Email Retention Policy
What is email retention?
Email retention or email archival is the technique in which all your business emails are retained in a secure portal. Organizations can use dedicated email archiving solutions to ensure their emails are retained as per their requirements. Once the retention policy is enabled, the archived emails can be searched, retrieved, or held for audits, and investigation purposes.
What is an email retention policy?
An email retention policy is defined as the duration for which your organization's emails get stored in a secure portal before getting deleted permanently. Admins shall configure the email retention period as per the specific needs of their business. Most email archival solutions provide an option to create custom retention policies. Admins have the flexibility to create multiple custom retention policies for different users and departments.
However, the default email retention policy should comply with the state and industry-specific laws in which a business operates. Below are some of the standard retention intervals based on the compliance authority:
| Industry | Compliance Authority | Retention Period |
| All public companies | Sarbanes-Oxley (SOX) | 7 years |
| Financial services | Financial Industry Regulatory Authority (FINRA), SEC 17a-3/ 4 | 6 years |
| Healthcare | Health Insurance Portability and Accountability Act (HIPAA) | 7 years |
| Industries | Internal Revenue Service (IRS) | 7 years |
| Pharmaceutical | Food and Drug Administration (FDA) | 2 years |
| Telecommunications | Federal Communications Commission (FCC) | 2 years |
Note:
- The information given above is only a generic guideline. Seek advice from the legal and compliance authority of your region while configuring the email retention policy for your organization.
- Specific departments/ teams might require a different retention period. Consult your organization's compliance team and configure custom retention policies as per the unique requirements.
Why is email retention important?
Emails have undoubtedly become an effective mode of communication for all businesses. Organizations often send crucial and confidential business data via emails to their customers and leads. Email archival primarily ensures that data is safe from inadvertent deletion by users. Some other reasons are listed below:
- Legal Litigations - Retrieve emails based on specific conditions and submit them as a proof whenever there is a legal litigation.
- Compliance - Email retention is mandated by almost every regulatory advisory. Enabling email retention and setting up a retention policy helps you to stay compliant with industry norms.
- eDiscovery - Email retention aids admins in discovering emails during audits or using them to defend against allegations filed against your business.
- Data Management - The quantum of emails sent by businesses can be overwhelming. Using an email archival tool simplifies data management.
- Brand Reputation - The ability to search and retrieve an old email within a snap helps organizations to improve brand reputation and trust amongst their customers and stakeholders.
How do you retain emails?
Email archival solutions are in high demand in the market owing to the importance of email retention. To retain emails on a cloud-based email archival application, you should complete the routing set-up to forward a copy of your organization's emails. The common steps involved in email archival are listed below:
- Subscribe to an email archival solution.
- Provide your email provider's details.
- Set-up email routing in your email provider's admin control panel.
- Define the retention policy in the email archival application.
A copy of the emails will now be saved in the email archival application. Admins can use eDiscovery to search the archived emails, create investigations and hold as per the requirements.
Best practices in email retention
It is recommended that organizations retain emails by considering various factors such as business needs, standards mandated by the regional compliance authority, etc. A few general guidance/ best practices to safeguard your organization's email data are given below:
- Deploy a robust email security solution which can cater to your archiving needs.
- Create a policy custom-made to your organization's requirements.
- Set up custom email retention policies for specific groups of users or teams.
- Educate users about the importance of email retention.
- Update the email usage policy with the email retention information and ensure users are aware of the same.