IT Solutions Advice and Guidance

2. Email Archiving and Compliance

2.1 Protecting You and Your Business

Over the past years, email has become a primary channel of business communication. It provides organisations with a fast medium of conveying business correspondence such as purchase orders, quotations and sales transactions, in virtually any geographical area with the least physical effort possible. A study conducted by market researcher Gartner Group revealed that organisations conduct almost 97% of their communications via emails. Furthermore in a recent survey, Osterman Research found that email is now accepted as written confirmation of approvals or orders in 79% of organisations.
 

What is email archiving?

Email archiving enables companies to securely store all email communications into one or more indexed databases and to allow emails to be retrieved quickly and easily on demand.

You can provide users with easy, centralised access to historical emails and with the ability to quickly retrieve emails through a simple Restore process. 

This technology is increasingly integral to a PC network in order to meet the regulatory email storage requirements of UK and European Laws.

What legislation do I need to know about?

Every year brings more changes to an already complicated regulatory framework. It is possible to define three major categories: 

  • Industry Regulation driven through compliance against regulatory authorities in key vertical markets such as finance, health and public sector.
  • Legislation as a result of government imposed acts affecting all organisations.
  • Best Practice relating to the implementation of general email management policies and guidelines designed to protect the employer and employee.

It is important to note that there is little explicit legislation that relates to e-mail, however a common understanding within the context of law, and illustrated by many court cases, is that an e-mail is a document and as such is covered by many and varied regulations.

Of the 70+ acts/regulations that might affect your business, those that are key are: -

  • Data Protection Act 1998
  • UK Companies Act 1985
  • Freedom of Information Act 2000

 
 
 

What does this mean to me?

A core element to the Data Protection Act is the way in which it insists companies have to disclose information it might have on an individual. This key type of disclosure is called a “Subject Access Request”. 

Anyone can issue a SAR against any company by simply writing a letter in a format available from Data Protection Act website, sending a cheque for £10, delivered via registered mail to the company. The company receiving the SAR legally has to give up all data requested, within 40 days. Failure to comply breaks the law, seriously affecting the company’s ability to defend itself against any legal actions.

Currently, the most common use of Subject Access Requests is by employees, or ex-employees making claims of unfair dismissal, sexual / racial discrimination, harassment, or constructive dismissal. Just imagine the difficulty in trying to find relevant emails between different parties that are stored in numerous locations or more often just deleted.

The reality is that for legal compliance, data held in emails should be stored in a secure archive, with quick retrieval and with all events surrounding any email, audited.

What’s meant by “Legal Discovery”?

Legal discovery tends to be based on a request to produce all documents relating to a particular person, department or subject. 

When you stop to analyse this, the term “all documents” means that it may comprise of Word, Excel, PowerPoint & PDF documents, Emails, Instant Messages and even VOIP phone calls. 

Even the smallest of companies often has tens of thousands of emails that need to be searchable.

 

But these email messages are not in one place. In the simplest of scenarios; they will be stored across different backup tapes with no indexing system to identify their content.  They could be in Web-Based email systems, old Outlook or Outlook Express files or saved to a local archive file.

The next question is what do you index anyway? If you are indexing to satisfy legal discovery requests, what could those requests be about? Anything your business is involved in. So the indexing has to be complete. Every person, every object, every transaction, every location, every policy.... every single thing your business emails deal with has to be indexed so that all the emails dealing with, for example, maintenance work being undertaken in the company car park, can be located and retrieved in case a solicitor issues a legal discovery notice on you about that topic. 

What do I need to do?

To protect you and your business you need to ensure that you have a full email archiving solution and procedure in place.

How can you help?

AXIS First can offer a range of email archiving solutions to help meet your legislative or regulatory requirements.

Can my users get to archived email?

Yes, this is done securely via a web-browser interface.