Email Compliance details
The rules for email are clear: FRCP, SOX, HIPAA, FINRA, GLB, NYSE, NASD, and SEC regulations all require nearly every company to maintain a complete and easily accessible archive.
While there are over 1,000 different federal, state and local regulations, an organization is typically required to store their email in tamperproof, redundant and easily accessible archives for 3-7 years. Failure to comply can lead to costly fines and penalties.
Specific compliance requirements
Below are some of the specific regulations that may apply to your business.
- FINRA. FINRA pertains primarily to financial services. Under these rules, correspondence of emails to the public pertaining to the firm’s business—whether it is generated from the home, office or elsewhere—is subject to provision.
- SEC. Mainly parallel to FINRA rules and pertaining to financial services, SEC rules require specific requirements for broker dealers. SEC Rule 17a-4 requires brokers and dealers to preserve their email for at least six years.
- FRCP. The 2006 Federal Rules of Civil Procedure require all organizations, large or small, to maintain complete archives with ESI that is readily accessible in the event of litigation.
- HIPAA.All healthcare organizations must take steps to simplify and standardize electronic data exchange, and protect the confidentiality and security of all electronic health data managed by the organization.
- HIPAA requires healthcare companies to preserve email messages and attachments containing patient health status, medical care, treatments, etc.
- Each instance of HIPAA email compliance failure is punishable up to seven-figure fines, criminal charges and even jail time.
- SOX. All public companies are required to show governance and security controls for financial information. All information transmitted via email; revenue sheets, finance updates, and even internal notes, must be protected in a compliant manner. If a company fails to meet SOX requirements, heavy fines are imposed.
- Email Archiving automatically captures 100% of your inbound and outbound emails for preservation, protection and recovery. It assures compliance with the above regulations. It also eases eDiscovery by making it easy to perform comprehensive search requests for audits, litigation, or internal queries.