Email Archiving: Am I required to do it?

As of December 1, 2006… email archiving IS required. This is the date amendments to the Federal Rules of Civil Procedure (FRCP) went into effect. Amendments that require any organization subject to civil suit in a federal district court be able to produce email and electronically stored information (ESI) as evidence within 30 days of the court’s request for it.

Crucially, when providing ESI to a court, the organization must be able to demonstrate the ESI hasn’t been tampered with. Relying on a backup system is extremely risky because a backup provides a snapshot in time but CANNOT guarantee the presence or integrity of all ESI. For example, if an organization’s system is backed up nightly, a user could easily delete or alter ESI prior to the next scheduled backup. An archiving system captures information in the process of its creation and closes this loophole, protecting the organization from costly fines.

On top of this, organizations in regulated industries – e.g. education, energy, finance, government, healthcare, legal – and publicly traded companies are further governed by regulations specific to their industry that require email archiving. Some examples follow…

  • Education & Government : Freedom of Information Act (FOIA) / State “Sunshine” Laws
  • Healthcare : Health Insurance Portability and Administration Act (HIPAA)
  • Finance : Graham-Leach-Bailey Act (GLBA)
  • Public Company : Sarbanes-Oxley (SOX)

You might be asking “What’s the risk if I don’t archive my email?” That’s a GREAT question that we’ll answer in a future post!

To learn more, give us a call or register to attend one of our upcoming webinars.