Posts tagged Email archiving
What are the EU rules for email retention?
The necessity and challenges associated with email archiving are not exclusive to companies operating in the United States.
Like their American counterparts, organizations all around the world rely heavily on email for business communications. As such, correspondence sent through the medium contains pertinent information regarding the company and its inner workings.
European Union officials have recognized the importance of the information contained in email and handed down the Data Retention Directive on March 15, 2006. While the law contains similarities to its American counterparts, most notably the Federal Rules of Civil Procedure, it is also a decidedly different piece of legislation.
Below we’ll examine the need for EU email retention standards, the law’s actual requirements and the heavy criticisms it has faced from several member nations.
The Need
As in most parts of the globe, employees in the European Union can’t do without email. It is the primary form of communications within European businesses, used for sharing information between branches, partners, customers and clients.
Furthermore, a whitepaper from Frost & Sullivan on the subject of email archiving revealed that 80 percent of the business-critical content for a company is contained in email messages. That means nearly all their trade secrets, confidential company data and insider information is all floating through cyber space in email.
For this reason, it is clear that making a legal case either for or against a company is dependent on the information contained in email. However, that same information could also be used to fight crime and thwart terrorism plots, both of which appear to be driving forces behind the EU’s Data Retention Directive.
That differs from the U.S. requirements, which are targeted at civil lawsuits and legal proceedings.
The Requirements
Under the directive, companies, mostly Internet service providers and others in the telecommunications, must retain all customer transactions for a period ranging between six months and two years. As for the transactions covered, they include email, telephone calls and website traffic, among others.
“The bottom line for many EU organizations is that proper email life cycle management decreases outside liability potential and falls in line with modern corporate email governance procedures,” according to Frost & Sullivan’s whitepaper.
However, the directive applies to certain information concerning these channels, but not necessarily the contents of them. Companies must identify the source, destination, date, time and duration of such communications.
Also, industry regulators in specific EU member nations have taken requirements step further. For example, the U.K.’s Financial Services Authority requires companies to retain email for six years. Such measures could cause other countries to follow suit with strict mandates of their own, according to Frost & Sullivan.
The Criticism
The EU Data Retention Directive has not been received without its detractors. In fact, the German Parliament has even gone so far as to call the directive illegal.
According to the IDG News Service, the German Bundestag’s Working Group on data retention said the law is “disproportionate in the measures it requires to fight crime, as data retention increases the crime clearance rate only slightly.” Essentially, the ends don’t justify the means. And the group said it would be impossible to reword the law to bring it in line with the EU’s Charter of Fundamental Rights.
In response, the European Commission, the executive body of the EU, said the directive does walk a fine line in terms of the right to privacy, and it will consider tighter regulations for the access and use of the retained data.
In addition to EU rules, EU companies also face industry email archiving requirements as well as the need to retain and if necessary produce electronic records for tax audits.
Email Retention Checklist: Eight Questions You Need to Ask for Your Retention Policy
As regulatory email compliance becomes more commonplace throughout all industries, many organizations are examining their email archiving policies. There are many reasons for this, not the least of which is that in the event of a lawsuit, archived emails can become a vital part of the eDiscovery process. Whether you are addressing this for the first time or already have a policy in place, below is a useful checklist to determine your organization’s email retention needs:
1. Is your company required to preserve emails to comply with industry regulations? If so, for how long?
2. Is there a possibility that an auditor might visit your premises and request the relevant information to be presented on site, and/or will you need to produce data on external media?
3. Should you retain all corporate emails in one central place for easy access and discovery for company objectives? What are the pluses and minuses in doing this?
4. Which employees will need access to other employees’ emails?
5. Are there certain emails that must be kept longer for company use, or will the company retain all emails for the same length of time?
6. Are you looking to reduce the load on your mail server (for instance the Exchange Server Information Store) by archiving emails onto another system?
7. Does your company need to be prepared for any eDiscovery requests in view of the Federal Rules of Civil Procedure?
8. What is your current email archiving policy, if any?
By discussing the answers to these questions with a cross-functional team with all relevant departments submitting input, your organization will have a better idea of its email archiving needs. Based on this you can draft an email archiving policy and select the appropriate email archiving solution for your company needs.
