Data Retention: Are Your Customer’s in Compliance? – ExchangeDefender Blog

August 23, 2013

Data Retention: Are Your Customer’s in Compliance?

Filed under: Consulting — vlad @ 10:07 am

Data retention and compliance archiving requirements can be a frustrating and easily misunderstood topic, especially when discussing these requirements with customers. What should be understood is that almost every business and organization falls into some type of retention requirement. Whether it is a business that accepts credit cards, or an organization that has employees, a company that deals with financials, or a shop that collects customer information; all are required to maintain records for a certain amount of time to stay in compliance with local, state, and federal laws.

Email, being a significant form of communication and means of transferring data, falls into the retention policy of most laws that require retention of “records.” This makes email compliance archiving a required solution for most businesses.

Beyond regulatory requirements, e-discovery and legal discovery rules mandated by the federal courts, requires compliance with these rules and provides specific limited time to obtain requested records. The cost of e-discovery without a proper archiving and retention policy can be astronomical, considering time and forensic requirements.

Certain industries as well as local, state, and federal governments are highly regulated through legal compliance such as HIPAA for health and patient records, FINRA for financial information, IRS, SOX, SEC, The US Patriot Act, and thousands more. Though other industries are not as heavily regulated, with the vast amount of regulatory laws that are on the books, just about every business is required to comply in one way or another.

Click to zoomThe following example is just a small sample of the thousands of data retention requirement laws that are currently in effect.

MSP’s and IT solution companies have a significant opportunity to educate and provide compliance and archiving solutions to ensure customers are meeting necessary requirements. The opportunity provides for adding an additional recurring revenue stream for hosted cloud-based archiving and compliance products, as well as potential project revenue for designing and implementing a company wide retention policy.

While there are hardware-based solutions on the market, the cost of hardware, licensing, installation, and maintenance makes them a much harder sell to customers. Comparatively, cloud-based solutions offer all of the protection, required access, and security without upfront costs, maintenance requirements, and storage limitations.

Though there are a number of cloud-based vendors to choose from, it is important to understand the differences between compliance and archiving solutions from a provider like ExchangeDefender and other cloud solution providers. ExchangeDefender will provide its partners with a Business Associate Agreement also known as a (BAA), which is required for HIPAA compliance. Other providers are quick to point fingers and often times resell 3rd party solutions branded as their own providing little recourse and protection for their partners. As well, some other vendors are not providing solutions that are hosted utilizing SSAE16 standards and auditing practices and procedures.

Compliance and archiving solutions are becoming a necessary requirement for all businesses. As an MSP or IT Solution provider, standardizing on an offering that includes this critical component is an important step in providing the best protection and service for your customers. Whether a business is micro, small, medium, or an enterprise-sized company, the threat of litigation, government compliance, or imposed fines is always a possibility. On top of all of this, providing archiving and compliance as a standard solution for customers provides an additional layer of disaster recovery by providing offsite and hosted availability to customer email information.

Since very few businesses are in compliance, the opportunity to present and provide solutions to customers is great. Begin educating by marketing compliance requirements through typical marketing outlets, discussing these issues with customers at Quarterly Business Reviews, and including compliance and archiving solutions built into managed service deployments. By providing this level of service you will not only be protecting your customers, but you will be protecting yourself as their IT provider.