Category Archives: Network Security

Email Archiving: Am I required to do it?

As of December 1, 2006… email archiving IS required. This is the date amendments to the Federal Rules of Civil Procedure (FRCP) went into effect. Amendments that require any organization subject to civil suit in a federal district court be able to produce email and electronically stored information (ESI) as evidence within 30 days of the court’s request for it.

Crucially, when providing ESI to a court, the organization must be able to demonstrate the ESI hasn’t been tampered with. Relying on a backup system is extremely risky because a backup provides a snapshot in time but CANNOT guarantee the presence or integrity of all ESI. For example, if an organization’s system is backed up nightly, a user could easily delete or alter ESI prior to the next scheduled backup. An archiving system captures information in the process of its creation and closes this loophole, protecting the organization from costly fines.

On top of this, organizations in regulated industries – e.g. education, energy, finance, government, healthcare, legal – and publicly traded companies are further governed by regulations specific to their industry that require email archiving. Some examples follow…

  • Education & Government : Freedom of Information Act (FOIA) / State “Sunshine” Laws
  • Healthcare : Health Insurance Portability and Administration Act (HIPAA)
  • Finance : Graham-Leach-Bailey Act (GLBA)
  • Public Company : Sarbanes-Oxley (SOX)

You might be asking “What’s the risk if I don’t archive my email?” That’s a GREAT question that we’ll answer in a future post!

To learn more, give us a call or register to attend one of our upcoming webinars.

Email Archiving: What is it?

Expanding on the definition from our friends at Wikipedia…

Email archiving is the automated process of preserving, protecting and making searchable all inbound, outbound and internal email messages (as well as attachments and metadata) in their original and unmodified form so they can be accessed at a later date should the need arise.

Why might you do this?  Top four reasons follow…

  1. Comply with regulatory requirements (e.g. FOIA, HIPAA, SOX, etc.)
  2. Recover emails that have been lost or accidentally deleted
  3. Accelerate response to audit, or in the case of litigation / internal investigations, “eDiscovery” requests
  4. Preserve the intellectual property contained in business email (i.e. Data Mining)

To learn more, give us a call or register to attend one of our upcoming webinars.