Webinar Mastery Series: Email Retention Regulations in India & How Businesses can Ensure Complaince
Good. Afternoon everyone, thank. You very much for taking the time and joining in today's webinar on email. Retention regulations, in India and how businesses, can ensure compliance this. Is your host Ron, Poojari I work, as a product consultant, with mithy software I'll. Be supported today by mr. Sulu thum who happens to be the co-founder, and principal. Solution architect, at Whitley, software. Now. Up. It's, it's been observed that about 60%, of business critical information is stored, exclusively. On emails, now. This consists. Of account. Details memos. Customer. Details financial. Information and, lot, other business, related details. It's. Been observed that a lot of times, organizations. Fail to accept the importance of maintaining their email data as they are not aware of the. Exact, data retention laws which are present or available, in. The, you. Know Constitution. So. There has been a lot of speculation around, why there is a need of having an effective retention policy, for your email data and how. Exactly to choose the right retention, policy, as an organization, a. Couple, of aspects, to it, number. One would be to understand. The, need to. Retain email, data that, consists, of what are the laws or what are the compliance, requirements that organizations. Have. To abide by or, the regulations, that government, have put in to ensure the, rights of their customers, or as an organization can, be maintained the. Second one would be the benefits. Apart, from legal. Regulations. Or compliances, what are the other benefits that, email retention, can bring in as an organization, and the. Third thing is how to identify the, right retention, policy or arrangement. Now. In in today's, webinar, will primarily be, discussing, or, addressing. The first two points we. Shall highlight the various regulations, in India. That. Require, long. Term retention of email, data in. Addition, to this we. Shall address the benefits of setting a sound retention, policy in order, to protect email, data. So. What, exactly is, email. Retention. Now. Email retention. It. Involves. This, storing. Of email. Or, historical. Email or your life emails, in a logical, manner for, a specified, period of time with, on-demand. Retrieval, and recovery. So, a solution or the. Policy, that you set up should. Consist, of, arrangements. Wherein, you are able to store your, email. Data right, from the time or for the specific. Time period, that you are required to it. Could be a historical, data it could be the live data and it. Should also have the provision of easy, retrieval. Or recovery. Of that data whenever required. So. An email retention, policy, defines aspects. Such. As employee. Email storage the.
Usage, Retrieval. Of ex-employee, email, data and deletion, of the same so. We'll. Be talking more about you. Know how exactly, these, two points come into picture when it comes to the specific laws or regulations, or, compliances, that, we have in place I will. Be passing the, mic to mr. sanella --them will be taking us through the, specific, laws. Or what, are the different compliances. Which we have and. Which the organization's, would have to abide by. Thank. You Ron. So. My. My, section, in this webinar will be to kind of explain the laws, as much as, we. Have understood from, our. Research. And, our discussions, with our customers. So. What. We've done is we've selected the. They. Selected the few laws which are, commonly, applicable, across all our customers, and from. Our own research to, find out that, why. Is it that organization, India, need. To, retain, email, or even other kinds of data for, the long term so, the first law which we came across was, he is a CBI law. Ok, or the Securities, and Exchange Board of India now. This is the governing. Body for. Financial. And. Institute's. Banks, trading companies, and they, mandate, that all important. Business documents and. Email. Should be retained for a minimum of fires okay. And then are came for another three years after that so, if, you are a NBF, sea or a bank or a trading company trading. In securities, and shares then. This law becomes applicable to you right. The. Second which is a more generic, one. Its IT the, ID Act 2002. Slash 2008. So. In 2008, this was. This. Was. Amended. Okay. To even. State that email can be used as evidence under. The in Civil, Procedure Code of Criminal Procedure, Code, so in any litigation or legal. Proceeding, email. Is an admissible. Piece. Of evidence now. I I share, a story with you which is a very interesting story, from, our. From. Our customer, background that, one of our customers, which is a bank and. They. Were archiving, mail with us. They. Are carrying mail with us and they came across a case where, customer, one of the customers. File. A suit against, them for. Not not receiving a particular, notification and, this. Suit was a pretty heavy suit it was running into a few crore, of rupees but. What we could do was we could discover, that email from the, ediscovery. From. A discovery panel locate. The email for them get, it to, them as an evidence which they produce in the court of law and they actually won the case so. That is one happy customer which we have with us but, so the fact of the matter is that that. Investigation. Came up after five years so. They had they had they were maintaining, and they are maintaining data for up to ten years so that, was the level of compliance, which they were