Back to overview
05. March 2021

Why Outlook PST Files Matter for Data Compliance

Why are PST files such a concern? Let’s take a closer look at what they are and the risks they pose to your company.

On your quest for data compliance in the face of increasing legislation, PST files created by Microsoft Outlook can prove to be your worst nightmare. Not only do these files have a nasty tendency to lurk and linger in multiple locations, but they also contain sensitive information.

The consequences of PST file breaches have already been demonstrated, for instance in the 2014 Sony hack, where 179 of these files were leaked, releasing information from company executives, including 170,000 individual emails. In total, Sony wound up having to spend about $15 million dealing with the repercussions.

Why are email PST files on Outlook such a concern? Let’s take a closer look at what they are and the risks they pose to your company.

What Are PST Files?

PST files are created by Microsoft Outlook as a way to store old emails and keep the program running smoothly. What does PST on PST files stand for? The filetype stands for Personal Storage Tables, essentially an archive file. PSTs are created when a user creates an archive, either manually or in response to an Outlook prompt to do so.

Because users are rarely aware of these files, which are by default hidden within a Microsoft folder, they have a tendency to be everywhere and nowhere at once. PSTs wind up on the network when users move them there, manually save them there, or a backup occurs, and many users quickly lose track of where these files are stored. You can often find redundant PSTs, yet few employees know what they contain. That is where the risks emerge. So, let’s see what the risks of using Outlook PSTs (or similar) are.

4 Risks that Outlook PSTs (or Similar) Pose

PSTs package hundreds of megabytes of emails into a single file, which makes them particularly dangerous, as they may contain sensitive or confidential information. In addition, employees with old habits may have duplicates of these PSTs scattered across several devices. Finally, PSTs are far from secure and can be easily hacked open, even when password protected. All of these factors combine to form four major risks.

1. Excessive Data Consumption

The average PST file weighs roughly 600MB. Needless to say, this can lead to excessive data consumption on company equipment. Because PSTs are known to have issues working over networks, and do not play nicely with multiple users simultaneously, each machine will often end up with its own PST.

If your employees use PSTs on a local machine at work and on a company laptop or a home computer, then you can expect yet another copy of these pesky PST files to be out there, taking up more valuable company data space and increasing your risk even further.

2. Lack of Secure Backups

![Secure backups](
Because PSTs have known issues with being accessed over networks, they rarely get backed up correctly. This can present serious issues if a client requests that you delete all of their data from your machines. You would have to go through each device to determine if their PSTs have your client’s data.

Furthermore, users can delete emails right out of a PST, meaning that valuable information can be lost. Whether this happens intentionally or not, it’s not a risk you want to take. Lastly, PSTs frequently get corrupted, which can lead to lost data.

3. Security Risks

As we mentioned above, Outlook PSTs (or similar) are often distributed across many devices. This presents huge security risks for your company. Your risk increases for each device the file is located on.

Many employees have old habits with PSTs that can create serious problems. For one, many employees may transfer PSTs from their work computer to their home machine via USB. This creates multiple copies that can all be exploited.

Lost Equipment

Another risk is that your employees could lose equipment on which these sensitive PSTs are stored. Suppose a laptop is stolen or misplaced, or a USB drive is lost. Now those PSTs are exposed and your company can be held liable.

4. Compliance Violations

All of these issues can quickly lead to serious data legislation compliance violations. Not only can these be very expensive, but they can do massive damage to your company’s reputation. There are two key pieces of data legislation right now that you should be aware of, the GDPR and CCPA. Here is how PSTs can lead to problems with both:

Potential GDPR Violations

![GDPR compliance with intelligence and automation](
The GDPR is the European Union’s groundbreaking data privacy legislation. If you have a single email from a European resident, their personal or sensitive data would be subject to GDPR regulation. It’s easy to see how a single PST file could put your company in a vulnerable position.

The GDPR has two different classifications of data fines, which depend on the type of data and the type of violation. The maximum fines are 10 million Euros, or 2% of annual turnover, whichever is greater. The cost of managing your Outlook PSTs or similar files is only a fraction of the damage that a GDPR fine can do.

CCPA Risks

The CCPA is California’s data privacy regulation which was modeled on the GDPR. Like the GDPR, if you have emailed a client who is a resident of California, then odds are your PST contains data that is subject to the CCPA. While CCPA fines are not quite as aggressive, the law requires you to give clients reports on their data upon request. How can you make an accurate report if you don’t know where all the data is?

If you fail to report on that data and it is breached later, you can expect even heavier fines, as you’ll be in violation of multiple rules.

How Aparavi Can Help

Aparavi’s intelligent data management platform analyzes many file types, including PSTs. Once you connect Aparavi to your entire network of computers, it can search through all your files and find redundancies, exposing outdated backups of PSTs and helping you clear up the clutter.

Aparavi can even parse the PSTs to find emails and help you identify client data for a request. And if you’re in the process of eliminating PSTs from your company, Aparavi will find them and help you remove them from your business. With a platform that has been developed with data compliance in mind, you can simplify the process of becoming compliant and avoid fines.

If you would like to know more about how we can help your business to grow and meet increasing data demands, contact Aparavi today.