A Comparison of Email Backup Policy of Popular Email Services

November 1st, 2017

Do you use email backup in your practice? Make a smart choice by comparing the backup policies of popular email solution providers.

Privacy concerns are constantly rising especially following the revelations by Edward Snowden. Now, the big question is “Do the popular email services in the US retain your data forever?” In order to find an appropriate answer, we examined the email backup policies of 7 popular providers.

Data breaches and privacy concerns make headlines for they have a direct impact on an individual’s private life. Going by the news of mass surveillance by government authorities, it is natural for you to be extra cautious about protecting your privacy. After all, nobody wants to get exposed although a bit of exhibitionism resides in each of us.

The US government is pressing technology giants to reveal what they have in their “box” (or your inbox). Apple reported that it received the highest number of security requests for data from the US government this year.

Considering the “attacks” from both the government and hackers, it is imperative for you to learn how these email services ensure that your data remain safe.

A Quick Overview of Email Backup and How It is Different from Email Archiving

Email backups are an integral part of email protection, where the provider stores a copy or snapshot of critical email files and databases. In case of data loss due to a cyber attack, hardware failure, user error, or other potential causes, these snapshots help to restore the lost data.

Don’t confuse email backup with email archiving. Email archiving stores all sent and received messages in an easily searchable, geographically separate repository. Most notably, you cannot modify or delete the archived emails, you can only read them.

So, what’s the difference? Unlike email archiving, which stores your entire email history, email backups store those messages that were in your email folders at specific points in time.  For example, a message that arrives and is deleted between backups will not be in any email backups, but it would be in your email archives.

The Email Backup and Retention Policies of 7 Major Email Solution Providers

Parameters of Comparison LuxSci Google

 

Office365 RackSpace Mail
Data Retention Period 4 weeks or as long as you want (for additional fees). Automatic deletion of email after 30 days. No automated retention policy, but can be configured. 14 days
Data Recovery As long as the data is retained. Data restoration for deleted email is limited to 30 days for end users.

 

Within 14 days of deletion while admin can extend the duration to 30 days. Can retrieve email from the Control Panel for up to 14 days. Also, users can restore an entire deleted mailbox for up to 30 days.
Manual Purging or Auto Purging LuxSci does not ever purge anything from your folders by default. You can, however, configure automated custom purges based on message age or folder size on a per-folder basis. Google keeps data for 25 days after trash is emptied. 14 days Permissioned users can perform on-demand purges on archived file data.
Recycle Bin/ Deleted Items Storage 25 GB to unlimited space depending on the charge you pay Storage limit is 30. GB per user (across all Drive, Gmail, and Photos accounts). Microsoft can be configured to automatically archive or delete data when storage quotas are met. Max Rackspace Email Storage is 25 GB.
User Account Deletion Luxsci keeps data for 4+ weeks after account deletion. Google keeps data for deleted accounts for 5 days. Microsoft keeps data for deleted accounts for 30 days. We could not determine the exact duration of data storage after account deletion in Rackspace. Rackspace says it is not liable for data loss if you do not have a copy of your data outside of our Cloud infrastructure.
Data redundancy and separate backups? Yes. LuxSci keeps TWO separate backups. Daily backups on site, close to your server for fastest restores. Weekly backups kept off site for geographic redundancy.* Yes Yes, but the backups are only for internal purpose. If you purge data either automatically or manually, you will lose it forever. Yes

*Geographic redundancy (GR) service is part of disaster recovery plan. It allows the data to be replicated between two distant sites. The applications can switch from one site to another. GR is essential for businesses as they use a large of sensitive data which they should not lose at any cost.

 

Parameters of Comparison FastMail Hushmail GoDaddy Email
Data Retention Period 7 days 3 weeks 14 days for US email plans.
Data Recovery Retain backups of deleted messages for at least a week Within 3 weeks after deletion of the email or account. 14 days.
Manual Purging or Auto Purging You can set up Auto-Purge which will automatically purge the folder within the preset time. HushMail can auto purge any threats like a virus. To close and delete the account permanently, click here. Allows manual purging.
Recycle Bin/ Deleted Items Storage Depends on your account plan. Details here. Hushmail Premium and Hushmail Business accounts can store up to 10 GB of data. The free version provides storage limit of 25 MB. 1 GB for personal email accounts and 2 GB for Deluxe accounts.
User Account Deletion Permanent loss of data after 7 days of account deletion. Email and data may reside in HushMail backups for up to three weeks following the deletion. However, the records of the activities can remain there for about 18 months. After that, it will be removed permanently. When you delete a GoDaddy account, all of your personally identifiable information (PII) is placed in “deactivated” status on the GoDaddy databases. But, the PII is still retained by GoDaddy and may be used to settle a legal dispute.
Data redundancy and separate backups? Yes. However, they remain in the backups only for 7 days. Hushmail backups the data but has no provision of geographic redundancy. Yes

 

Can You Recover Data that You Deleted Years Ago?

Well, looking at the current features and privacy terms of the service providers, it is quite unlikely that you will be able to recover the data that has exceeded the maximum time limit for recovery.

 

Do the Email Solution Providers Need to Comply with HIPAA and other regulations?

Of course. The type of compliance depends on the specific sectors that the data belong to. For example, if you are collaborating with an email solution provider to back up health information related emails, the providers should be HIPAA-compliant and sign a business associate agreement (BAA).

Likewise, FERPA (The Family Educational Rights and Privacy Act of 1974) oversees the emails that use the education records of students. If you deal with credit card data, the provider must comply with PCI.

Note that when you close your account with your email provider, the provider no longer has any obligation to preserve your email archives.  It is up to you to ensure that you maintain your email archives to the duration required by law and to take measures to preserve archived email when you change email providers.

Looking for a HIPAA-compliant Email Solution to Backup Your Email?

Try Luxsci’s backups and restores. Its standard backups are 7 complete daily copies (last 7 days) on site and 4 complete weekly backups (last 4 weeks) off-site. Moreover, we will restore folders free upon request.

Try LuxSci Now