Comply with Email retention regulations in India and cut costs using cloud email archiving
Articles Blog

Comply with Email retention regulations in India and cut costs using cloud email archiving

January 8, 2020


Hi good afternoon everyone we would be
taking you all through the email retention regulations in India and how
to ensure business compliance as well as cut cost with cloud email archiving. So
as we discussed earlier this webinar would be covering the various email
retention regulations that India already has and some of the potential ones that
are going to be introduced sooner rather than later. In addition we also would be
covering the benefits of setting a sound retention policy so that you can
maintain and protect your entire email data in a single reliable data
repository. So as Niharika had stated earlier we can quickly conduct a poll
wherein it’s a simple question and as you can see you all just have to select
any one out of the three options so that we can get to know as to what’s the
scenario with our audience on these days. okay I’m so I’m just launching the poll
kindly respond. Let it run for a moment sorry it will run for a minute
and you’ll have more than enough time to think it through and at this point. So
right now as you all can see if there is one trend that I can see right away
is that majority of y’all are not sure and we can totally relate to this
because data security or data retention is very new specifically in India and if
we look at global organizations that the kind of outcry that has been going on
with respect to the data getting stolen with the whistleblowers coming up with
various data points every now and then we look at Panama papers we look at
Cambridge Analytica with the Facebook scandal so we know that people over
there are quite sensitive in nature and that’s the reason government are also
heavily regulating and enforcing such regulations.
Over here the things have started to move on and what we can see as we are
moving more and more towards digital economy it is only going to grow and as
I can see some of you all are already getting regulated and having such
policies in place and the ones who are completely negating the fact that it
does your organization need to comply your you must be right but I just as I
stated earlier it’s only a matter of time we’re in it would be enforced for
every form that that has an IT infrastructure that is running business
digitally as simple as having a website. If your firm has a website you will be
coming under such regulations pretty soon and we will expand upon this as we
go so let’s start with the actual content. So what is email retention, just
let’s first understand and define yes so what do you mean by email retention once
we establish this fact probably you’d be able to come on the same page and your
clarity would be a lot better because we are talking about not random regulation
but email retention regulation okay so it involves email retention involves the
storing of historical email in a logical format okay because a lot of you must be
you’re storing it as of now but is there a sequence to that is there a trend to
that is there a logic to that because you are storing it for specified period
of time and you would want to retain or sorry retrieve it and recover it
whenever you wish so that’s the reason having a design in
place having an application and infrastructure in place so that you can
go ahead and recover and discover information wherever you want is why
email retention is getting imperative in in terms of our business dealings. So an
email retention policy defines various aspects such as employee email
storage, its usage, retrieval as well as the retention of past data with respect
to your ex employees okay and it also concerns the deletion of the same so at
times it’s not only about maintaining but it’s also it also should be deleted
in a safe and a secure manner so that there’s no leakage as such. Now let’s
have a look at some of these regulations that we were talking about for past ten
minutes. To start with SEBI regulations, we all are aware of
what SEBI means Securities and Exchange Board of India. Any organization that is
listed on the on the stock exchanges are directly coming under the
purview and more so the bank’s the NBFCs various trading companies the
mutual fund sources management firms and various organizations now what it says
is that it mandates the system… a systematic categorization review and
retention of all the important business documents for a period of five years so
they are very specific they say that you need to maintain it for five years in
company system and then after that you need to keep it for a period of three
years in an archive format. Similarly if you speak about IT Act 2000 it
states that it got again, it it was amended in 2008 but the entire Act
states that the use of electronic records including email and various
other digital records that you have should, can be used as an evidence okay
under Indian Evidence Act 1872 which can be a Civil Procedure Code or a Criminal
Procedure Code you can act if you have any piece of data or any commitment on
an email you can go ahead and submit it in a court of law and can it’s a
completely valid proof that you have and it’s a generic law it’s again it’s
applicable to every organization with an IT infrastructure. Now coming specific to insurance domain they are as we know
regulated by IRDAI and again with respect to their guidelines information
and cybersecurity for insurance because they are not only maintaining the
medical data but they also have a lot of personal data as far as the various
stakeholders are concerned. So if you have taken out the insurance you must
very well be knowing that you also need to go ahead and give a lot of financial
documents you need to present that data you need to share that data and the
other ones who are responsible for it so safeguarding such data to be leaked in
market to be misused say for any purpose that’s the reason they are coming up
