Recently, we have talked about the importance of properly managing electronic signatures and their acquisition, since they have increasingly become an essential tool for performing a variety of activities and especially in the conclusion of contracts. Another tool that we have been using in an even larger way, and for some time now, are emails and PECs. Ordinary and certified mail are used by everyone in their daily lives, whether for work, in correspondence with institutions or between colleagues, and for communication with suppliers and customers. As it often happens when the use of a tool becomes almost automatic and taken for granted, we don’t always focus on its criticality and the precautions that we should take in using it.
Especially in the business environment, properly managing the digital preservation of emails and PECs that are relevant to our business is of crucial importance. On the one hand, it is important that we’re always able to have access to and be able to quickly retrieve all the information we need to carry out our business. On the other hand, it is important to remember that there are regulatory requirements that govern the digital preservation of email messages. Properly maintaining our electronic correspondence, therefore, is not only functional but also necessary to protect our interests before the law and to ensure that we’re always prepared and unsurprised for any eventuality. Electronic mail messages, in fact, are considered a form of business correspondence and often represent an element of proof of the relationships with companies, customers, and suppliers, very often the only one we have.
The rules governing the digital preservation of email and PECs
The rules that require the preservation of correspondence that has commercial and legal relevance and, therefore, also of email and PECs, are contained in three regulatory texts:
- The Civil Code, in article 2214
- Presidential Decree 600/1973, article 22
- The D.lgs. of 7 March 2005, n. 82, the so-called Digital Administration Code (CAD – Codice dell’Amministrazione Digitale)
The regulations clarify the definition of correspondence to include both the communication received and the copy of the one sent: in the case of email and PEC, it is no longer a copy, of course, but the message sent. In any case, it is correspondence that must be kept for at least 10 years, like all other records with fiscal relevance.
As we can see, there is no need to keep all the emails exchanged within the company itself: in fact, emails that have no commercial or legal relevance and normal email exchanges between colleagues can be deleted, unless it is necessary to keep them for a certain time to meet business requirements.
However, among the rules to be highlighted is art. 20 paragraph 1-bis of the Digital Administration Code, which states that the suitability of the computer document to meet the requirement of the written form and its probative value are freely assessable in court, in relation to its characteristics of security, integrity, and non-modifiability. We also recall art. 43, paragraph 3 of the same text, which establishes the obligation of digital preservation according to the rules of the CAD for all computer documents whose storage is required by law or regulation, such as email and PEC.
It should also be noted that the General Data Protection Regulation (GDPR) also addresses this issue. Specifically, the GDPR clarifies that private emails from employees can only be archived and stored with the explicit consent of the individuals concerned. If it becomes necessary to store such correspondence, it is necessary to make sure that all the required consent has been obtained from the interested parties, as specified by law.
It is important, therefore, as a first step toward proper email and PEC management, to distinguish messages that have a relevant content for commercial and legal purposes and must therefore be digitally stored in accordance with the law, from those that do not have such characteristics. In this sense, it is necessary to inform all collaborators and employees to avoid that relevant messages are deleted, even inadvertently. This being said, it is clear that ordinary email messages and certified email messages have different characteristics and requirements. Let’s take a look at how these different types of email should be handled to ensure that the preservation process is effective and secure.
Digital preservation of regular email
Regular email has become one of the most popular means of communication, thanks to its immediacy and ease of use. However, there are some shortcomings of regular email that should be considered when safeguarding business correspondence. In particular, an ordinary email service does not offer a guarantee of a certain date and time, nor does it offer a guarantee that the message will actually be delivered to the intended recipient. In addition, it is not possible to rule out the possibility that an ordinary email message will be tampered with during its “journey” from sender to recipient. In other words, an ordinary email must guarantee the requirements of integrity, security, and non-modifiability identified by article 20 of the CAD as essential for a computer document to have full evidential value. The value of ordinary email, therefore, in the event of litigation, is always freely assessable by the judge, who will therefore have to examine the conditions under which the message was produced, transmitted, and then stored, to determine how much the requirements of integrity, security and non-modifiability have been respected.
This is where a proper digital preservation process can help. Digital preservation processes are carried out by specialized providers in line with international industry standards, Italian law, and the Agency for Digital Italy (AgID). Specifically, a compliant digital preservation process gives our ordinary emails a certain date and time and guarantees that, at least from the moment they become part of the chosen preservation system, they will no longer be tampered with or modified. In the event of litigation, therefore, messages retained in this way will provide greater legal certainty. It is important, however, that messages be entrusted to the preservation system as soon as possible after they are sent or received, to avoid the possibility of tampering in the interim.
Digital preservation of PECs
Certified Electronic Mail (PEC – Posta Elettronica Certificata), on the other hand, offers greater guarantees than ordinary email, for a small subscription cost. In fact, the services of certified email are able to certify the sending and delivery of a message and to issue receipts that can be opposed by third parties, attributing to the message a certain date and time. In addition, the PEC messages “travel” within transport envelopes that are digitally signed by the provider, thus offering guarantees regarding the origin, integrity, and the non-modifiability of the message itself. From a legal point of view, PEC has the same value as a registered letter with return receipt. Finally, the provider has the obligation to keep track of the receipt and sending of messages for at least 30 months from the date of reference. The use of PEC, however, has been mandatory for public administrations, companies in the form of corporations, and professionals enrolled in registers or lists for some time now. For the guarantees it offers, at a generally low cost, it is also gradually beginning to become more widespread also among private citizens.
Given the characteristics that we have described, you may think that PECs do not need any additional security. Instead, it’s important for PEC messages to be preserved, especially when it comes to correspondence relevant for legal or commercial purposes. In fact, it is good to specify that the correspondence has full legal value only if it takes place between two PEC boxes; moreover, the PEC as such is recognized only in Italy, while it has no legal value in the correspondence with foreign countries. Therefore, it is always advisable to entrust PEC messages and their receipts to a storage system that offers adequate protection before the law, including the storage of messages in the most appropriate .eml format, as required by the Code of Digital Administration (CAD).
Conclusions
As we have seen, the proper digital preservation of emails and PECs is not something to be taken for granted: on the contrary, it can really make the difference in case of litigation before the law. There are several rules to keep in mind, and they regulate many aspects, from the correct storage of accounting records, to the protection of personal data, up to the probative validity of the electronic document. In order to correctly preserve email and PECs, it is necessary to take precautions that cannot be achieved by simply storing them in a hard disk or keeping them on our server, hoping that everything will go well. Even making periodic backups only guarantees that emails will not be lost (except for accidental deletions), but it does not provide us with guarantees from the point of view of integrity, non-modifiability, and security of the content of messages. That’s why a digital preservation service may be the best way to properly preserve emails and PECs and to protect yourself against legal problems.
How to exploit the direct and indirect advantages of dematerialization in document management?