Archiving emails after a certain time is not just a good idea, for many industries, it’s the law. Failure to archive emails in a timely manner could result in both official sanctions and penalties and an inability to properly defend yourself in a criminal or civil case. Learning more about email security and archiving and the penalties for non-compliance can mitigate your risk and ensure your business stays on the right side of the law.
What Archiving is Required?
Many industries, including healthcare, banking and finance, and even government entities are required to keep track of email correspondence in an archive for a specified time period. Specific guidelines vary by industry, but your business needs to be in compliance with the Federal Regulations on Civil Procedures, which includes the following points:
You need to know where your emails are
You need to be able to comply with data requests
You need to be able to retrieve your emails when requested
You may not alter archived data; alteration is a crime and can be penalized with fines and jail time
For Financial Institutions
Outlined in Section 17a-4 of the SEC’s Securities Exchange Act, records of financial transactions and statements and other communications (including emails) need to be retained for three years. Brokers, investment firms, banks and other organizations are required to comply with this regulation.
In addition, rules under the Sarbanes Oxley Act require the retention of correspondence and documents relating to audits and financial data. Penalties for altering or deleting electronic records, including emails range from hefty fines to jail time.
For the Healthcare Industry
HIPAA may not specifically mention emails, but there are still requirements regarding documentation. Since patients can ask for a full accounting of disclosures of their PHI (Protected Health Information) for up to size years after the event, any organization wishing to comply with HIPAA should retain all communications, including emails. HITECH also specifies the need to protect and retain patient data and outlines the penalties for failing to do so.
Cut your Risk
Regulations are complex and varied, creating a robust email backup policy can protect your business not only from official sanctions and non-compliance penalties, and it can protect you in the event of a lawsuit as well.
Need help creating the right archive solution for your business? We can help you mitigate risk, fully comply with the law and protect your good name. Contact us to learn more about your options and to implement an archival program that works for your organization.
During an upcoming webinar on July 20th at 3pm EST / 2pm CST, experts from White Rock Security Group and Mimecast, a leader in email security and archival, will discuss the dual challenges that businesses have when it comes to archiving emails as well as protecting their networks from phishing and other types of attacks. There is no cost to register for the webinar but there is a limit on the number of registrants. Click here to learn more and to get registered.