into and they are into, so this is just to indicate that even, the the, cases, like that can creep up after a few years and you have to be ready for those, as well that, is what the i-th says now whether we comply, with it or not is up to us. Third. One the. Insurance, Regulatory and Development Authority, of India this. Is the body, which. Governs. The. Insurance. Companies, and they, have got very stringent. Guidelines on, cyber, security and. Data. Security and, how, to maintain data in what, format to maintain it and what security, procedures, have to be followed for access control and data. Retention and, of. Course there are audit practices, as well so these guys have covered the, guideline covers the entire lifecycle right. From the. Customer. Inception, to, customer exit a, very. Important. Guideline. And we have studied this in depth to, understand, what they really asking for. So. If you're an insurance company, or planning to start an insurance company you. Might want to look at this you would have to look at this and comply with this before. You can get, your business on board. This. I think is a very popular one we are all aware of this, it's, actually a European. Union law, general. Data protection regulation. The. Idea being that it has to be the, companies, which. Are working with customers in the EU they. Have to be very, careful, in maintaining, and processing. The private. Personal. Data of the, customers so. And. There are many guidelines in this like the the. Policy, to store the data the policy to retire it the policy to destroy, it and, as, we. Have seen that while this applies to regular database. Applications. And transaction, data we. Now know that emails often contain, a lot of personal data. Which. Means that if, you wanna be gdpr compliant, as an organization, you would have to make sure that your emails, are, maintained.
Well. And, as, per, the gdpr guidelines this. Is an important thing for so, I would say just like the ID Act. Okay. This gdpr is more like a generic act for almost all organizations. All, right so the like a CBI, was for BFS I the. The the other two we spoke about, very. Generic and horizontal. So. In line with GDP are India's, not far behind, they have a drafted. A data protection bill in. This year itself in, April, was when they. Closed any comments, on accepting. Any comments on that but, the, guidelines in the data protection bill of 2018, are very similar, to the GDP our guidelines, and, the. Whole idea being that, the. Companies, dealing. With. Customers. In India, would have to insure. Measures. To protect the personal. Information of these users. It's. Still a draft I'm not sure when it will become a law there. Is some debate happening on this and I'm sure all of you are already aware and you can get. Some more information out. There on the web. Okay. This is a, vertical. Specific. Lord. Hippedy. Which, which, kind of became. The high tech law. After. Twelve years so. This is Health Insurance Portability, and, Accountability Act. So. The idea here is that, healthcare. Providers. This. Was actually a u.s. Act and it, applies to us, but. If. You, are working, for a US healthcare provider, as an associate. A business, associate then. Automatically. You need to be HIPAA compliant, all, right so your. Business. Would have to cater to HIPAA. Or hi-tech, if. You were to work with healthcare providers in the US. Okay. So, again, the same thing here it's, all about making. Sure that the. Personal. Information, or the health information of the. Users is properly, stored and shared in with. The guidelines now, again. Here. Mostly. Healthcare providers, would be using healthcare, IT systems, to work with, their, data. But. Email, is ubiquitous, it is used everywhere and so emails have, the potential to carry health, records as well it could be in a notification it. Could be sharing with other doctors for, a review or it, could be any such case so. Email. By. Default, has now become more like a just. Like the two. Horizontal laws, we. Have email as a very. Common data carrier, in all, verticals. So, we need to ensure that that has to be retained, as per the requirements. Of this law. MHRA. This. Is a UK, law it. Applies. To medicines. Medical. Devices and blood components, which. Which are being used in the UK so, if you are, doing. Clinical trials or. You. Know conducting, experiments, and. Your a pharma company let's say then. You need to maintain information. For, an extended, period of time if I'm not wrong it's about five years and then. If there's any litigation going on until the litigation, is over, so. This, applies more to farm and healthcare providers. This. Particular law. So. What we have found is okay so we've highlighted. Seven, laws there might be more I'm, sure there are more which. Apply to different verticals, but these are the top laws and quite generic in nature, for. That vertical, and. The. Common, thread we have seen in all these losses that they all want you to maintain electronic. Records of communication, transactions. And operations, for an extended period of time this, is a common thread and all, this should be discoverable, and recoverable, on-demand so. You, need to put in systems, which. Can help you. Achieve. You. Know make. Sure your data is retained, and is, accessible, easily, because. The lor needs it okay, so now, if. This, is if, your. Business is, in. A space like this very law mandates, that you keep data for a longer period of time and, you will have to put in a system to do that what.
