Email Archiving Requirements

Email archiving requirements can vary considerably, depending on the nature of your business, where your business is located, and the countries where your customers are based. This post is concerned with email archiving requirements for customers in the United States, although there are comparable regulations in most other Western countries.

Laws with Email Archiving Requirements

Emails must be retained for as long as the statute of limitations and must be produced for audits and in the event of a legal dispute. Email retention requirements are set at the federal level, but there are also many states that require electronic data to be retained. Regulated industries also have their own regulations, such as the financial services, payment card industry, and healthcare.

For example, all companies must maintain tax records for between 3 and 7 years to comply with Federal regulations, and public traded companies are required to comply with the Sarbanes Oxley Act (SOX) and must retain data for 7 years. Healthcare organizations are subject to the Health Insurance Portability and Accountability Act (HIPAA) and must retain certain data for 6 years. Department of Defense (DOD) regulations call for data to be stored for 3 years, and Payment Card Industry Data Security Standard (PCI DSS) regulations require data to be saved for 1 year. In some cases, email data must be kept indefinitely.

One of the most important email archiving requirements was introduced in 2006 when the Federal Rules of Civil Disclosure were updated with respect to eDiscovery. The laws were amended to require businesses to produce electronically stored information (ESI), which includes email data, within 30 days if ordered to do so by the courts. The failure to produce ESI within 30 days is an offence and can be penalized with a substantial fine.

If you do business with customers in Europe, you will also be required to comply with the General Data Protection Regulation (GDPR) which has email archiving requirements. The GDPR stipulates that you must only retain the personal data of EU citizens, which may be in emails, for as long as needed to achieve the purpose for which personal data were collected. EU citizens also have the right to request access to their data, check for accuracy, and have their data deleted if they so wish. In the event of an audit or data deletion request, you also only have 30 days to produce the data. It is therefore essential that you have a system in place that allows you to easily find data in emails and attachments.

A Cloud-Based Email Archiving System Can Help with Compliance

Most laws require data to be provided, on request, within a relatively short time frame. 30 days may seem a reasonable time for producing data but finding and producing data in an email system can be a time-consuming process, especially if you have to find large volumes of emails or you do not have an email archiving system. An email archiving system allows email data to be quickly and easily found if you receive an eDiscovery request or are subjected to a compliance audit or need to respond to a GDPR request.

An email archive contains a record of all sent and received emails that need to be retained, which are stored separately from your mail server in the cloud or on a physical or virtual appliance. Prior to being sent to the archive, emails are deduplicated, indexed and tagged to allow the archive to be efficiently searched, which ensures emails can be quickly recovered. As required by law, an exact copy of a message is retained and an audit trail is maintained, so any changes to email data are tracked and can be reversed if needed.

Cloud-based email archives are the easiest solution. A cloud-based email archiving service can be used to set up an email archive in minutes. You create your email archiving policy and emails will automatically be sent to the archive and stored securely in the cloud. A cloud-based email archiving service takes the complexity out of email archiving. It really is a set and forget solution, with no maintenance requirements or hardware costs.

A cloud email archiving service gives you peace of mind. Your data is secured and backed up, there will be no hardware or software issues and, in contrast to an on-premise appliance, a natural disaster, ransomware attack or hardware failure will not wipe out your archive.

Meet Your Email Archiving Requirements with ArcTitan

ArcTitan Cloud is a 100% cloud-based email archiving solution that allows you to rapidly archive emails and retrieve email data on demand. ArcTitan has the capacity to archive up to 200 emails per second, and your email database can be searched at a rate of 30 million emails a second. If you use Office 365, ArcTitan will give you faster and enhanced search capabilities than Microsoft’s archiving option, and you will benefit from substantial time and cost savings. ArcTitan Cloud is one of the easiest to use and lowest cost cloud-based archiving solutions on the market.

ArcTitan Cloud is compliant with all industry security and privacy regulations, and securely stores your email data in compliant data centers. ArcTitan Cloud has tamper-evident audit functionality and a granular delegation feature that enables access permission tiers to be set by department, user-group or individual user. You can access the email archive through a mail client or a web-based interface through a browser, giving you access to your archive no matter where you are located.

If you are currently assessing the relative merits of email archiving solutions, we invite you to get in touch and book a demo of ArcTitan in action. The demo will help you better understand how straightforward it can be to comply with email marketing requirements and how quickly authorized users can recover and restore emails.