Many policies and procedures regarding email retention date back to the late 1990’s when server space was at a premium. Retaining the data just didn’t make sense to do because it took up so much space. Today, however, a series of email retention best practices have been developed so that the content contained within the emails sent and received can be preserved for future use. Having long-term email retention policies do increase the risks of a data breach, but they can also be used to enhance B2C or B2B interactions.
1. Make Sure You Know Your Regulations.
Certain businesses are regulated in how long they can retain data. Each industry is a little different and the liability issues involved can also be a bit different. There may be document retention requirements that force your business to retain emails for a certain amount of time. That’s why the first best practice is to be aware of what you’ve got to do.
- Many state revenue departments recommend holding onto emails for a minimum of 3 years.
- The IRS recommends email retention of at least 7 years.
- HIPAA codes require email retention of at least 6 years.
If you’re in an industry that isn’t specifically regulated when it comes to digital document storage, then the default IRS recommendation is the safest option to follow because it is the longest. Otherwise maintain the standards of what is required and proceed from there.
2. Segment Your Emails.
Just because there is a recommendation to save every email for 7 years doesn’t actually mean that this needs to be done. Even when an industry is highly regulated, there may be sub-retention periods in play that will help to limit the amount of litigation risk a business may face. Most email segmentation efforts involve the type of content, what type of correspondence the email is, and what the purpose of the email happens to be.
Here are a few email retention standards to consider as examples.
- HR emails: 7 years
- AR/AP invoices: 7 years
- General correspondence: 3 years
- Spam: Instantly deleted
There are automated programs available right now that can segment these emails into their proper folders so that the data can be found quickly and efficiently. Otherwise you may just want to move the emails manually if your business is small enough.
3. You Need To Have a Formal Policy In Place.
It is important to have standards in place that everyone within the business is following when it comes to email retention. This can help to protect you against future litigation while it keeps everyone on the same page. Make sure there is a specific purpose to the policy, outline all of the retention times, and define how hard copies are stored. You’ll also want to consider defining how emails are destroyed, outline why destruction may need to be avoided, and who is responsible for each action of email retention for creation to deletion.
4. Understand What Your Costs Are Going To Be.
Although putting an email into a specific folder might not seem like it has a cost, data storage always has a cost. Each email takes up a certain amount of space and that space requires archival functions for long-term storage. Calculate how many emails your total employee base will create over the course of a year, what the average size of email happens to be, and the percentage of emails that need to be stored [some employees will receive higher amounts of spam because of their duties, skewing the data numbers].
This will help you understand how much storage you will need to reach the 7 year mark if necessary. That storage has a specific cost associated with it and then you’ll be able to budge properly.
5. Don’t Just Start Email Retention Right Now.
There are many ways an email can create a legal headache for a business. The same is true about the email retention policies that have been implemented. As the final best practice for email retention, it is important to make sure your legal gurus go through your policies and procedures with a fine-tooth comb to make sure everything meets regulations and standards that apply to the industry.
Your email retention policies and procedures will be 100% unique. There is no way to predict what the best possible outcome will be for any business. By using these best practices, however, you’ll be able to design a system that works to meet your needs.