heavily they’re coming of heavily though for the ones who are not going ahead and
complying with such regulations so if you see I’ll expand upon the fact later
as to how RBI is penalizing various organizations these days that that’s one
of the points that we would be covering but let me first take you through the
GDPR regulation what does it mean is it’s a general data protection
regulation it was established in the month of May last year and it was quite a
buzzword in the industry so if you are dealing with any European client and if
you have aspirations of expanding locally then there is no way out of this
you would have to compulsorily comply with GDPR because again it’s the entire
fact lies over there that the businesses are made of people, people have
personal lives, a lot of the data gets exchanged over digital means and once
any data any personal data is getting shared getting stored getting saved over
there then yes you cannot misuse it without the person’s knowledge
that is the reason if you are expanding abroad you should be coming across this
term more often than not so that’s the reason if you see the
last point emails contain a lot of personal data that’s what it pins down.
Now in line with the same thing in fact a draft of data protection bill Indian
data protection bill has already witnessed a introduced at the Parliament
so this bill is going to mandate any entity that is possessing and processing
personal data that they need to ensure that that storage is in India within
geographical boundaries and it should be serving certain security related
regulations so central government should be notifying this. Soon that the.. there
are various categories under which the personal data would be stored and you
need to maintain that. Talking about Health Insurance Portability and
Accountability Act it’s the HIPAA regulation as we I mean
I’m sure that there would be lot of health care professionals you’re or
healthcare or into insurance again but this is an American law it’s it’s a if
you can see the last statement here the retention period of medical records
depends upon the medical laws in a particular US state okay but as we know
even with respect to various consultancy firms or consulting firms rather the
ones who are having such health care giants as their clients the they
necessarily need to comply to HIPAA regulation as an extension, so not only
the ones who are directly getting regulated even their allies the
businesses that are dealing with them need to be completely compliant to such
regulations similarly it’s it’s a it’s a counterpart of HIPAA but it’s of UK
medicines and Healthcare Products regulatory agency is the same
thing it’s like an epidemic it is spreading India is yet to catch up but
very soon maybe as soon as by the end of this year we’d
see it everywhere so what’s the common ground if you see the common denominator
you can see that it all mandates one to maintain the
electronic records of communication critical transaction as well as
operations and that too not for a year or two but for extended period of time also
if we if we share with you our experience and technology market
search firm known as the Radicati has also predicted that by the end of this
year 2020 75% of the organization’s would be treating their archived data as
an in line data source so you would have to refer back to their old emails
because there are multiple business critical documents and exchanges that
has happened over there so not with respect to compliance it also adds a lot
of value in terms of maintaining the data and leveraging the power to it, power
of it so yeah so moving on coming back to these regulations per se there we
just happen to discuss five main categories which covered if you can see
the domains of the FSI insurance any firm with global aspirations health care
and the IT Act which is sort of an umbrella regulation if you are running
your business in a digital format you are coming under it. so taking all these
things into purview can you please let us know as to which exact regulation is
being applied to you we would again launch it for a minute and you’d get to know as
to what we are moving towards. So I’m just closing this poll for now and I’m
sharing the results again. So what we can see over here is majority of you all I
believe I don’t have the exact count here but it is as per the trends a lot
of you all are coming under BFSI and and BFSI as a regulation oh sorry as
a domain and a lot you are also having a lot of
international dealings so no wonder you are aware of GDPR and the SEBI, IRDAI and
IT Act. IT Act more so because it’s an umbrella regulation as I said earlier it
it goes ahead and it you do not have to belong to a particular domain as such or
in an industry as such you are getting regulated by them if you are running
your business in a digital format so with that in mind let’s go ahead and
share some more a data points with you all so that and I also would like to
reiterate that if y’all are having any questions kindly note it down please make
sure that you put it across as much as you can as well can so that we would be
able to cover a lot of points from various angles because a lot of times
some other won’t some other people won’t be getting the same queries but
might have it at the back end so I strongly encourage you all to post
as many queries as possible so as we discussed
apart from compliance I had touched upon this fact when he had started that apart
from compliance there are some other benefits that we would be discussing of
having an email retention policy in place a sound one. So what it does it
safeguards your intellectual property rights we can see that a lot of your
business critical documents are also your IP intellectual property which needs to
be safeguarded at all points in time so it might have your insights with
finances with business plans with designs and with product details from
being stolen. So if you want sorry not from being stolen but product details
