled. Amongst others, it requires businesses to have visibility and control over deleted and archived email, as failure to protect the data in email correspondence could result in a substantial noncompliance penalty.
If your business doesn’t comply with email archiving laws, you may face serious consequences. Penalties are severe. If relevant data can’t be retrieved, you may end up paying considerable amounts of money.
One of the highest compliance fines assessed were due to HIPAA violation. The New York-Presbyterian Hospital and Columbia University for $4.8 Million, according to telemessage.com.
With GDPR fines, any company found in breach of the GDPR, can be fined up to 4 percent of annual global revenue or €20 million, whichever is greater.
In 2019, GDPR enforcement brought more than €50 million in fines, under the Articles 5 and 15 (which control the way personal data is manipulated, including email archiving), according to the enforcementtracker.
Since all companies need to implement solutions and policies to avoid litigation, you should be looking for an email archiving product to help you manage all your email data. Beside the legal factor, there are other important aspects when choosing your email archiving solution.
Once you select an email archiving solution that can respond to your business needs, one priority should be to set up policies for all stakeholders that interact with it. It’s important to be as clear as possible, especially if you’re in a highly regulated industry such as Finance or Medical. A solid email archiving policy should include:
Why? It should respond to this question, why did you implement the policy. It should clearly state the regulations that are controlling your activity – locally and industry wise.
How? How will the data be stored, for how long and how will your organization access the information?
Other questions that should be answered in the policy documentation are what system will you use? Who is involved in the implementation and who will have access? How will the employees access the system? What is the retention and removal process? All this information should be clearly described in the policy document so employees understand the implications of the email archiving system.
All of the above and much more will be covered in an upcoming GFI Software webinar session.
EMEA: 2020. February 5. 11:00AM CET - register here
US: 2020. February 5. 11:00AM PST - register here
Low-code/no-code provides a modular approach for developers — and even non-developers — to produce apps…
Google hasn’t had a lot of success with its past smartphones, but the Pixel 6…
Palo Alto Networks uncovered a cross-account container takeover exploit that could threaten users of the…
Software maker IgniteTech has added 12 products to its enterprise portfolio, including several focused on…
Medical systems maker Olympus Global, out of an abundance of caution, is warning the public…