In today’s business world, we are nothing without email. Now, we do not even need to sit in our office to hear the ding of our inbox, alerting us that yet another message arrived; we live in an era where smart phones are everywhere and we can have our email with us at all times. With all this new technology, however, it has also come an onslaught of laws that are designed to keep email compliant with things like customer privacy, law enforcement investigations, and corporate governance. In short, the purposes of the law to ensure that email is used and managed properly.
If you work for a doctor’s office, you certainly know about HIPAA. Two rules that affect Email Compliance are the Privacy Rule and the Security Rule. Of the two, the Security Rule is more in-depth and essentially mirrors the Privacy Rule; its purpose is to focus on information and security best practices and revolves around the security cornerstones of confidentiality, integrity and availability. The Security Rule focuses on everything from workstation management of information to facility access and transmission security. It is important that all the information you have sent e-mail, do not talk about the identity of the patient or the problems they face; many offices will use initials when speaking about patients via email.
In the financial sector, Email Compliance is controlled by the Gramm-Leach-Bliley Act. Also known as GLBA, it is basically the same law as HIPAA, just for a different type of business. It is designed to ensure privacy and security of non-public personal information as it relates to individuals financial information. Rules GLBA about mortgage lenders, banks, stock firms and others of the like. Within GLBA is a financial company is charged with several things: to designate an employee or employees to coordinate the information security program, to identify reasonably foreseeable risk to non-public information, to make sure their suppliers are also using safeguards, and monitoring all above.
On top of these two rules, there are also others. The Sarbanes-Oxley Act, also known as SOX, is watched over by the US Securities and Exchange Commission. This act was designed to respond to the various, and highly publicized, bogus financial reporting in the early 2000s. SOX discusses what information may leave the organization and how long the industry should keep information sector; it requires that financial companies keep messages on file for six years. Likewise, the SEC Rule 17a-4 and NASD Rules 3010 and 3110 affect email communications within the financial industry.
This is just the tip of the iceberg. When it comes to email compliance, there are rules everywhere, and your business needs to know who to you and how to treat them. There are several ways to handle these issues, most of which include hiring at least some type of IT security firm to develop a total information security plan that will comply with recent and future, government email regulations.