Retaining emails - how long is too long?

12 April 2016 by Michael Nuncic

Despite the new collaborative communication tools on the market, which combine unified messaging, video and/or other social media instruments, emails are still number one both for private people as well as enterprise business use. According to the most recent Email Statistics Report of the Radicaty Group about the almost 113 billion emails were sent in 2015 for business reasons on a single day worldwide. Private individuals add another 93 billion emails to an astonishing figure of around 206 billion emails daily.

Modern enterprises rely on working email servers more than ever but have difficulties trying to cope with the ever growing amount of incoming and outgoing emails. And who thought that email is going to decrease is definitely wrong: the market researchers for Radicaty expect business emails to rise at a rate of at least 3 per cent every year to an estimated 128.8 billion emails in 2019 worldwide.

The Laws and Regulation of Incoming and Outgoing Emails

So emails are here to stay, and companies have another problem besides handling the incoming and outgoing emails: an increasing number have to be stored for long periods of time due to laws & regulations both at a national level and an international level, i.e. because of global trade agreements or the EU. With those facts in mind, and the desire to keep costs down to free storage space from unneeded emails without risking huge fines by not producing required emails if demanded by a court or regulator - emails which should have been legally retained.

Before writing your email retention policy there are several points to consider and to do:

1. Build a team

Because emails have an enormous impact on the productivity of all employees it is necessary before establishing an email retention policy to build a team of specialists from every department. Regardless of whether the emails will be retained using manual or automatic processing, every employee should have knowledge about their requirements and how they should handle emails before they are stored.

2. Check your retention requirements

Before you establish your email retention policy you should check your necessary retention times. Because there are so many laws and regulations to cover it is a wise thing to divide all to be stored emails by…

A. The duration they have to be kept

For example if some emails have to be kept for seven years, while others have only to be kept for four or two years you could create three different storage folders which can be deleted after the time has passed. This could be risky though, since in some circumstances emails which are normally required to be kept for a shorter period can have longer retention periods when they are related with another document which has a longer storage period.

In this case an alternative approach can better suit your needs:

B. Choose the longest retention period for the email

If for example an email is related to a case where long retention periods are mandatory it is a wise thing to do – even if it is sometimes not necessary – to retain every email which interlinks with it to also be stored for this long.

As pointed out before it makes sense in some cases to retain certain emails in relation to other documents but this is most likely for cases where a project is more long term. We are talking highly regulated business fields here like financial institutions, energy providers or likewise who are offering products and services that are either long-lasting or their effects (e.g, long credits and mortgages, construction of nuclear, coal or water power plants etc).

Most likely the emails an ordinary enterprise has to retain is not connected to these fields, therefore it can...

C. Segment emails

Retention periods can - as we have pointed out - vary widely therefore it can be a wise approach to store your email according to the duration they have to be kept. In this case all emails that have to be kept for four years are stored in a storage space for this duration, as other length emails are stored in different spaces or folders. According to your email retention policy these emails can then be securely deleted after the scheduled expiration date.

Appropriate email retention policy structure

With these three important points considered it is now time to write down the email retention policy. There are certain points such a data retention policy should contain. In most cases an email retention policy should include at least these points:

  • Person or department responsible for the overall email policy
  • Scope/coverage
  • Purpose of the policy
  • Procedures
  • Responsibilities and relevant persons in each department
  • Consequences (If the policy is not followed)

Lastly it is important to mention that any email retention plan depends highly on the IT environment used. Whether the company uses a highly sophisticated archiving system with not only supporting documents and other data but also emails or one uses a backup software solution and stores the to be kept data and emails on tape (and stores them in a cellar never to be seen again) is something totally different and therefore the processes for keeping the emails accessible are too!

Also, because the emails have to be accessible it is also a good idea to also cover the problem of an unexpected data loss because of a malfunction of the backup or archiving solution used! Therefore the email retention policy should go hand in hand with a proper disaster recovery plan which every company should have anyways. In case of a data loss the disaster recovery plan specifies all mandatory steps to be taken (including getting help for a professional data recovery specialist) to regain emails and data. If such a plan is not available it is likely that even though a proper email retention plan is established and running, emails needed for investigation cannot be accessed and huge fines must be paid. 

For information on our services, be sure to visit our data recovery page or contact our team today!


Call for Immediate Assistance!