Email Retention Requirements Explained

Email retention laws in the United States require business enterprises to keep copies of all email messages} for numerous years, in case they are needed as part of any future investigation.

There are federal laws which are applicable to other organizations and groups, data retention laws and regulations for certain industries, and also a swathe of email retention laws in the United States at the state level. Ensuring compliance with all of the email retention laws is crucial. Non-compliance could prove tremendously costly. Multi-million-dollar fines await groups who breach federal legislation.

Many files, including email, need to be kept by U.S. organizations, in order to be used in future court actions or for eDiscovery requests. Not only are substantial fines issued, groups may face criminal proceedings if specific info is erased.

For years, U.S groups have already been obligated to store documents. Document retention laws are incorporated in several legislative acts such as for example the Civil Rights Act of 1964, the Executive Order 11246 of 1965, the Freedom of Information Act of 1967, the Occupational Safety and Health Act of 1970, and the Reform and Control Act of 1986; however, around ten years ago, data retention laws in the United States have been updated to enhance the meaning} of documents to incorporate ‘electronic’ communications such as for example, email messages and email attachments.

In order to boost awareness of the various} email retention laws in the United States, we have created a summary in this piece. You need to keep in mind that this is for information purposes only and does not constitute legal advice. For legal counsel on data retention laws in the United States, we suggest you get in contact with your legal representatives. Industry and federal digital data as well as email retention legislation in the United States may also be subject to amendment. Up to date information must be sought from your legal team.

As you should see on the list, there are many federal, industry-specific email retention legislative acts in the United States. These laws apply to email messages received as well as shared, and also internal and external emails.

Email retention legislation Who it is applicable to How long emails must be kept
IRS Regulations All companies 7 Years
Freedom of Information Act (FOIA) Federal, state, and local agencies 3 Years
Sarbanes Oxley Act (SOX) All public companies 7 Years
Department of Defense (DOD) Regulations DOD contractors 3 Years
Federal Communications Commission (FCC) Regulations Telecommunications companies 2 Years
Federal Deposit Insurance Corporation (FDIC) Regulations Banks 5 Years
Food and Drug Administration (FDA) Regulations Pharmaceutical firms, food manufacturers, food storage and distribution firms, manufacturers of biological products Minimum of 5 years rising to 35 years
Gramm-Leach-Bliley Act Banks and Financial Institutions 7 Years
Health Insurance Portability and Accountability Act (HIPAA) Healthcare groups (Healthcare providers, health insurers, healthcare clearinghouses and business associates of covered bodies) 7 Years
Payment Card Industry Data Security Standard (PCI DSS) Credit card businesses and credit card processing groups 1 Year
Securities and Exchange Commission (SEC) Regulations Investment banks, investment advisors, brokers, dealers, insurance agents & securities companies Minimum of 7 years up to a lifetime

Email retention legislation in the U.S. which is utilized by every one of the fifty states are beyond the scope of this post. There are also European Union laws like GDPR to consider.

Storing emails for a couple of years will not take up masses of storage for a tiny business with {a couple|a few staff members. Nonetheless the greater number of employees a team has, the higher the need for wide-ranging resources simply to save emails. The typical size of an organization might simply be 10KB, but multiply that by 123 – the normal amount of messages sent and received every single day by an average business enterprise user in 2016 Radicati email statistics report 2015-2019, and also over 365 days annually, and by the amount of years that those emails need to be managed, as well as the storage requirements start to be huge.

If any emails have to be retrieved, it is essential that the installed email archive may be browsed. With regular backups this can take a long time.

For that, an email archive is important. Email archives include structured email data that can conveniently be checked and searched. If ever an eDiscovery order is submitted, finding all the} email correspondence is a straightforward and quick mission task. Because so many email archives are cloud based, in addition they do not call for long storage solutions. Emails are saved in the cloud, with the area offered by the service supplier.