Are The other benefits you can derive from this is, something, we can talk about next I'll just hand the console back to Rohan. Thank, you very much for that and, you. Know that definitely, gives. Us a lot of insight as to what kind of compliances. Or regulations, that, as. An organization, we should take into consideration, and why, would, there be and actually, need. To, maintain a. Robust. Retention, policy, or have a retention policy in place so, besides, compliances. There, are a couple of other benefits, also that. Are written an email retention, policy, can offer, which. We have you. Know run through so. The first one would be intellectual, property, rights protection so, what basically this means is email retention, can protect valuable insights, into finances. Business, plans and product. Details from being stolen in case of an in. Case of an, email or internet threats. Or, server, hacks so. In. Situations like, these a tamper-proof. Cloud archiving, solution, can actually help achieve, our, ensuring. That your. Intellectual. Property or, the. Details, which, which are there in the emails, are protected. Those, are not stolen. Another. Very important, benefit, is protection against, cyber threats so it's, a very you. Can say common, topic. That, has. Been going around since, the last couple of years nowadays. Hackers, are getting. Really smart. Irrespective. Of you. Know the firewalls, and, security measures, that we are putting, in still. A lot of instances where in your data gets. Hacked or there. Are cyber attacks happening, so. In in case of a cyber attack where. You know the data wipes out of your PC, a retention policy, can really, help safely. Recover your mail as it, is systematically, maintains. All emails, on a cloud or gaming system as a backup so. Even if tomorrow, there. There happens to be a ransomware a tag your emails are, robbed, you know kind of you don't have access to your emails, if, you. Have a robust, retention, policy, let's say for example you have an archiving, solution, in place which. Allows. You to protect, your data so. You really. Don't have to worry about losing out, the data, whenever.
