An effective email retention policy helps manage several risks by retaining email messages for a period aligned with ongoing electronic discovery (eDiscovery) cases and government regulations. According to a 2015 study by the Rand Institute for Civil Justice, complying with email retention law and e-discovery costs $1,332 per gigabyte for collecting, $2,793 per gigabyte for processing, and $22,480 per gigabyte for reviewing.
Email archive solutions help organizations stay compliant while reducing the cost of violations and threats of sanctions. Automated email retention policies increase the performance of legal searches of individual emails with keeping the content for a fixed period.
Advanced email security platforms like Trustifi enables various retention policies to support their e-discovery needs. Trustifi’s compliance module supported mandates that require email archiving, e-discovery, retention, and legal hold.
Whether the organization is the complainant or the defendant, the process of e-discovery can be challenging, expense, and subject to human error. Organizations are looking into more automation, artificial intelligence, and machine learning to help with the eDiscovery workflows.
The Challenges with Email Retention Policies
A clearly defined email retention policy helps reduce the cost of eDiscovery by reducing the number of discoverable emails. Understanding email retention requirements is essential for both core and advanced e-discovery. The organization needs to follow the procedure for email retention rules consistently to prevent security vulnerabilities, data theft, non-compliance, and risk. The risk of sanctions should be top-of-mind for the organization’s executive teams.
Managing Risk
All emails stored in the archive must be searchable and in compliance with the retention policy. All emails flagged under legal hold become exempted from auto-deletion dictated inside the retention policy.
Retention policies can affect information security. More extended policies may increase the risk of unauthorized access and data exflitration while shorter ones reduce the risk.
Considering the potential impact on eDiscovery processes and legal investigations is essential. Selecting an email retention period to support current and future legal proceedings should align with State and Federal regulations and record retention policies. Retention lengths vary both by the organization and by regulated industries.
What are the Legal and Regulatory Requirements for Email Retention?
The Securities and Exchange Commission, a government agency, is tasked with developing regulations for corporations to abide by Sarbanes-Oxley. Record retention and archived emails are crucial aspects of this law.
Both the Sarbanes Oxley Act and the Federal Deposit Insurance Corporation require public companies to retain emails for a certain period – at least seven years and five years, respectively.
Laws and regulations define the records retention periods of organizations. Sarbanes Oxley requires email and other documents to comply with retention requirements set by the Federal government. Violations of any provision can cause severe penalties and reputation damage. State laws also have retention requirements.
The GLBA mandates that banks and financial institutions maintain email records for at least seven years.
HIPAA mandates that healthcare entities, including providers, insurers, clearinghouses, and business associates, must keep emails on file for at least six years.
Developing a Policy for Legal Holds.
It is essential to prevent the automatic deletion of emails from your archive, even with existing email retentions in place. Legal holds ensure emails stay in the original state. Legal hold is a core component of protecting potential evidence in an e-discovery case. Organizations place themselves at significant risk without the ability to preserve the evidence.
How Do You Enforce Data Retention with Trustifi?
Trustifi’s advanced cloud-based email security platform provides comprehensive yet for simplicity capabilities for clients to set their retention policies. The platform allows clients to specify how long they wish to keep emails. The retention module will enable clients to auto-delete emails after the expired retention date.
Trustifi’s email archiving module supports legal holds, bypassing the retention date.
All emails archived within the Trustifi platform become stored in their original form. Clients also can export emails from the Trustifi cloud system to third parties.
Why Trustifi?
Organizations need an adaptive and fluid cybersecurity platform to adjust quickly to the changes in attack vectors and other cyber-criminal activities. Trustifi’s email security solution is a platform designed for clients to enable swiftly more adaptive control with a single click to help them stay ahead of constant changes in the cybersecurity threat landscape.
Trustifi is a cyber security firm featuring solutions delivered on software as a service platform. Trustifi leads the market with the easiest-to-use and deploys email security products, providing both inbound and outbound email security from a single vendor built to stop fileless malware, ransomware, and data exfiltration.
As a global cybersecurity provider of both inbound and outbound email protection, Trustifi currently supports customers from countries including the USA, Canada, Brazil, the Dominican Republic, the UK, the Netherlands, India, the UAE, China, and Japan, Cyprus, the Philippines, and more. The company has also developed “One-Click Compliance” capabilities that cater to world security regulations, including PDPO for Hong Kong, POPI for South Africa, GDPR for Europe, and LGPD for Brazil.
