Email archiving costs could be less than you may think currently. Although email archiving costs are costs that can be avoided, it is risky approach to be made by businesses. Substantial fines await organizations that cannot recover emails promptly when required.
It is a requirement that U.S. businesses keep their emails emails for several years. Various organizations require companies to keep emails for different amounts of time, depending on their sector; the IRS requires all companies to keep emails for 7 years, the FOIA requires emails to be kept for 3 years, and 7 years again for Healthcare organizations (HIPAA), public companies (Sarbanes Oxley), banking and finance (Gramm-Leach-Bliley Act) and securities firms (SEC).
For large firms, absorbing the cost of email archiving is rarely an issue. However, many SMBs look at the email archiving cost and try to save money by opting for backups instead. While it is possible to save on the email archiving cost through using a backup system, the decision not to use an email archiving service could prove to be very costly and could potentially put the future of the business at risk.
Email backups are (usually) fine for recovering entire email accounts. For example, in the event of a malware or ransomware attack, email backups can be used to recover entire email accounts. However, companies can encounter a number of problems if only certain emails need to be found, for eDiscovery purposes in the event of a lawsuit for example.
An eDiscovery order may be received that requires a retrieval of all email correspondence sent to a particular client/customer. A request such as this may require emails from 100s of employees to be located promptly, even though these emails may date back several years. Finding all these emails would be a difficult and incredibly time-consuming process, and it may not actually be possible to recover all correspondence at the end of it. Backup files should not be a substitute for a well-managed archive. Backup files are just data repositories and cannot easily be searched.
In contrast, with an email archive not only can individual emails be easily recovered, the entire archive can be searched quickly and effectively. If an eDiscovery request is received, all requested emails can be recovered quickly and with ease with the process likely to take a matter of minutes. On the other hand, the recovery of files from a backup could take weeks or even months, assuming that the task is even possible.
The recent wave of ransomware attacks has highlighted a number of examples of data backups that have been corrupted. When this occurs, it leaves organizations no option but to pay the attackers for a key to decrypt locked data. In the case of a ransomware infection, the ransom payment may amount to hundreds, thousands or even tens of thousands of dollars. The failure to produce email correspondence for eDiscovery or a compliance audit can be even higher again.
Non-compliance with industry legislation such as the Sarbanes-Oxley Act can see fines of several million dollars issued. Only last year, a UK brokerage firm called Scottrade was issued with a fine of $2.6 million by the Financial Industry Regulatory Authority (FINRA). Although it had kept some records of its emails, it had not kept a complete record. In fact, over 168 million emails had not been retained that should have been kept in an archive. When announcing the fine Brad Bennett, Executive Vice President and Chief of Enforcement at FINRA explained, “Firms must maintain sound supervisory systems and procedures to ensure the integrity, accuracy, and accessibility of electronic books and records.” Of course, that includes email correspondence.
Without doubt, the cost of email archiving is much lower than the cost of a regulatory fine. However, email archiving is actually inexpensive in general, especially when using a cloud-based email archiving solution such as ArcTitan. With ArcTitan, emails are securely stored in a cloud without the need for any additional hardware. This can allow businesses to have peace of mind as they know that no email will ever be lost.
In the event of an eDiscovery order or a similar situation, any email can be retrieved almost instantly, no matter when the email was archived. No specific software is needed, emails can be archived from Office 365 and archived messages can be accessed easily using an Outlook plug-in or even directly from the browser. What’s more, the load on an organization’s email server can be greatly reduced, with reductions of 80% being seen by a number of TitanHQ’s clients.
Email Archiving Relating to EU Citizens, and GDPR
The regulations mentioned at the top of the page (Sarbanes-Oxley, HIPAA and the Gramm-Leach-Bliley Act) for the most part affect domestic businesses operating within the domestic market. However, any businesses with a presence in Europe or that retain EU citizens´ personal data on email will also be subject to the EU´s General Data Protection Regulation (GDPR) which is due to be implemented in May 2018.
GDPR states that only the minimum amount necessary to perform a lawful function can be retained by a company. It also ensures steps must be taken to protect EU citizens’ personal data against loss, theft or unauthorized disclosure. Also, because the data must be retained in its original format, measures must also be put in place to prevent unauthorized alteration.
Furthermore, EU citizens have the right to request access to their personal data, restrict its processing or demand its deletion if the lawful basis on which it was obtained is no longer applicable. If only just for this reason, it is financially viable to implement an email archiving service. Data access requests can be complied within minutes with the quick and easy search facility available.
If you’d like to discover more about the full benefits of email archiving and the features of ArcTitan, contact the TitanHQ sales team today. We believe the email archiving costs could be less than you may think.