PST Files Aren't Email Archives: Why It Matters

The audit letter lands on your desk. A regulator, perhaps ASIC or the SRA, is investigating a complaint from a client dating back to early 2021. They need "all relevant correspondence" – specifically, every email exchange – related to that client matter. You remember that former paralegal, Sarah, had a meticulous system of exporting her inbox to PST files at the end of each year. You open the shared drive, find "Sarah_Emails_2021.pst," and try to open it. Outlook churns, then throws an error: "The file C:\SharedDrives\Archives\Sarah_Emails_2021.pst is not an Outlook data file (.pst)." Or worse, it opens, but key emails are missing, attachments are gone, or the search function yields nothing relevant. Panic sets in. You have a vague memory of other PSTs from different staff, but finding them, opening them, and piecing together a coherent timeline feels like looking for needles in a haystack.

The Real Compliance Requirement

For professional services firms across Australia, the UK, and beyond, robust email retention isn't a "nice to have," it's a non-negotiable legal and professional obligation.

• Law Firms: In NSW, Rule 1.15 of the Legal Profession Uniform Conduct (Barristers) Rules 2015 requires law firms to retain client files, including all correspondence like emails, for at least 7 years after a matter concludes. Similarly, the UK's SRA Accounts Rules 2019 demand 6 years of retention for accounting records and related communications.
• Accounting Practices: Firms must comply with professional standards like APES 305 Terms of Engagement in Australia, requiring retention of engagement documentation, including all client communications, for a minimum of 7 years. In the UK, HMRC requires businesses to keep records for 6 years after the tax year they relate to.
• Financial Advisers: ASIC Regulatory Guide 105 Licensing: Organisational competence mandates that Australian Financial Services (AFS) licensees maintain adequate records for 7 years, demonstrating compliance with client advice and instructions – much of which happens via email. In the UK, the FCA's SYSC 10A requires firms to retain records of communications relating to transactions for at least 5 years, often longer for specific advice.

These regulations demand all relevant correspondence, preserved in a way that is complete, accurate, and readily retrievable. Failure to produce these records can lead to significant penalties, including fines, reputational damage, and even loss of license. In the US, the Federal Rules of Civil Procedure (FRCP) govern electronic discovery, requiring the preservation and production of electronically stored information (ESI) in litigation, where an "archive" that can't be searched or verified is essentially useless.

What Most Small Firms Actually Do

Let's be honest: many small firms don't have a dedicated compliance officer or an enterprise-grade archiving system. The common approach often involves a patchwork of manual efforts:

• PST files: Individual staff members export their inboxes periodically to PST files, saving them to a shared network drive or even their local machine.
• Shared mailboxes/folders: Key emails are manually dragged and dropped into shared folders within Outlook or a document management system.
• "It's all in Gmail/Microsoft 365": A reliance on the default retention policies of cloud email providers, often misunderstanding that these are primarily for operational recovery, not regulatory archiving.
• Manual processes: One diligent person is tasked with "archiving," which usually means saving important emails as PDFs or printing them.

The problem with these workarounds is that they inherently break down. PST files are notoriously fragile; they corrupt easily, especially when large or stored on network drives. They strip critical metadata (like internal message IDs, true send/receive times, Bcc recipients), making them less reliable as evidence. They're also easily altered, raising questions about their authenticity. Shared folders rely on human diligence (which is inconsistent), and default cloud retention rarely meets specific regulatory needs for immutability and long-term searchability across departed employee accounts. When a critical email from 2021 is needed today, June 7, 2026, these methods often fail to deliver a complete, verifiable record.

What Good Looks Like

An audit-ready email archive isn't just a collection of old emails; it’s a system designed for compliance. Here's what "good" looks like:

• Continuous, Automated Capture: Every email sent and received by every user in the firm is automatically captured at the point of delivery/sending, without any manual intervention. This means no missed emails, no reliance on individuals remembering to save things.
• Tamper-Evident Storage (Immutability): Once an email is captured, it cannot be altered, deleted, or removed from the archive, even by administrators. This "Write Once, Read Many" (WORM) principle ensures the integrity and authenticity of the record, crucial for legal admissibility.
• Full Metadata Preservation: A true archive preserves all email metadata: internal message IDs, IP addresses, Bcc recipients, full attachment details, and headers. This context is vital for verifying authenticity and understanding the full communication.
• Fast, Comprehensive Retrieval: When an auditor or lawyer asks for emails related to "Client X" between "January 2021 and March 2022," the archive must be able to produce those emails quickly, accurately, and completely, across all custodians (even departed staff). Advanced search capabilities are essential.
• Coverage of All Correspondence: This includes internal emails, external emails, and often other messaging platforms if they are used for client communications. It means capturing everything, not just what someone thought was important.
• Chain of Custody: The system should maintain a verifiable audit trail showing who accessed what and when, further bolstering the integrity of the archived data.

This differs fundamentally from PST files, which are single-user, mutable, metadata-poor, and prone to corruption. A proper archive is an institutional asset, not a personal backup.

The Practical Path Forward

Getting your email retention right doesn't have to be an overwhelming overhaul. Here's a practical path forward:

1. Assess Your Current State (30 minutes): Honestly evaluate how you're currently "archiving" emails. Are you using PSTs? Relying on manual drag-and-drop? Understanding your baseline helps identify the immediate risks.
2. Understand Your Specific Requirements: Review your professional body's guidelines (e.g., SRA, Law Society, ASIC, FCA) for email and record retention. Note the minimum retention periods and any specific requirements for immutability or accessibility.
3. Evaluate Automated Archiving Solutions: For most small professional services firms, a cloud-based automated email archiving solution is the most practical and cost-effective answer. These services connect directly to your email provider (Microsoft 365, Google Workspace) and capture emails automatically, storing them in a compliant, tamper-evident archive. For example, AutoArchive Mail integrates directly with your existing email system to provide continuous, immutable capture and fast retrieval, ensuring you meet compliance obligations without manual effort. You can explore how it works and start a free trial today.
4. Develop a Retention Policy: Even with an automated system, define a clear, written email retention policy for your firm. This policy should outline what needs to be kept, for how long, and how it will be managed.
5. Address Legacy Data (PSTs): While new emails are being archived correctly, you'll need a strategy for existing PST files. This might involve importing them into your new archive if the solution supports it and can preserve their integrity, or at minimum, ensuring they are securely stored and indexed for potential future access, understanding their limitations.

For firms with under 10 people and low regulatory exposure, a disciplined manual process might suffice for non-critical records for a limited time. However, for any firm dealing with client funds, sensitive data, or subject to specific professional body rules, an automated, immutable archive is a necessity. If you're unsure about your specific regulatory obligations, consult with a legal professional specialising in compliance.

Honest Limitation

This article focuses on the core requirements for email archiving for typical small professional services firms. It doesn't delve into the complexities of archiving other forms of electronic communication like instant messaging (e.g., WhatsApp, Teams chat) or social media, which may have their own distinct compliance requirements depending on your industry and jurisdiction. Nor does it cover highly specialised scenarios involving classified information or on-premise archiving for specific data sovereignty needs.