A fine issued to a company for failing to retain emails demonstrates the importance of email retention as a compliance issue.
Earlier this week, the US Financial Industry Regulatory Authority (FINRA) issued a fine of $700,000 to Piper Jaffray & Co. for failing to retain approximately 4.3 million emails from November 2002 through to December 2008.
The company, a middle-market investment bank and institutional securities firm, also failed to inform FINRA of its email retention and retrieval issues, which impacted the firm's ability to comply completely with email extraction requests from FINRA.
Piper Jaffray had previously been sanctioned for email retention failures in November 2002, in a joint action by the Securities and Exchange Commission, New York Stock Exchange Regulation and NASD, arising from investigations of the firm's conflicts of interest between its investment banking and research departments.
As part of that settlement, Piper Jaffray was required to review its systems and certify that it had established systems and procedures designed to preserve electronic mail communications. The firm made that certification to regulators in March 2003. At no time did the firm alert regulators that its system was experiencing problems.
Commenting, Peter Bauer, CEO of Mimecast, said that the severity of the fine demonstrated the importance of email retention as a compliance issue in today's knowledge-based industries, where in the event of a litigation or other inquiry, a secure and audited copy of every internal and external email will need to be delivered within 24 hours of a request.
He said: “In today's knowledge economy, it is often acknowledged that corporate data is more valuable than ever. Less recognised however are the potential dangers organisations face if they fail to comply with the myriad data regulations affecting businesses, both at home and abroad.
“For instance, an organisation involved in litigation will often be asked to provide complete disclosure of all relevant emails. In the majority of cases, this needs to be completed quickly and comprehensively, in a matter of days rather than weeks. Failure to provide all the necessary data leaves organisations open to serious financial sanctions with six-figure fines now being imposed, not to mention the negative impact on business and reputation.
“With stakes this high, businesses need to make the security and accessibility of their data an absolute priority. Simply archiving all email communications isn't sufficient since, without a storage architecture that allows for rapid search and the retrieval of securely archived email data, businesses won't be able to provide the information requested in time.”