Today preserving email has been made mandatory, thanks to the various legal and government regulations that govern every country. Let us take a sneak preview of the top regulatory obligations to preserve email.
1. Health Insurance Portability and Accountability Act of 1996 (HIPAA)
All organizations operating in the healthcare field need to comply with HIPAA to ensure the safety of protected health information.
Organizations are required to protect this data from unauthorized users as well as retain a broad range of documentation regarding their compliance for six years.
Now, business partners of entities already covered by HIPAA, such as pharmacies, healthcare providers and others, are required to comply with HIPAA provisions. This includes attorneys, accounting firms, external billing companies and others that do business with covered entities.
2. Sarbanes-Oxley Act of 2002
The Sarbanes-Oxley Act of 2002 requires all public companies and their auditors to retain such relevant records as audit work papers, memoranda, correspondence and electronic records, including email, for a period of seven years.
Company officers are obliged to report internal controls and procedures for financial reporting, and auditors are required to test the internal control structures.
Businesses have to ensure employees preserve information, whether paper- or electronic-based, that would be relevant to the companys financial reporting.
3. Securities and Exchange Commission Rules
Members of national securities exchanges, brokers and dealers are obliged to preserve all records for a minimum of six years and in an easily accessible place for the first two years (SEC Rule 17a-4).
Financial Industry Regulatory Authority (FINRA)
FINRA is a non-governmental regulator formed in 2007 by the merger of various functions of the New York Stock Exchange and the National Association of Securities Dealers.
FINRA manages a wide variety of rules that are imposed upon the more than 5,000 brokerage firms and nearly 675,000 registered representatives it oversees.
Implementing a reliable and robust email/data protection solution, such as an email archiving software, can be one of the solutions to remain compliant with regulatory obligations.