Red Earth Software Debuts Policy Patrol Archiver
As companies produce more and more electronically stored information that is relevant to civil litigation, eDiscovery is becoming both increasingly important and more complex. eDiscovery refers to the process of obtaining forms of electronic communication to be used in legal proceedings. It can include email, instant messages, voicemail or data stored on a smartphone or PDA.
Today, Red Earth Software introduced Policy Patrol Achiver, a new email archiving and eDiscovery (electronic discovery) solution for small and medium-sized businesses (SMBs) using Microsoft Exchange Server. Policy Patrol Archiver will now enable SMBs to meet compliancy needs, reduce Exchange Information Store size, and boost Exchange performance without breaking the bank.
Policy Patrol Archiver is designed to automatically store emails in a centralized archive location, allowing administrators to set email retention policies and meet email archiving requirements. Emails are archived into the database instantly, so that even if a user deletes an email, it will still be archived into the database. Users can search and restore their emails through a web browser.
Policy Patrol Archiver reduces the Exchange Information Store size by automatically stubbing messages (i.e., replacing the body of the message with a link to the message in the archive), or removing messages entirely from the Exchange Information Store. In doing so, Policy Patrol Archiver decreases Exchange backup and restore times, and boosts Exchange Server performance. This new software solution is a win-win for IT administrators and employees at enterprises of any size.
Policy Patrol Signatures Achieves “Works with Windows Server 2008 R2” Certification
More companies of all sizes are adding standardized signatures for employee emails to meet compliance requirements and optimize their corporate email branding. This trend will only continue as the email disclaimer and company footer become the norm in all industries.
This week, we announced the availability of Policy Patrol Signatures, which allows companies to centrally manage their users’ Outlook email signatures. We are pleased to add that Policy Patrol Signatures recently passed the Windows Server 2008 R2 Platform Ready Test and is now qualified to use the “Works with Windows Server 2008 R2” Logo. This status means that our software is compatible with the Microsoft-recommended standards.
Policy Patrol Signatures is designed to work with enterprises of any size. IT managers can use the software with Windows Server 2008 R2 x64 with Hyper V to quickly configure a global email signature that is automatically personalized for each sender.
Please see the full announcement here
Email Archiving – 5 Steps to Email Archiving Success
A 2009 study revealed that the average office worker sends 160 emails each day. That’s nearly 5,000 per month and 58,000 per year. And that’s just sent messages.
Archiving email is the process of sorting, retaining and indexing each message sent and received within a company’s email system. Emails are copied and stored on a server, from where they can be preserved or deleted according to company policy.
Here is a list of five steps to follow when adopting, implementing and carrying out your corporate email archiving policy.
Step 1. Understand Your Email Retention Needs
It is important to understand your company’s need for archiving email. Start by creating a cross-functional team with all departments submitting input. For some, this means bringing together legal, compliance, HR, finance, investor relations, engineering, production and administration. For example, is your company required to preserve emails to comply with industry regulations? Does your company need to be prepared for any eDiscovery requests in view of the Federal Rules of Civil Procedure?
Step 2. Draft a Policy for Archiving Email
Draft a policy for archiving email that describes the company’s email retention objectives, responsibilities and procedures. This includes implementing a retention schedule for employees to easily follow and remember, a set time frame for how long data will be stored as well as explicit directions for what information will be kept.
Step 3. Create a Data Map
A crucial part of archiving email is the creation of a Data Map. The Data Map should list and describe all data repositories, detailing where company data is kept, in what format, and how easy it is to retrieve and purge.
Step 4. Select a Solution for Archiving Email
As electronic materials are becoming more important to the outcome of many legal cases, both civil and criminal, nearly all companies are advised to implement an email archiving and eDiscovery solution to efficiently locate stored items and easily retrieve them. The good news is that even Small Businesses can now afford comprehensive email archiving systems. On the flip side, this also means that Small Businesses can no longer use the excuse that the systems necessary for archiving email were too expensive to implement.
Step 5. Regularly Review
Compliance regulations regularly change, IT systems need to be updated and unforeseen problems may arise at any time. Regular updates to the Email Archiving Policy and Data Map can ensure that the company is prepared for possible challenges ahead.