Emails are the number one means of business communication. As such, they contain business-related data. Various national laws all over the world require legally compliant archiving, while IT security strategy calls for backing up the email server. IT decision-makers should take care not to overlook data protection in the process.
Email remains the most important means of communication within organizations, despite the increasing use of instant messaging and social collaboration tools in companies. The Radicati Group reports that 116.4 billion business emails are sent and received every day around the world in 2016. The international technology market research firm predicts that the total will increase to 128.8 billion by 2019. In view of these numbers and the legal requirements for archiving business emails, IT decision-makers are required to integrate email archiving into their strategic IT planning. This is because the increase in electronic correspondence has resulted in large volumes of data that need to be backed up and archived in a legally secure manner due to their business relevance. When dealing with globally active companies, IT decision-makers should not overlook the fact that compliance requirements differ from country to country. The legal requirements are especially strict in the DACH region.
The difference between backup and archiving
IT supervisors are on thin ice when they rely on the following principle: “We already back up our email server, so there’s no need to archive separately.” Backup is no substitute for legally compliant archiving! The basic idea behind every archiving operation is to ensure that data is retrievable and available, even over a long period of time. Companies process invoices, quotes, and requests for support and appointments via email day in, day out. In Germany for instance the GoBD requires that these emails be fully available at all times over many years in their original, tamper-proof form. This is precisely what email archiving does and what differentiates it fundamentally from a backup, whose sole purpose is to secure important data within a limited time period and to preserve it so that it can be restored as needed. Backups on external data storage devices cannot satisfy this requirement because they cannot ensure complete, tamper-proof storage of all emails, as the emails can be deleted immediately upon receipt or before a backup. In contrast, a professional email archiving solution stores exact copies of all emails in a central archive to ensure the availability of any amount of data for many years to come. Measures such as hash values and encryption ensure legally mandated protection against tampering. For example, users can also access their emails in Microsoft Outlook and quickly search, find, and restore them using full-text indexing, thanks to seamless integration.
Data protection must be ensured
To avoid conflicts with data protection regulations when archiving incoming and outgoing emails, we recommend prohibiting the use of private email or requiring that employees use only external email services. To be on the safe side from a legal standpoint, this policy must be specified in writing, monitored, and consistently implemented. The policy can be specified in writing, for example, in guidelines for using the company’s IT infrastructure, in a company agreement, an employee’s declaration of consent, or an individual employment contract.
Backups cannot replace archiving and email archiving is not capable of replacing traditional backup tasks. It goes without saying that backups remain important, as even legally compliant archives need to be backed up. There is no escaping the fact that the IT strategies of security-minded CIOs and IT supervisors should not fail to include backups as well as legally compliant email archiving in order to ensure swift and complete disaster recovery and to avoid legal risks.
This article was published in the German IT magazin IT Director and on it-zoom.de:
Comments are closed.