Email Archiving

Email archiving is a system that allows an organisation to automatically record and store all emails (including attachments such as word documents and spreadsheets) as they enter and leave the company.

The aim of an email archive is to ensure good business practice, adherence to Government legislation and compliance to international codes of practice.

The email archive should be 'tamper proof', i.e. not easily accessible to unauthorised personnel, and allow for a complete audit trail if there is a legal requirement to do so.

The future of email archiving

The email archiving market is set for continued growth due to the fact that there are many acts of parliament and legislation that compel organisations to retain copies of all emails sent and received. This legislative process is set to continue, especially as companies are impacted by issues caused in the early 2000's such as the Enron scandal and the 9/11 terrorist attacks.

Together with the continued growth of internet usage, this will only encourage the need for email archiving systems. In fact, with the growth of other mediums of communications, such as messaging (*1) and online chat, archiving systems are becoming more complex and can often encompass these communications.

Why email archiving?

The main reasons for implementing an email archiving system, is to comply with the following legislation, or codes of conduct:

•    BSI 7799
•    BSI PD00008, PD0010, PD5000
•    Data Protection Act
•    RIP
•    Employment Law
•    SEC 17a
•    For use as evidence if required due to any form of litigation.

Please note that this list is not definitive and you should be aware of all legislation that may affect your company and your specific requirements.

It should also be noted that:

•    Companies, company directors, and users can be held liable for failure to retain documents and records.
•    Electronic documents are admissible before a court of law (UK Civil Evidence Act 1995).
•    UK Applicable Laws include:
    Vicarious Liability, e.g.
•    Defamation Act
•    Sex Discrimination Act
    Privacy, e.g.
•    Data Protection Act
•    Human Rights Act
    Regulatory Obligation


Types of email archiving

As a potential user of email archiving systems you have two choices:

1: to purchase a system and implement it in-house, at your office or,
2: to rent the service and facilities from an organisation that can support, implement and maintain the system on your behalf.

In-house email archiving

Large scale enterprises tend to have the facilities on-site as they have the capability to support and maintain their systems. They also tend to prefer to retain the element of control that a hosted solution does not provide.

Hosted email archiving

Hosted email archiving is of particular use to smaller companies who do not have access to technical expertise in order to support an email archiving solution. This has a number of benefits:
•    No need to be supported by an internal IT Department or specialist personnel.
•    The system will be managed by a specialist supplier.
•    Can be more cost effective as hosted solutions tend to be priced per user.
•    No up front costs i.e. rather than having to purchase hardware and email archiving software the cost can be spread on a per month basis.

What can I expect to gain by implementing email archiving?

This is a particular conundrum as it may well be that you will never be required to use the email archive. Your organisation may only need this to comply with particular legislation or just in case there is ever any need to revert to an old email. In this case, you will only ever recognise any financial benefits in the event there is a need to gain access.

However, the result of not archiving emails can be considerable and can range from a fine to potential imprisonment.

What type of companies would benefit from an email archiving system?

It is fair to say that most companies would benefit from an email archiving system, but the following are organisations that for legal and compliance reasons require email archiving systems to be implemented:
•    finance and banks,
•    police,
•    healthcare,
•    government,
•    local government,
•    defence industry,
•    construction.

Benefits of email archiving

Organisations can gain a number of benefits by implementing an email archiving system. The type of benefits realised will depend on the requirements, the situation and the type of organisation.

Some potential benefits include:

•    Email archiving ensures that legislation and compliance issues are adhered to. Many organisations have to comply with strict codes of conduct or face being fined. These include banks and other financial service organisations as well as legal practices and organisations that retain medical records.

•    Email archives can be used to retrieve information at a later stage if a suspected misdemeanour or criminal act has been suspected. This has become particularly important over recent years due to incidents of criminal activity such as drug dealing rackets using companies' computer resources, and even issues around terrorist activities.

•    In the past, organisations relied upon individuals to archive their emails. This would cause issues if archiving wasn't carried out regularly or indeed, at all.

•    A good systematic archiving system can reduce the costs of email retrieval in the event that an old email is required. In circumstances where a particular email is required for evidence, companies could potentially spend a fortune on people and resources trying to find the details. A good email archiving package will eliminate this and greatly speed up the process.

•    Email archiving systems can be invaluable if your computer or network has major issues such as a hard disk failure. At least there will be copies of emails available for you to retrieve and re-loaded onto the systems.

•    Certain organisations are required to keep records of emails for a specific time period. An email archiving system will automate this process rather than leave it within the realms of an IT department or individual users.

•    Emails can often contain specific information that might be incredibly useful if an organisation is in dispute with a client, supplier or regulatory body.

•    Email archiving systems can reduce the need for large amounts of storage as they will compress messages and attachments, remove duplicates and if required, remove them from the system at the end of the required retention period.

•    E-discovery (*2). Electronic discovery is a relatively new term that allows organisations to use emails or instant messages as evidence either for criminal, civil litigation or for potential use in company disciplinary procedures. For further information see http://en.wikipedia.org/wiki/Electronic_discovery.


Potential pitfalls

•    If emails and other electronic communication need to be stored for a long period of time, email archiving can become expensive as the storage requirements can become huge.
•    Emails must be archived regularly (it should be an automated process) otherwise it will be a wasted system.
•    The system must be secure and only authorised personnel must be allowed to view the content in case of breach of the Data Protection Act and Human Rights legislation. This could be considered intrusive – as long as emails are marked 'personal' then it is reasonable to allow people some personal activities.
•    The system must be 'tamper proof' to ensure that emails can not be accessed and altered.

Conclusion

Email archiving is a necessary function of most businesses. The penalties for not having an email archiving system in place can be extremely high and any breach could result in a substantial fine or even imprisonment.

This is especially so for those businesses that needs to comply with legislation and international codes of conduct. Even for those organisations that are not impacted by such laws, there are benefits in terms of mitigating risk in the event that there is a dispute with a customer or even an employees, as the evidence can be quickly and inexpensively located.

Glossary

*1 Messaging. A form of real-time communication between two or more people based on typed text. The text is conveyed via devices connected over a network such as the internet. The most commonly known IM applications are MSN Chat, Google Talk and Twitter. See also Chat (link to Backup).

*2 E-discovery. Electronic discovery is a relatively new term that allows organisations to use emails as evidence either for criminal, civil litigation or for potential use in company disciplinary procedures.

Information provided by Conjungo