The email archiving cost can be avoided, but fail to use an email archiving service at your peril. Huge fines await organizations that cannot recover emails for eDiscovery and if laws covering email retention are violated.
U.S. businesses are required are required to keep emails for several years. The IRS requires all companies to keep emails relating to tax for 7 years, the FOIA requires emails to be kept for 3 years, and 7 years, public companies (Sarbanes Oxley), banking and finance (Gramm-Leach-Bliley Act) and securities firms (SEC), and 6 years for healthcare organizations (HIPAA).
While large firms are able to absorb the cost of email archiving, many SMBs look at the email archiving cost and try to save money by opting for backups instead. While it is possible to save on the email archiving cost by using backups, the decision not to use an email archiving service could prove to be very costly indeed.
Email backups can serve the same purpose as email archiving in the sense that both can be used to retain old emails. However, while an email backup can help a business protect against data loss, if ever there is a need to recover backed up emails, companies often encounter problems.
Email backups are fine for recovering entire email accounts (mostly). In the event of a malware or ransomware attack, email backups can be used to restore entire mailboxes but backups can be corrupted or also encrypted. There will also be times when only certain emails need to be recovered – for eDiscovery purposes in the event of a lawsuit for example. An eDiscovery order may be received that requires all email correspondence sent to a particular client or customer to be retrieved. Such a request may require emails from 100s of employees to be located and those emails may date back several years. Finding all emails would be an incredibly time consuming process, and it may not actually be possible to recover all correspondence. Backup files cannot easily be searched as they are simply data repositories.
An email archive on the other hand is different. The entire archive can be quickly and easily searched and individual emails be easily found and recovered. If an eDiscovery request is received, searches can be performed to identify all relevant emails and attachments and the entire process will take minutes or a few hours at most. The recovery of emails and files from a backup could take weeks or even months, assuming that the task is even possible.
Email backups fail surprisingly often. The recent spate of ransomware attacks has highlighted a number of examples of data backups that have been corrupted, leaving organizations little option but to pay the attackers for a key to decrypt locked data. In the case of a ransomware infection, the ransom payment may be tens of thousands of dollars or even millions. However, the cost of failing to produce emails for eDiscovery or a compliance audit can be even higher.
Non-compliance with the Sarbanes-Oxley Act and other industry legislation can see fines of several million dollars issued. In 2016, Scottrade was issued with a fine of $2.6 million by the Financial Industry Regulatory Authority (FINRA). Scottrade had kept records of its emails, but not a complete record. More than 168 million emails had not been retained that should have been present in an archive. As Brad Bennett, Executive Vice President and Chief of Enforcement at FINRA explained when announcing the fine, “Firms must maintain sound supervisory systems and procedures to ensure the integrity, accuracy, and accessibility of electronic books and records.” That includes email correspondence.
The cost of email archiving is not only low compared to the cost of a regulatory fine, email archiving is actually inexpensive, especially when using a cloud-based email archiving solution such as ArcTitan. Being cloud-based, emails are securely stored in the cloud without the need for any additional hardware. Business can rest assured that no email will ever be lost, as the archive is securely stored separately from the mail system and the archive is automatically backed up in the cloud.
In the event of an eDiscovery order, any email can be retrieved almost instantly, regardless of when the email was archived. No specific software is required as emails can be archived directly from Office 365 or a mail client such as Outlook, or through a standard web browser. Furthermore, the load on an organization’s email server can be greatly reduced. Reductions of 80% have been seen by a number of TitanHQ’s clients.
Email Archiving, EU Citizens, and GDPR
The regulations mentioned at the top of the page (HIPAA, Sarbanes-Oxley and the Gramm-Leach-Bliley Act) largely affect domestic businesses operating within the domestic market. However, any businesses with a presence in Europe or that retain EU citizens´ personal data in emails will also be subject to the EU´s General Data Protection Regulation (GDPR).
This regulation stipulates that only the minimum amount of data necessary to perform a lawful function can be retained. It also states that measures must be put in place to protect EU citizen´s´ personal data against loss, theft or unauthorized disclosure.
Possibly more importantly, EU citizens have the right to request access to their personal data, insist on corrections being made if any information is incorrect, restrict data processing or demand the erasure of their personal information. For this reason alone it is important to use an email archiving service. With the quick and easy search facility, data access requests can be complied with in minutes.
To find out more about the full benefits of email archiving and the features of ArcTitan, give the TitanHQ sales team a call today. We think you will be pleasantly surprised at how low the email archiving cost is.