31 Mar UK legislation relating to compliance, email archiving and retention
It’s quite likely you’re aware that legislation exists surrounding email retention, but do you know which of the many regulations apply to you and your business?
Some industries are subject to more regulations than others, but nearly all companies are affected by some form of legal compliance.
Let’s look at some of the main legal requirements that are likely to affect your clients…
The Data Protection Act 1998 (“The DPA”)
The DPA applies to both public and private organisations and gives the public the right to ask for details of personal information held relating to them by an organisation.
If a DPA request is received then a business’s email records will need to be accessed and checked as to whether any personal information is contained within it. Requests must be complied with within 40 days, so to minimise the time spent searching through records a quick, reliable and trustworthy email retrieval system would be extremely beneficial.
The Act also requires businesses to ensure that they taken appropriate technical measures to protect any personal data they hold from being misused, lost or damaged.
Any email archiving solution must therefore protect against emails being deleted by accident or on purpose.
The Freedom of Information Act
The Freedom of Information Act 2000 (FOIA) came into force on 1st January 2005 and along with the Environmental Information Regulations, gives the public rights of access to all recorded information including emails held by public authorities.
Those in the public sector include government bodies, educational bodies whether universities or nurseries and even NHS doctors, opticians, dentists etc. They all need a quick and reliable method to search and retrieve their email data especially as these requests must be complied with within a strict timetable of 20 working days.
An employer could risk an award of up to £72,300 being made against it by an Employment Tribunal if an employee brings a successful unfair dismissal claim against it.
Employers however need to be able to take appropriate action against an employee’s misconduct e.g. an employee maliciously deleting emails, or sending inappropriate or abusive emails. To safely take action the employer must have appropriate polices in place along with reliable evidence of an employee’s wrongdoings.
Emails can be submitted as evidence however the tribunal may dismiss such evidence if it is shown to be from an unreliable or insecure system. It would therefore be invaluable to have an email archive system which uses encryption and other measures to ensure that the email archive is tamper-proof and secure.
Similarly a business could be at risk for up to 6 years if they cannot produce evidence which may be contained in an email for the purposes of auditing or litigation purposes.
The confirmation of a particular order, a change of price or a change to the standard terms and conditions may all be contained in email correspondence. When someone can bring a claim for breach of contract up to 6 years later the ability to have an accurate audit trial of emails is essential to quickly and easily ascertain the strength of any dispute. This is particularly important in the construction industry which is prone to litigation.
Industry Specific Regulation
Different industries have their own regulatory bodies and businesses must comply with their own industry specific regulations. For example the financial services industry is governed by the Financial Services Authority which requires all business emails sent and received to be stored for up to 6 year and some emails must be kept indefinitely.
Companies may even be affected by legislation from other countries e.g. the States passed the Sarbanes-Oxley Act which introduced stricter financial reporting requirements following the Enron scandal. This Act can also apply to UK companies if they are subsidiaries of certain US companies and places requirements to retain business critical emails.
So what does the future hold? There is always the possibility of new legislation coming into force which may be applied retrospectively e.g. the Freedom of Information came into force in 2005 but applies to records held prior to this date.
Moving forward it is clear that businesses need an email retention policy requiring the retention of emails for at least 6 years or longer supported by a suitable email archiving solution such as MailStore.
MailStore Server for Email Archiving
MailStore Server is just one of the email archiving products out there that is certified as being audit compliant and that includes auditor tools.
I hope you found this a useful guide for reference, please leave me a comment or get in touch if you’ve got any questions about email archiving.
Disclaimer: We hope you have found this blog useful but please note that it is not intended to provide you with legal advice. It is an overview only of some of the legal issues that currently relate to the management of a business’s email records.
Author: Seema McWilliam