Compliance Regulations

On Overview Key Archiving, Supervisory, and Encryption Regulations

The Federal Rules of Civil Procedure

In today's world email, Bloomberg messages, instant messaging, and social media  now account for upwards of 90% of all business electronic communications. Amendments to the U.S. Federal Rules of Civil Procedure (FRCP) surrounding electronically stored information (ESI), are becoming more and more common in legal proceedings. In fact, electronic communication is now included in over 65 percent of all e-discovery proceedings.

In December 2006, the federal court system enacted amendments to the FRCP regarding the proper handling of email, instant messages, and their native attachments. These amendments require any organization with the potential for involvement in litigation within the U.S. federal court system to (which includes most public and private companies) :

  • Be able to produce emails requested as evidence in a court case in their native format
  • Have a clear understanding of where their data is stored and how to retrieve it in a timely manner
  • Honor a legal hold by temporarily halting the automatic deletion of emails until the legal matter is settled
  • Prove authenticity of the communications in question (i.e. that they are tamper-proof).

Electronic discovery is a large portion in today's litigation, and the United States federal court system has instituted a new standards that went into effect December 1, 2006.

 The rules outline that within 99 days of litigation, both parties must meet to discuss the scope and accessibility of electronic records. This meeting, also called the Rule 26 Meeting, can result in much more effective discovery, but only if a company is prepared to discuss, search, and produce their electronically stored information effectively.

Being prepared by having emails and instant messages archived provides the ability to discuss the systems, access, functionality, policy, and structure of your emails, and instant message's. 

FINRA and SEC Compliance

FINRA rule 3010. NYSE rules 342, 440, & 472, and SEC rules 17-a3 and 17a-4 require that all members archive and supervise all electronic messages (e-mail and instant messages) sent and received.

Today, all financial organizations that are FINRA members must comply with Rule 3010 and Sec rule 17a-3 and 17a-4.

Erado’s email and instant message archiving and supervisory products ensure that your organization is in compliance with these retention and monitoring regulations.

Sarbanes-Oxley

The Sarbanes Oxley Act of 2002 created a set of record retention requirements for all public companies. As email has become upwards of 70% of all business communication, email often contains information regarding business transactions and business decisions and must be retained for compliance.

Companies found in non-compliance or willfully destroying records can face fines and up to 20 years in prison.  The following Sox sections have the most relevance to electronic messages (email and instant messages)

Section:

  • 404
  • 302
  • 103
  • 105
  • 409
  • 802

Erado's SOX compliance solutions make sure your organization is in compliance ensure that your organization is in compliance with these retention regulations.

Gramm-Leach-Bliley

The Gramm-Leach-Bliley Act (commonly called GLB or GLBA) is also known as the Financial Modernization Act of 1999. The GLB Act includes provisions to protect all consumers' personal financial information held by financial institutions.

For efficiency, most organizations use email to communicate internally and as a vehicle for the exchange of documents and correspondence between businesses and consumers.

Since personal financial information can be transmitted via email and instant message  it is critical to ensure that the security and management complies with GLB.

The penalties include for the financial institution can be up to $100,000 for each violation, and the officers and directors of the financial institution may be personally liable. Criminal penalties may include up to 5 years in prison.

GLB requires protecting customers and clients personally identifiable information (PII), Erado's archiving solutions incorporate state of the art data encryption ensuring stored e-mail and instant message data in archived and secured to GLB compliance standards.

Erado's SecureMail e-mail encryption application makes sure that when PII is sent that it is detected, encrypted, and delivered securely.

FERC Compliance

Today, the vast majority of organizations use email and instant messaging to communicate internally and as a vehicle for the exchange of documents and correspondence between businesses and their outside consultants, accounting firms and audit firms. Since these communications often contain information about business transactions and business decisions, these communications must be retained as per the following FERC Regulations 18 CFR Part 35 and Part 284.

These regulations effect the following entities as defined by FERC.

  • Public Utilities (all)
  • Natural Gas Companies
  • Electric Producers
  • Gas and Oil Production and Training

The FERC regulations requires each entity under its jurisdiction to have an electronic data (electronic messages) retention policy that archives the electronic data in an encrypted format to WORM (write once read many) media. Data retention time periods vary from five years to six years based upon the type of energy and wholesale versus retail distribution.

Erado's FERC compliance solutions make sure your organization is in compliance ensure that your organization is in compliance with these retention regulations.

To learn more about Erado's archiving, security, and compliance products and solutions please contact us at 866-67ERADO (866-673-7236)

Call Erado 866-673-7236Contact
 



more-info  Request More Information