Email retention is a very important component in every company’s day to day business practices. The reasons are many: legal requirements, efficient use of storage, privacy of corporate email messages and others.

Policies and best practices should be clearly stated in every company’s IT department for how best to archive the multitude of emails that accumulate each day.

Here are some of the best practices and considerations for email archival.

1. Indexing and searching capability should be features of all email archival systems. Companies need to be able to respond quickly to requests for old emails particularly when those requests are coming from legal entities outside of the company. Months and months of email messages can quickly become millions of archived messages. IT departments will need to be able to respond to information requests in the least amount of time possible so as to meet any legal requirements necessary. Having a fully indexed archival message system will support the retrieval of any documents or email messages in a short period of time. In addition, being able to respond to requests for archived emails can help to meet discovery or subpoena requests in a timely manner.
2. Audit trails should be another component of any good email archival system. Companies need to secure and track their archived emails to meet the regulations of the various governing bodies such as the SEC (Securities and Exchange Commission) that can request specific emails from them. Audit trails can also be used to prove compliance with reporting regulations such as the Sarbanes-Oxley Act.
3. Complete email integrity needs to be maintained so as to meet the rules of evidentiary standards. Email integrity can be maintained by use of electronic signatures and time stamps of each email that is archived, redundancy of archival systems to provide continuous access to archived emails and encryption of email messages to protect against tampering of original data.
4. Virus scanning of all email messages prior to archival should be an additional step in the archival process so as to ensure not only the integrity of archived email messages but also the protection of email system at the time of retrieval of email messages from the archive system.
5. Support of multiple email systems and protocols is another feature that can help to reduce the number of archive systems that are needed within a corporation. Some of the more widely used email systems that ought to be included in an email archive system include: Microsoft Exchange, Lotus Notes, Novell Groupwise, First Class, standard POP3, SMTP and Imap protocols.
6. Administrators should coordinate with their in-house legal department and with the department managers of the various business units that the IT organization is responsible for supporting. Those department managers may have additional requirements for email archiving of their employees emails based on their applications used and types of businesses they engage in. And legal departments can also provide guidance in the necessary archival rules and regulations which the company as a whole must comply with.
7. Know what time periods are required by specific regulations when determining how long to keep email messages in the archives. Some companies do not routinely rotate their archived email messages out to the bit bucket and as expected continue to drive up their storage and administrative costs unnecessarily. The more email messages that are stored then the more indexes are required and longer search times than are necessary will occur.
8. Designate someone within the IT organization who is the interface to the legal department. In smaller organizations the legal department will most likely be an outside law firm. Schedule regular quarterly reviews of the laws and regulations specific to your industry that have mandates related to email retention requirements. Some of these compliance laws, regulations, and standards that can impact how email is retained include: the Federal E-Discovery Rules; the Health Insurance Portability and Accountability Act (HIPAA); the Gramm-Leach-Bliley Act (GLBA); the Sarbanes-Oxley Act (SOX); the PCI Data Security Standard; the Federal Information Security Management Act (FISMA); the EU Data Protection Directive 95/46/EC; the Basel II Accord and others.
9. Although not considered email, instant messages should also be included as electronic items that can be stored in an email archival system. Within the course of daily activities business communication emails that are received can sometimes start off as instant messages that have been converted into email when the sender was no longer able to communicate with the recipient.
10. The implementation and execution of a good email archival system can save a company much valuable time and money when all contingencies have been taken into account and the planning has been done well.