Meet all of your compliance needs for less money
Email archiving does not need to be bewildering nor complex, despite how it has been perceived in the past. While email archiving has evolved into a complicated system of business governance and regulatory compliance requirements, the direct benefit to small businesses is that these requirements have spurred the development of sophisticated (yet easy to use) archiving solutions that meet the all the key business requirements. You may have the perspective as a small business owner that your current email retention and archiving is sufficient, taking the view that, if it ain’t broke, don’t fix it. However, this perspective misses the point. The way you have been doing things is not necessarily the best practice going forward.
Your business needs to have a clearly defined email retention and archiving policy that is compliant with business governance like HIPAA, FINRA or SEC, along with current state and federal regulations.
An email retention policy defines how long an email must be archived before it can automatically be deleted. Having a clearly defined and enforced email retention policy in place can save you a lot of money or if you happen to find your business entangled in a lawsuit. Business owners and c-level managers appear to be unaware of the potential legal costs of failing to have an email retention policy in place.
At the time of this 2011 report from the ePolicy Institute and Symantec, only 34% of businesses had email retention policies in place. The benefits of an effective email retention policy makes it much easier to manage your email archive, reduce business risks, and provide maximum compliance. Reduced risk and maximum compliance protect you from expensive legal fees and fines for non-compliance.
Why an Email Retention Policy is Necessary
There are three reasons for creating and enforcing an email retention policy:
- Regulatory compliance
- Intellectual property management.
State and federal regulations require that a business be able to produce emails during legal discovery or for audits. In the absence of an email retention policy, you will be unable to adequately satisfy the requirements of legal discovery or audit, resulting in additional legal expenses and fines. A properly defined email retention policy will be compliant with business governance, industry, state, and federal regulations.
The Expanding Evidentiary Role of Email
Email and other Electronically Stored Information (ESI) are being seen as the electronic equivalent of DNA, according to this report from the ePolicy Institute. The report goes on to say that, as of 2009, 30 states had enacted formal rules governing the discovery of email and other ESI. Eventually, the remaining states will likely follow suit.
Here is a 4-point summary from the report:
- Email and other forms of ESI are discoverable. All retained and archived email and ESI are subject to subpoena by opposing counsel for use as evidence in workplace lawsuits.
- Have an electronic data management system in place that is capable of producing complete, legally compliant data in a timely manner when responding to discovery requests during litigation.
- Email and other ESI have a lifecycle. The FRCP amendments do not require archiving of all data forever. Consult your legal counsel to determine what data you can purge and how long each type of data must be archived before it can be purged.
- Establish a clearly defined email retention policy and stick to it. The consistency may be of benefit if your company becomes entangled in a lawsuit.
When a lawsuit is filed, attorneys for both sides ask for information that is relevant to the case. State and federal regulations have laws that apply specifically to e-discovery, which applies to email and other electronically stored information (ESI). Both parties in a lawsuit are required to provide this information.
Legal discovery is the worst time to learn that your email archiving methods are woefully inadequate. Fines and fees can easily balloon, biting a huge chunk out of your bottom line. In 2013, Barclays Capital Inc. learned this the hard way when FINRA fined the company $3.75 million for “systemic failures to preserve electronic records and certain emails…in the manner required for a period of at least 10 years.”
There is an assumption among many business owners that email is only good for providing evidence that may incriminate them. This notion is based on the fundamental misunderstanding that evidence is a one-way street that exists to support the claims made by a plaintiff. You might be surprised to learn that your email can also provide legal proof that your business was doing everything it could, leading to a much better outcome than you might have otherwise, absent the evidence presented in your email.
Intellectual Property Management
Over 70% of the intellectual property owned by a business resides in its email1. The information included in email includes not only business correspondence, but also includes specific details about projects and other proprietary information. Because of this, you need to keep the emails of all employees, including those who are no longer employed by your company.
Basic requirements for a compliant email retention policy
The following information will help you outline an effective, legally compliant email retention policy:
- Email Retention Policy Definition needs to include details to ensure compliance with business governance, industry, state, and federal regulations.
- Email Retention Policy Management names the managers who will be responsible for managing the policy, along with the education and training of all staff.
- Email Retention Automation determines when an email is at the end of its lifecycle, automatically deleting it without any intervention. This greatly reduces liability by eliminating human error.
- Email Archiving Solution that is compliant with business governance, industry rules, state, and federal regulations.
Office 365 — Popular and Problematic
Office 365 provides some email retention and archiving features, but there are substantial limitations that impact email archiving and retrieval. According to this report, “…the Search capability built into Office 365 presents several important limitations that many will find difficult to accept, especially for those trying to respond to eDiscovery requests.” This suggests a much more robust solution must be made available, one that is compliant and capable of quickly producing e-discovery requests, regardless of the scope or complexity of any searches.
An email archiving solution must have the following:
- Tags and Comments. These tools help ensure that an email that is not directly related to a discovery request is not shared. Furthermore, tags and comments will give a company the ability to document why an email is or is not included in the final selection.
- Monitoring. The ability to review email is key to regulatory compliance. With monitoring, you are also able to set up searches that filter incoming email, setting select email aside for further review.
- Audit Log. This is essential for regulatory compliance, helping your company meet regulatory compliance requirements. The audit log provides a means to record all actions taken by a compliance officers, legal counsel, or managers in an email archive.
- Automation. For many companies, email volume has mushroomed, making classification of emails difficult and complex. An intuitive interface with easy to use tools is essential for managing email archives.
In today’s business environment, it is necessary to use a robust, compliant email archiving solution in addition to Office 365.
Using Office 365 and an Additional Email Archiving Solution
You can continue using Office 365 and enjoy the benefits of a secure, compliant email archive solution that meets all of your email archiving needs. The right kind of solution leaves you in control, implementing email retention and scheduling while allowing access by multiple users, with your managers in control, limiting access and methods by users. Robust backup and recovery features are a minimal necessity for any solution.
Email archives are worthless if they can’t be fully searched. An email archive solution worth its price needs to have flexible storage options, easy, secure data migration, and the ability to import email in any of the common formats. You should also be able to conduct an unlimited number of searches on an unlimited number of mailboxes, expecting a quick return from the query. Furthermore, an effective cloud email archiving solutions allows you to run as many concurrent searches as you want, while still providing a quick return on all search results. The search feature should also allow for complex queries, quickly returning results.
The best email archiving solution provides:
- Rapid deployment with no need for additional infrastructure or hardware
- No long-term service contracts
- No downtime
- Hands-free installation
- Immutable WORM storage
- Authenticated user access
- Role-based permissions
- Unlimited scope and complexity in your searches
- No limit to the number of concurrent searches you run
Which gives you an email archive solution that frees you from the limitations of using Office 365 by itself.