Required The. Data can always, be accessed through, the archiving, solution, or the backup solution that you have in Greece. Litigations. And ediscovery, support that's another benefit, which a retention, policy can offer as an organization, so in case, of a, lawsuit. Email. Retention, can always, help, loyalist quickly retrieve old mails in an organized, manner using, a discovery, now mr.. Salloum gave a very good example which. Was a live example you. Know we we encountered. We're in the financial, institution, had to go through you, know a litigation. They. Were lucky enough that they were archiving. Their emails, where you, know they were able to dig, back retrieve. The data the. Communication, that was happened and accordingly, presented, as you. Know as a proof or to. Support, their. Side of story, so. II discovery, is. Something. Where. As. A part of the, retention policy which can help, easily. Discover. Search, and recover, old emails, of historical, emails whenever required. Internal. Dispute settlements, now, disputes. Are opportunities. You know in in case of disputes, like stakeholder. Mapping project. Management, and delivery a, lot, of times there are you know a lot of times there. Are challenges or, disputes. With. Meant comes to delivery timelines, or, you. Know performance, management, and so on so. You know having a detailed. Track of the. Email communication, can actually, help resolve, a lot of disputes, archived. Emails can help in reviewing the commitments. And conversations. To discover the truth and improve. Efficiencies, so all in all. It works, best, for the organization not, only to ensure that, you. Can track, or monitor, you. Know the commitments. Or conversations, that are happening but, overall, improve, the, efficiency, of the project if you have to refer back to some, details which you may have deleted from your primary mailboxes. Or due to some reason you don't have access to those, can be easily referred, to. Organizational. Competence, organizational. Competencies built, over discussions, information, and plans. Spanning. Along. Long. Periods, of time requiring huge efforts so much of this is captured in daily exchange of emails. Email. Retention, ensures that the entire knowledge repository. Is secure, and easily accessible, let's. Say a quick. Example would be if you start a new project it. Involves, multiple, individuals. Multiple, departments, all. This communication, is, carried traditionally. Over emails, sending, mails, to and fro ends. Up in a, huge, thread. Mail or huge. Set of emails that have been sent, or, received around an. Even. Retention, policy, will, allow organizations. To. You. Know securely. Save. All the communication. In a you. Know in a place where, that can be accessed and retrieved. Whenever, required at a later instance. So. As we, saw you, know the different laws or, compliances. That. Organizations. Would have to or are required, to abide by or, basically. The need in. Order to have, a retention policy in place and the other benefits, which a retention policy, can bring to. An organization. We, can see that apart, from archiving. Emails, to remain compliant, with, regulations a retention policy can also benefit organizations, through numerous. Other ways. Ok, so one. Of the, solutions that, we. Recommend. To. Our prospects. To you, know our acquaintances. Is volt, astok which is the cloud-based email archiving, solution, offered by McKee software, a couple, of quick, you know facts, or you. Know details. That I would like to share is, basically. Volta state Volta sztyc storage, we, are adding about 3 GB of data, email, data specifically, per second. Mythic. Cloud transacts, 2, million plus mails on a daily basis, we. Are currently managing, over 25 TB of archived, email data and all these emails are indexed, online, and so it's ready so whenever a particular, user. Or administrator needs. To access historical, data or archive data they're, able to do, it when. And whenever. Required. Basically, so. Receive index and store about. 400,000. Males per day so that's an average. Number. Of emails, that we, are storing. On a daily basis. A, quick. Run through we've. Been you, know we, have customers, as as we've been you know discussing, these, particulars. Of compliances. Is not pertaining, to a specific, industries, okay. So we have custom, made customer, base across, industries, across, sizes as you see we've got gone public companies like Indian oil we've, got big conglomerates, like Maya and Maya who, are, taking. Advantage of retention. Policies, or getting benefited, with, a solution like volt astok apart. From that we've got bowel steal we've. Got SML, Isuzu I. Simply.
Limited, Who are from the manufacturing, industry, so if you take into consideration. It's. A, horizontal. Policy. Which, almost every, organization. Should have in place to, ensure, that they, are not only compliant. But, also they. Are having. A solution which would help them retrieve or access, their historical, data whenever required a. Couple. Of core partnerships, that we boast about number, one is we are on bonus technology partners with AWS, with. That we also have partnered, with Trend Micro which, which. Which are again one of the you, know pioneers when it comes to Internet security, apart. From that we apartment with s, eyes like Hitachi, and Reddington. A couple. Of our voids, as you can see. Amazon. Partner Network Awards CIO review, at, 30 the most 30 30 most admired companies. Brand. Of the year 2016. See our outlooks, couple of recognition, that we have, so. This. Again you know would, run you back to the specific compliances, which we have discussed, and how volt, a stick or what are the specific, compliances. That volt a stick can actually, help you become. Pliant on that. Would include you know HIPAA compliance, GDP our IR. Dai. We. Also have may. Also part of MCC ia which. Is the monitory, Chamber, of Commerce. You.