Implications of Abandoned Email Archives: Part 2 - Regulatory Compliance
There are many reasons for organizations to archive employee email; for litigation preparedness, for knowledge management, for later reference, and because the organization has one or more federal or state regulatory requirements, stipulating the need to retain certain documents (records) for specific periods of time.
For highly regulated companies such as banks, energy companies, and pharmaceutical manufacturers it’s pretty obvious why the government wants certain information retained. But every company needs to pay attention to regulatory laws because, if they employ anyone, pay corporate taxes, or have investors, they have federal regulatory retention requirements.
Emails are not records!...right?
Thousands of companies over the last 15 years purchased and used email archiving solutions for both eDiscovery defense as well as for regulatory retention requirements. Because of existing compliance laws, abandoning an email archive is a risky strategy because most regulatory retention laws highlight the fact that emails can be considered regulated records. In fact, emails are the most requested document type in both eDiscovery and regulatory requests. Just recently FINRA fined Barclays $3.75 Million for systemic record and email retention failures.
As we have pointed out in the last two blogs, since the 1990s increasing regulatory requirements drove thousands of organizations to purchase email archiving solutions to protect against costly eDiscovery and regulatory requests for information. Over the years these aging email archiving solutions fell out of favor for many reasons including organizations moving to the cloud or because email archiving solution providers have gone out of business, or have been purchased by other companies that quickly ended support for the archive. Because of the sudden lack of support and for cost reasons, companies that purchased email archiving solutions had to abandon them.
Depending on answers to questions such as “when was the email archiving solution purchased and when it was abandoned (shut down)”, you may be looking at increased regulatory risk or at least huge expenses if you’re asked to produce information from an abandoned email archive.
I have to keep it for how long?
An abandoned email archive can represent increased risk if it contains email that is still within the designated retention periods and the archive is unable to be restarted. For example there are regulatory retention requirements that can run 14 years in length such as with the FAR 4.7 (Federal Acquisition Regulations) targeted at companies that sell services or products to the federal government. This means that if you had an email archive solution that you abandoned any time after the year 2000 and you had done business with the federal government during that time, you are at risk of non-compliance. Federal agencies won’t give you the benefit of the doubt when requested information can’t be produced. If you’re unable turn over the information when it’s asked for, you’ll face all kinds of nasty consequences such as fines, litigation, disruptive agency audits, potentially being forced to shut your doors, and in rare occasions, jail time.
If you’re faced with the need to get information out of your abandoned archive and you’re unable to bring it up yourself, you may be forced to pay experts large amounts of money to quickly come in, bring the archive back up and export information out in a defensible manner. These experts charge hundreds or dollars per hour (per expert) and this process could take weeks or months to complete.
Pulling your head out of the sand
If your organization does have an abandoned email archive, the smart thing to do is to migrate the data out of it into a holding repository, filter the migrated email still subject to regulatory retention, and defensibly delete everything else. By starting this process now, you can remove the risk of non-compliance and do it in your own timeframe which means you won’t be forced to pay “experts” huge sums of money to do it quickly when you have regulatory agencies breathing down your neck.
Archive360 has a proven track record of successfully, inexpensively, and quickly migrating huge amounts of Mimosa NearPoint archived email, contacts, calendar entries and public folder content to many other storage repositories with their Archive 2-Anywhere solution. If you do have an abandoned email archive (or even one you would like to shut down for cost reasons), get ahead of it and call us today.