would come under one of those critical documents that we are talking about so
if you want to if you want your data to be safeguarded against any of such
attacks which we are seeing every now and then you should be having a strong
retention policy because an email is sort of a gateway
into your organization if anyone would want to intrude the easiest way is to
enter through an email unless and until you are having a very strong solution in
place there’s a high chance of it getting hacked so that’s the reason and
the high chance of the data being stolen and deleted so having a strong retention
policy would mean that you are having such archival solution in place so even
if there is say an accident or say a malicious attempt by anyone your IP
details are safe with you. Protection against cyber theft, this more or less
covers the same thing because it can we were talking about hacking through the
email but at times a cyber attack can also wipe out your PC altogether so that if
you are feeling that okay you’re all the data is on your endpoint
it also can get wiped off very easily that too in a remote fashion so if you
are having all your data in one single repository with definitely a DR
mechanism in place that to at a third party infrastructure you are just
creating more redundancies to that data see hence in extension making sure that
whenever such things happen you are completely safe. Litigation and ediscovery
support as we said earlier that in a case of a lawsuit an email attention can
always help lawyers quickly retrieve their own emails and that too in a
matter of seconds not only are you going ahead or sorry in fact, in fact
you’re going back in time you are going as back as say five to six to ten years
and you are still able to retrieve the data in a matter of three to four
seconds through a very powerful tool which is known as Ediscovery and yes
of course when we speak about disputes rather than only talking about external
threats there are also a lot of internal dispute at times so having a strong
policy having a strong solution in place can also be leveraged
against such internal disputes so because there are multiple stakeholders
always involved you can never ascertain the veracity
unless and until you have got the proof so this is something which gives you
solid data to back your claim or argument and yes that last but not the least
it’s the organizational competence that we are speaking about it has built over
discussion it is built it’s all about collaborating exchanging information and
designing plans which span for long periods of time and it all requires huge
efforts much of this is again carried on daily exchange of emails you can see
your own mail trails must be running for say 45 to 50 emails at a time if there
are multiple people involved and any of one of them responding can generate an
email for you and such emails is something we can see on an average an
average business user this days is sending or receiving mails to the tune
of 126 business emails per day yes we know that for some it must be low for
some it would be large but if you see on an org wide or an industry by trend
that’s what the trend lies so we can therefore see that apart from archiving
needs to remain compliant with regulations a policy can benefit your
organization through multiple other ways. Now we’ll just cover as to why our
product deals in the same and how it add values to your organization because it’s
getting adopted at a very high rate as we speak the storage itself is growing
at a rate of 3 GB per second the entire data that we are managing for our
clients is growing at this speed so by the time we end probably the data
storage would grow by a..to the tune of 3 TB so Mithi cloud we we are
transacting over 2 million plus mails daily we are managing over 25TB of archived email so when we spoke about the earlier data point it
was all about the live mails that are being transacted but in the Vaultastic itself
we are managing currently over 25 TB of archived email and we are receiving we
are indexing and storing about point four million mails a day. So there is a
long list of customers that we have it across the industries across the globe
across the domains and especially when we speak about email regulation I would
be honest to say that a chunk of our current a chunk of our current clients
lie from the BFSI and from the healthcare space. There are multiple
partners and resellers that we are currently dealing with so if you are
leveraging any of these huge system integrators say like Wipro and Accenture
you can go ahead and leverage a solution through that we are also available on
various marketplaces we are also working with a lot of resellers and distributors
so you can go ahead and if you are I mean I’m sure that there will be
multiple partners here if you would want to look at a partnership we can
definitely explore that route as well yeah it just speaks about a couple of
recognitions to token of appreciation that we have received from government as
well as the corporate industry we’ve received certifications as you know I am
if I just didn’t happen to cover it and you don’t know the entire solution is
being hosted on AWS and not only are we merely hosting it on AWS
servers we are also leveraging over 30 odd managed services which makes it
really an engineered solution in place the entire data while being stored at
Vaultastic is getting encrypted at rest as well as in transit so nobody at the
backend from Mithi or from AWS can actually go ahead and look at your
content so that is something we need to ensure as our compliance to our clients
so we even we ourselves are compliant to GDPR and that’s the reason our products
can get you compliant to such regulations so for us to extend any search service
we first need to maintain that we ourselves are compliant to all these
huge regulations that we spoke about.

Leave a Reply

Your email address will not be published. Required fields are marked *