Why email compliance?

Unless you are well versed in compliance and specifically email compliance law, the various regulations affecting email are a minefield – and an overlapping minefield at that. We further divide compliance between external compliance and “internal” compliance. External compliance applies to government imposed compliance regulations such as the following:

• RICA Act of 2002
• Sarbanes-Oxley Act of 2002
• Basel II Capital Accord
• Enterprise Act of 2000
• BS7799
• Public Law Act 104-191 Part 164
• Data Protection Act 1998
• Human Rights Act 1998
• Freedom of Information Act 2000
• Federal Rules of Legal Procedure (FRCP) 2006 (PDF)

Those responsible for the ultimate protection of data need to have confidence that complete email information can be produced within certain time periods and/or that it can be shown to be intact. If it cannot be shown that email has not been tampered with, then it is said to have lost evidential weight. In addition to this, other data regulations are related to “exposure” of personal or other business sensitive data to inappropriate parties.

Another type of compliance, “internal compliance”, is about common sense, best practice techniques to preserve email over a common retention period with the subsequent ability to retrieve email data in a cost effective, timely fashion. Many organizations today still require the retrieval of much tape media – which often depends of knowledge of when an email was said to have been sent or received. Internal compliance is a key ingredient in protecting organizations against disputes, legal claims or other litigation that may be difficult to defend without the requisite email evidence.

Whether you are concerned about “internal” compliance to protect the organizations against litigation by it’s employees, trading partners or other organization or you need to comply with government and industry email data protection regulations, your business will require the ability to accurately, and confidently perform discovery or e-discovery operations. Being able to reproduce email data quickly and show that it has not been tampered with is a key ingredient to compliance. In addition, the ability to audit privileged users, to mitigate the risk of abuse of position, is a mandatory requirement for any solution assisting with email compliance.

The Cryoserver Archive product philosophy is compliance driven and for this reason does not support the concept that emails from different sources within a business should have different retention periods. This would be to assume that emails from one part in an organization has the content of their emails restricted to a single email data protection regulation. Sales departments may refer to both personal data (“I hope your partner has recovered from their recent illness”) to financial information (“the price of the widgets is $3000”). Our philosophy is that you don’t know whether or not you need to retain an email until you need to retrieve it.

With regard to auditing, our product provides the most stringent auditing capabilities on the market with our Data Guardian technology. By ensuring that responsible Data Guardians are responsible for “watching” what people are searching for, all search attempts (only the criteria, not the results) are emailed – and as such auditable to the Data Guardian team – thus mitigating the risk of Director level collusion to read or destroy email evidence unchecked.

The Cryoserver Archive provides protection and immediate compliance to all of the above internal and external compliance regulations and processes for email data. By archiving and replicating copied email across multiple locations together with the ability to both retrieve and restore emails, the Cryoserver Archive provides a compliance driven email archiving solution. The first choice for many legal entities in the U.K., the Cryoserver Archive can save businesses significant sums in removing the dependency on tape backups (that incidentally, typically would allow inappropriate personnel access to protected information), and increasing the confidence that email data whether buried in an attachment or body of an email can be easily retrieved with the minimum of fuss.

For all the above reasons, and because of the Cryoserver Archive’s heritage in email compliance, the Cryoserver Archive solution offers one of the only forensic grade compliance solutions combined with world class, scalable email archiving storage solution available on the market today.