Remote monitoring woman working on laptop with phone

Email retention policy examples

The simplicity of email has made it a valuable and indispensable tool for businesses of all shapes and sizes. According to The Radicati Group, “business email will account for over 132 billion emails sent and received per day by the end of 2017.” Several different industry sectors have strict data security regulatory requirements, including email retention policies. In this article, we describe several email retention policy examples and explore email solutions IT professionals can rely on to adapt to any organization’s policies.

Office space - person working with a laptop

Data retention and archiving

As companies increase their dependency on emails for daily communications, more and more of them are asking questions about how to handle this data avalanche.

  • How long must they retain emails?
  • What should they do with emails when they are no longer required for daily business operations?
  • Can emails that are no longer needed be destroyed or must they be archived for long-term retention?

As a managed service provider (MSP), you can answer these questions — and profit from them — by adding email retention services to your collection of client offerings.

People sitting in the office

Email retention policy examples by industry

Most laws require companies to retain their email from three to seven years. However, best practices recommend consultations with legal experts to determine retention periods. Such consultations should also cover whether an organization must comply with more than one regulation. For example, a hospital might have to adhere to OSHA in its medical facility, HIPAA in its medical records department and Sarbanes-Oxley (SOX) in its finance department.

The following table summarizes certain industries and the corresponding regulation and data retention period.

It support person working with laptop

A compelling reason for automated email retention

When it comes to retaining emails, companies are faced with the dilemma of whether to handle this requirement manually or automatically.

Adopting a manual email retention policy puts the burden of email retention on users. While this approach may be easy to implement, it is problematic and fraught with holes that become apparent when companies attempt to retrieve critical information. Leaving email retention to employees also reduces productivity by taking employees away from their core job responsibilities.

A better approach for your clients is to adopt an automatic email retention policy using a proven solution. Storing archived email at a central site mitigates the loss of emails that employees delete, either inadvertently or intentionally. IT staff also aren’t forced to search to hunt down an important message when it’s needed for legal reasons or for an audit.

Get more on Email Retention

Frequently Asked Questions

Why do clients need email retention?

Why do clients need email retention?

There is a myriad of reasons why clients should—and are often required to—retain emails.

Personnel, human relations, and other departments that engage with company employees work with an enormous amount of documents containing sensitive data. Email data in this case can include resumes, employment applications, reference checks, payroll information, drug tests, performance reviews, and more.

Because many of these records contain personal identification information, they are subject to a variety of federal and state regulations. Each of these laws and regulations requires records containing personal information to be retained for a specified period of time—many times after the employee leaves the company.

Some examples of additional regulations that will influence an organization’s internal email retention policy include:

  • Gramm-Leach-Bliley Act
    Affects the email and data retention policies financial institutions follow to protect sensitive consumer data
  • Health Insurance Portability and Accountability Act (HIPAA)
    Protects the privacy of patient health information, including information that is shared via email
  • Payment Card Industry Data Security Standard (PCI DSS)
    Requires “all entities that store, process, and/or transmit cardholder data” to maintain secure data retention according to technical and operational guidelines

Beyond these regulations, organizations are encouraged to retain employee records in the event they should face future litigation.

Companies that comply with federal or state regulation are subject to periodic audits and investigations that may require them to produce emails. A company that is unable to comply with such requests can be deemed as non-compliant and become vulnerable to litigation and penalties.

Email retention with N-able Mail Assure

Email retention with N-able Mail Assure

Some examples of the email retention features of N-able Mail Assure include:

  • Stores archived email in the cloud and backs it up across geographically distributed data centers in North America and Europe
  • Data centers meet SSAE or ISO regulations while delivering an impressive 99.999% uptime
  • Ensures bullet-proof security by encrypting all email being sent, received, and retained in the archive
  • All archived email is compressed during archiving and electronically sealed with a checksum to verify its authenticity and aid legal team in establishing the integrity of messages
  • Platform-agnostic and compatible with all on-premises and cloud-based email infrastructures including Microsoft Office 365 and Google Apps
  • Archived messages can be accessed directly from Microsoft Outlook via a custom plugin
  • Existing emails can be imported to N-able Mail Assure’s archives quickly and easily
  • Supports Microsoft Exchange’s Personal Storage Table (PST) file-storage format as well as mbox and EML formats

Improve your client's retention practices

Improve your client's retention practices

If your clients face litigation or compliance issues and immediately need specific email communications and attachments, would you be able to support them? Can you narrow searches to a specific range of dates and then pinpoint the records associated with the matter at hand?

N-able Mail Assure allows you to deliver the industry’s most robust archiving and searching solutions. N-able Mail Assure can be used with other data-protection solutions from N-able MSP to enrich your product offerings and offer clients a layered approach to their IT security requirements.

Support any email retention policy

  • Support your clients with an email retention tool
  • Offer industry-leading indexing and searching capabilities
  • Retained emails can be exported or forwarded out of the archive securely