At most companies, email is now the primary means of business communication. According to analysts at IT market analysis company Ferris Research, a staggering 25 billion non-spam email messages were sent on an average working day during 2006.

In many cases, emails contain information that could prove vital if the company finds itself in dispute with a customer or the subject of a regulatory or legal inquiry.

But how many of these emails should be retained and what should be available on demand - either to internal management or to outside authorities? The answer largely depends on the sector an organisation operates in, according to John Strachan, an email management specialist at Logicalis.

In the financial services and pharmaceutical industries, for example, there are already tight regulations governing email retention. In other sectors, retaining data for long periods can contravene certain other legislation, such as the Data Protection Act, or prove harmful to the organisation during legal proceedings.

Moreover, retention periods vary from regulation to regulation. "Smart companies archive their email according to well-defined business policies. Without controls in place, there is no way to classify this information upfront and determine the appropriate retention period," says Strachan.

For that reason, he says, many implement email archiving solutions. These systems are designed to automatically migrate email messages and attachments to a dedicated archive, compress them, remove duplicates and delete emails at the end of the stated retention period.

Email archiving systems also enable managers to search and retrieve emails quickly and efficiently if called upon to do so - and provide a full audit trail so that they can demonstrate that emails have not been tampered with.

Despite the widespread availability of such systems, however, many companies are still not up to speed on their obligations when it comes to email management, says Strachan. It's time they put that right, he says - or they run the risk of financial penalties, legal censure and a distinctly unhelpful dose of negative publicity. 

Your Comments and Questions

Tony Lees, about 1 hour ago

If you do an email campaign and someone opts out are you opted out of that campaign or the whole email marketing base? Thanks Tony

Jan Zelezinski, 6 months ago

Today, legal services providers are required to meet a number of compliance obligations. The main one in the U.K. is the Data Protection Act 1998, which specifies that personal information held electronically must be secured, only transferred appropriately, and kept for limited times. Which seems a bit vague but more detail can be obtained from the Information Commissioner at www.dataprotection.gov.uk. The DP Act also works in conjuction with the Freedom of Information Act 2000 (the “FoIA”)and these should be reserched by the firms "data controller" who is the registered individual under the terms of the DP Act and is responsible for compliance within firms that have to comply with these Acts, which will include legal cos. This is further complicated by the European Convention on Human Rights which also has jurisdiction over the use of information in the UK !! I'm not an expert but a firms "data controller" should be and is your first port of call and it's likely to be the Company Secretary or Legal Council which in a Legal firm could be a Senior Partner.

Gregory Teasdale, 6 months ago

Is there a law on how long a law firm is allowed to keep backed up emails?

Gregory Teasdale, 6 months ago

is there a law of how long a UK law firm can keep emails?

Mandy Shaw, 6 months ago

It's in the Companies Act 2006. This is the quote I have found: "Every company should list its company registration number, place of registration and registered office address on its website as a result of an update to the legislation of 1985. The information, which must be in legible characters, should also appear on order forms and in emails. Such information is already required on 'business letters' but the duty is being extended to websites, order forms and electronic documents." Don't think the main aim of this was spam prevention, but it may help a bit in separating the wheat from the chaff, I guess.

Mike Rowlands, 6 months ago

Did European legistration come into effect in April 2007, stating that all business emails must contain the following Name of sender Position of sender within the organisation Company Registration No.

Mandy Shaw, 10 months ago

I think you just have to see spam as 'noise'. The people who send it don't really expect you to buy anything, I would say they are either a) simply being paid to do it by a third party, b) looking to defraud (phishing etc.), or c) vandals. I am always surprised by the appalling quality of the product - I've often thought that someone with a modicum of common sense, reasonable grammar and spelling and some commercial nous could actually achieve a lot more than these people do ... let's be grateful for small mercies. But things have improved markedly over the last couple of years. As with anti-virus, the need for spam handling is accepted in the industry, as is the probable need to spend money on it. Therefore the anti-spammers are pretty much getting on top of the problem and, assuming the organisation puts /something/ in place, the end user can actually start to ignore spam because he/she actually hardly ever sees any. The old worry, that anti-spam measures mean proper emails get lost, does remain to some extent - I know two people who were inconvenienced by Tiscali's recent blacklisting - but there are plenty of R&D dollars in the anti-spam industry now, and I would personally say they are nearly as much on top of the problem as the anti-virus vendors. When did you last get any spam in your business email account? I don't even get that much in my hotmail account these days. (Interestingly, my husband, who has a Tiscali account, still gets loads.) The legal sanctions, especially those imposed by the EU, do help - in the U.S. spammers are harder to deal with because the anti-spam law has less teeth. All I can say, in summary, is that there's more and more spam out there but if you put an intelligent product or service in place you really ought to be able to ignore it for practical purposes.

Edward Charvet, 11 months ago

not really on the subject, but why do people do spam mail - i cant believe anyone actually buys things on the back of it...i am an avid hater of spam

Jan Zelezinski, 11 months ago

Not my area of expertise but I'm told by our IS dept that if you don't work at keeping them out then yes you can expect these sort levels. The mind boggles !!!

Edward Charvet, 11 months ago

JanZ - thats a great link - thanks for posting that. On a different note, someone yesterday quoted me that 90% of all email is spam. I am amzed at this number: is this the experience you have?

Jan Zelezinski, 11 months ago

Yes the FDA is US based but it's powers are far reaching and possibly relavent to UK Co's providing products worldwide. http://www.gmp-compliance.com/ is a good place to go for all things Pharma and compliance.

digg digg, 11 months ago

is that a uk only regulation - the FDA part looks like it is from the US?

Jan Zelezinski, 11 months ago

FDA regulation 21 CFR Part 11 addresses requirements for all things compliance wise in the computing arena for the Pharma sector including retention of electronic records, such as emails. How this effects what is permisable re email to the public at large is down to the company concerned and thier policies for external communications. Email archive systems available today will capture ALL sent and received emails if required and are can be included in a "compliant" infrastructure but it's more a case of a companies HR policies and proceedures which will dictate what is allowed and adhered to.

Edward2 Charvet2, 11 months ago

Within the Pharmaceuticals sector, does anyone know what the regulations are relating to communications with the general public? What is permisable with regard to outbound communications and what makes a communications environment compliant?

What's Your Question or Comment?

Name

Email Address

Your Website URL (please include http://)

Your Question or Comment

type the text from the image