Email retention laws in the United States require companies to maintain copies of emails for many years. There are federal laws applying to all companies and groups, data retention laws for specific industries, and a swathe of email retention laws in the United States at the individual state level. Ensuring compliance with all the proper email retention laws in the United States is vital. Non-compliance can prove incredibly expensive Multi-million-dollar fines await any group found to have breached federal, industry, or state regulations.

All electronic files must be retained by U.S groups, which extends to email, in case the information is required by the courts. eDiscovery requests often require massive volumes of data to be provided for use in lawsuits and the failure to provide the data can land a group in serious trouble. Not only are heavy fines issued, groups can face criminal proceedings if certain data is erased.

For decades, U.S groups have been required to store documents. Document retention laws are included in numerous legislative acts such as the Civil Rights Act of 1964, the Executive Order 11246 of 1965, the Freedom of Information Act of 1967, the Occupational Safety and Health Act of 1970, and the Reform and Control Act of 1986; however, just over 10 years ago, data retention laws in the United States were updated to grow the definition of documents to include electronic communications such as emails and email attachments.

To enhance awareness of the many different email retention laws in the United States, a summary has been included in this article. Please remember that this is for information purposes only and does not constitute legal advice. For legal counsel on data retention laws in the United States, we recommend you get in touch with your legal representatives. Industry and federal electronic data and email retention legislation in the United States are also subject to amendment. Up to date information should be sought from your legal team.

As you can see from the list here, there are several federal and industry-specific email retention pieces of legislation in the United States. These laws apply to emails received and shared, and include internal as well as external emails.

Email retention legislation Who it is applicable to How long emails must be kept
IRS Regulations All companies 7 Years
Freedom of Information Act (FOIA) Federal, state, and local agencies 3 Years
Sarbanes Oxley Act (SOX) All public companies 7 Years
Department of Defense (DOD) Regulations DOD contractors 3 Years
Federal Communications Commission (FCC) Regulations Telecommunications companies 2 Years
Federal Deposit Insurance Corporation (FDIC) Regulations Banks 5 Years
Food and Drug Administration (FDA) Regulations Pharmaceutical firms, food manufacturers, food storage and distribution firms, manufacturers of biological products Minimum of 5 years rising to 35 years
Gramm-Leach-Bliley Act Banks and Financial Institutions 7 Years
Health Insurance Portability and Accountability Act (HIPAA) Healthcare groups (Healthcare providers, health insurers, healthcare clearinghouses and business associates of covered bodies) 7 Years
Payment Card Industry Data Security Standard (PCI DSS) Credit card businesses and credit card processing groups 1 Year
Securities and Exchange Commission (SEC) Regulations Investment banks, investment advisors, brokers, dealers, insurance agents & securities companies Minimum of 7 years up to a lifetime

 

Email retention legislation in the United States that are applied by each of the 50 states are beyond the reach of this article.  There area also European Union laws, such as the GDPR email requirements.

Storing emails for a few years is not likely to take up masses of storage for a small company with a couple of members of staff. However, the more employees a group has, the greater the need for extensive resources just to store emails. The average size of a business email may only be 10KB, but multiply that by 123 – the average number of emails sent and received each day by an average company user in 2016 (Radicati email statistics report 2015-2019), and by 365 days in each year, and by the number of years that those emails need to be maintained, and the storage requirements become massive.

If any emails ever need to be obtained, it is vital that any email archive or backup can be searched. In the case of standard backups, that is likely to be an incredibly long process. Backups were not created to be searched. Finding the right backup alone can be almost impossible, let along finding all emails sent to, or received from, a specific company or person. Backups have their uses, but are not suitable for companies for email retention purposes.

For that, an email archive is necessary. Email archives contain structured email data that can easily be reviewed and searched. If ever an eDiscovery order is received, finding all email correspondence is a quick and simple task. Since many email archives are cloud based, they also do not require large storage resources. Emails are stored in the cloud, with the space provided by the service supplier.

ArcTitan is a cost-effective, quick and easy-to-manage email archiving solution supplied by TitanHQ that meets the needs of all businesses and enables them to adhere with all email retention laws in the United States.

ArcTitan includes a variety of security protections to ensure stored data is kept 100% secure and confidential, with email data encrypted in transit and storage. As opposed to many email archiving solutions, ArcTitan is fast. The solution can process 200 emails per second from your email server and archived emails can be retrieved instantly though a a browser or Outlook (using a plugin). Emails can be archived from any location, whether in the office or on the go via a laptop or tablet. There are no restrictions on storage space or the number of users. The solution can be scaled up to meet the needs of companies of all shapes and sizes.

To find out more about ArcTitan, get in touch with the TitanHQ team today.