Email Archiving Regulations Compliance For Small And Midsize Businesses
The necessity of regulating email archiving of email communications has become a significant reality, the violations of which have serious consequences.
Email archiving is regulated under the Federal Rules of Civil Procedures (FRCP), and as of 2006, all enterprises using email communications must comply with E-Discovery regulations contained therein.
For a large enterprise with sophisticated IT departments capable of employing expensive email archiving systems with built-in regulatory control, compliance is not a difficult condition to reach and maintain. However, for small and mid-size businesses without the resources necessary to purchase such archiving systems, compliance with regulatory matters becomes of prime importance.
Simply put, it is not enough to backup email communications; that is critical to the enterprise just to maintain business continuity. However, there are regulatory conditions that are now in force requiring the archiving of email data. Backup is a simple matter of storage. Uncorrupted retrieval of stored data is the concern of archiving.
Archiving email communications is necessary to meet government regulatory requirements but also to allow quick access of uncorrupted data in the event of legal proceedings in a civil or criminal court matter.
The regulatory control exerted over business depends on the type of business. A securities and exchange broker, for example, will have far more regulations governing its email archiving than a barber shop.
The basic regulations governing all enterprises are that:
- Communications must be archived for seven years.
- Communications must be secure against alteration, re-write and erasure and they must be indexed and completely searchable.
- The company must demonstrate the accuracy and quality of the archive.
- When requested, any email’s archiving must demonstrate immediate retrieval.
Fortunately for small business, there are relatively inexpensive solutions that will meet compliance requirements all the way from self-archiving on-premises to archiving in the cloud. They key to archiving is that the retrieval of email data must meet the “immediate” regulation, i.e, for purposes of a court proceeding in which email data has been subpoenaed, it must be supplied in court in keeping with the schedule of the subpoena.
Failure of compliance if subpoenaed may extend from paying the expenses for the delay in retrieval of data (if available; and if not, further fines may be imposed), expenses of the other party in court, imposition of sanctions against the company including, potentially, an immediate guilty verdict.
A company can most easily demonstrate compliance with the regulations of FRCP by acquiring a specific archiving system to know where data is stored, what security measures are in place for its protection against malicious or incidental corruption, backup schedules, and retrieval efficiencies. If you are unable to meet these conditions of effective email retention, backup and retrieval, your enterprise may face serious consequences as noted above.
While there is no existing enforcement of email archiving regulations, one should not be found wanting if the enterprise is ever called upon to retrieve and exhibit requested data. It is best to have an existing system in place to demonstrate ongoing compliance.