Have you ever deleted an email that you needed to get hold off? Maybe at the time it didn’t seem important or maybe you deleted by accident.
Now, think about your team. Everyone manages their inboxes differently – what if they delete an important email?
Deleting a company newsletter might not matter but did you know you could be penalised for deleting certain business emails?
Some laws and industry-specific regulations require organisations to keep specific business records, including emails, for a range of 7 to 10 years. Those include The Australian Securities and Investments Commission (ASIC) Act 2001, the Corporations Act 2001, the Australian Privacy Act 1988, and the Freedom of Information Act 1982.
Now, if you thought that having your emails in Outlook meant they were retainable forever, unfortunately you’d be mistaken. There are specific set of retention rules and policies, plus backups that you need to implement to truly have peace of mind.
Here’s what you need to know about Email Retention Policies
An email retention policy is a set of system configurations that you can implement within your company to decide how long emails should be kept and how they should be managed and disposed of.
- Email retention policies are a set of guidelines that your company can use to determine how long email messages should be kept, how they should be managed, and when they should be destroyed.
- They help you comply with legal and regulatory requirements, reduce storage costs, and streamline email management processes.
- They generally cover issues such as which types of email messages should be retained, how they should be organised, who is responsible for managing and archiving them, and when they should be destroyed.
- They should be tailored to your company’s specific needs and may differ based on your industry, location, government regulations or other factors.
- It’s important to regularly review and update email retention policies to ensure they remain relevant and effective in meeting the needs of your company.
To bin or not to bin?
An email user can delete an email permanently, archive it, or keep it. If they decide to keep it, the next question is “For how long?” To answer that, let’s look at other reasons to retain emails besides the legal implications.
Companies may have policies about retention and removal of email messages. These may be for compliance with audit requirements, customer complaints resolution, or to help with an investigation.
Next, would it matter if you lost historic email? Sometimes an email message contains valuable information as a reference material or as part of historical records. (If you’ve deleted such an email, note that deleted emails can be retained for up to 30 days only, depending on your settings.)
Lastly, some emails are not deleted for business continuity purposes in case of an outage. Emails may contain important information required for the restoration of normal business operations.
Like post-it notes on the fridge
Do you leave sticky notes on your fridge door? Do you leave some on there for a while? Do they end up in the trash bin at week’s end?
Emails are like virtual post-it notes, and the fridge door is your email server. Just as you don’t keep sticky notes indefinitely, you don’t need all your email messages in your server forever. You will soon decide which ones you retain and for how long, especially when you see the cost for keeping everything forever.
Automated email retention in Microsoft
In Microsoft 365, there are ways to make email deletion and retention decisions easier. Microsoft Exchange Online has features such as auto archive, email rules, and retention policies. Let’s talk about that last one.
Your Microsoft Exchange e-mail server administrator can configure email retention policies as needed. They become the basis for automatically deleting or moving emails based on specific criteria such as age, content, or folder location. Here are the basics of how to use them:
1. Use Retention Tags.
Administrators can create retention tags, thus defining the retention period for specific types of emails or email folders. These tags can be assigned to email folders or individual emails. You can think of retention tags as “best before” or expiry labels.
2. Set Retention Policies.
Retention policies are collections of retention tags that are applied to mailboxes to enforce the retention periods defined by the tags. Unlike retention tags that are used just for selected items, retention policies are a set of rules that are applied to your entire business or to a specific department or group of users.
3. Create Managed Folders.
When a user’s mailbox is configured with a retention policy, the managed folders are automatically created in the user’s mailbox. The specified retention periods are then enforced for those folders.
A managed folder is simply a place that stores email you want to keep for a period. In Outlook, deleted items are moved to a subfolder called Deletions stored in the Recoverable Items folder. An Exchange Online mailbox keeps items for 14 days by default, they are then subject to permeant deletion after 30 days.
4. Apply Retention Holds.
Retention holds are like a pause button. They are policies applied to individual mailboxes or to groups of mailboxes to place a temporary suspend the deletion of email messages.
This is useful in legal or compliance-related scenarios where emails must be kept for a set period.
The above can work wonders for your email management overall. But just for reading this far, you get the bonus of discovering the bigger picture of data protection.
Now onto backups…
Cloud Backups: Your portable vault
Cloud data backups (or SaaS backups) are like a safe or vault containing your valuable items, that you can take anywhere. They are off-site backups that can help with your business email retention via:
- Data protection: Cloud backups ensure that your email data is stored securely offsite. This can protect from data loss due to hardware failure, accidental deletion, or other events.
- Email archiving: Cloud backup solutions often include email archiving functionality. This lets you store and access email data for an extended period, even after deletion from your email system.
- Compliance: If your business is subject to regulatory or legal requirements around data retention, a cloud backup can help you by allowing you to store and access emails for the required period.
- Disaster recovery: In case of a disaster (e.g., a server failure or a ransomware attack), cloud backup can help you quickly recover your email data and minimise disruption to your operations.
Overall, a cloud backup solution can help ensure that your email data is secure, accessible, and compliant, even if unexpected events happen.
In summary
There are many reasons to keep emails, but you don’t need to keep everything. At Lucid, we can help you:
- Identify which emails to keep and for how long
- Configure the necessary retention polices
- Implement a cloud backup solution such as Datto SaaS to ensure you’ve protected in the event that you lose your data
Talk to the experts at Lucid IT today.
You may also contact us for other ways that technology can work for your business.