The Importance of Establishing an Email Retention Policy
The volume of email that is generated in today’s digital world is truly mind-boggling. About 109 billion business emails are sent and received every day from about 974 million business email accounts. Including personal emails, the total volume of email sent and received worldwide every day is close to 200 billion.
If your clients are like many Los Angeles and Southern California business owners and entrepreneurs, sometimes they might feel like there are 200 billion emails sitting in their inbox alone. That’s one reason why managing email has become one of the biggest productivity challenges for businesses and employees here in the 21st century.
But managing email goes beyond just employees and executives dealing with the hundreds (or even thousands) of emails that clutter their inboxes. It’s also important that companies establish email retention policies that dictate how and for how long emails will be stored on their servers.
A Backlog of Emails
Companies often don’t realize that emails can take up a tremendous amount of space on their internal servers. For a mid-sized company with 100 employees, it’s not unusual for hundreds of thousands — or even millions — of emails to stack up on the servers. This backlog of emails not only costs companies money in terms of additional server storage space that must be purchased and maintained, but it can also slow down the performance of the company’s computer networks and of individual employees’ computers and workstations.
Often, however, companies are hesitant to permanently delete any emails for fear that they might need them at some point in the future. In some industries (like financial services, for example), there are strict regulatory requirements that dictate exactly how emails should be stored, as well as for how long they must be stored. These companies can face serious repercussions, including large fines and the loss of licenses, if they fail to abide by these requirements.
Email security is another issue to consider when it comes to your email retention policy. Recent headlines testify to the liabilities companies face when it comes to employees’ and executives’ email accounts being hacked and their emails leaked. The co-chair of Sony Pictures recently announced that she will step down from her position due to emails she sent to a producer that were embarrassingly critical of several Hollywood stars.
Finding the Right Balance
These and other issues make it critical that mid-sized businesses create policies that govern how emails will be stored and retained. The key is finding the right balance between storing more emails than is necessary, which can be costly in terms of using excess server storage space, and not deleting emails that might be needed in the future — especially if there are industry and regulatory email storage requirements.
An email retention policy should start by considering any regulatory minimum storage requirements the business might be subject to. Different industries are regulated differently and various tax, liability and privacy regulations might apply. However, here are a few suggested email retention periods for certain types of emails:
§ Emails with data related to the IRS: 7 years
§ Emails with data related to payment cards (PCI DSS): 1 year
§ Emails with data related to state revenue departments: 3 years
§ Emails with data related to HIPAA: 6 years
Next, emails can be segmented according to any regulatory minimum storage requirements that might apply, as well as by different types of emails. For example, emails could be segmented by type of correspondence, such as client, vendor, administrative, executive, fiscal, human resources, and invoices/POs. Retention periods can be specified for each of these types of email correspondence.
An email retention policy is often part of a broader document retention policy. This policy should make clear distinctions between paper and electronic documents and how each type of document should be treated. It should also specify exactly how documents are to be permanently deleted, whether by shredding (for paper documents) or secure deletion with overwriting for emails and other electronic documents. And the policy should detail who specifically is responsible for which kinds of document destruction or deletion.
With billions of emails being sent and received every day, managing email has become one of the biggest challenges for businesses and employees in the 21st century. One critical step is to establish email retention policies that dictate how long emails will be stored on your clients’ servers. The key is finding the right balance between storing more emails than is necessary and not deleting emails that might be needed in the future. An email retention policy is often part of a broader document retention policy that distinguishes between paper and electronic documents and how each type of document should be treated. If your clients have not established an email retention policy, you should explain the benefits and encourage them to do so as quickly as possible.