Overview
Overview of Key Archiving, Supervisory, and Encryption Regulations
The Federal Rules of Civil Procedure
In today’s world email, social media, instant messaging, and Bloomberg messages now account for 90% of all business electronic communications. Amendments to the U.S. Federal Rules of Civil Procedure (FRCP) surrounding electronically stored information (ESI), are becoming more common in legal proceedings. In fact, electronic communication is now included in over 65% of all eDiscovery proceedings.
In December 2006, the federal court system enacted amendments to the FRCP regarding the proper handling of email, instant messages, and their native attachments. These amendments require any organization with the potential for involvement in litigation within the U.S. federal court system to (including most public and private companies)
- Be able to produce emails requested as evidence in a court case in their native format
- Have a clear understanding of where their data is stored and how to retrieve it in a timely manner
- Honor a legal hold by temporarily halting the automatic deletion of emails until the legal matter is settled
- Prove authenticity of the communications in question (i.e. they are tamperproof)
Electronic Discovery is a large portion in today’s litigation. The United States federal court system has instituted a new standard that went into effect December 1, 2006.
The rules outline that within 99 days of litigation, both parties must meet to discuss the scope and accessibility of electronic records. This meeting, also known as the Rule 26 Meeting can result in a much more effective discovery, but only if a company is prepared to discuss, search, and produce their electronically stored information effectively.
To be prepared, parties must have emails and instant messages archived. It provides the ability to discuss the systems, access, functionality, policy, and structure of your emails, and instant messages.
FINRA and SEC Compliance
FINRA rule 3010. NYSE rules 342, 440, & 472, and SEC rules 17-a3 and 17a-4 require that all members archive and supervise all electronic messages (i.e. email, instant messages) sent and received.
Today, all financial organizations that are FINRA members must comply with Rule 3010 and Sec rule 17a-3 and 17a-4.
Erado’s email and instant message archiving and supervisory products ensure that your organization is in compliance with these retention and monitoring regulations.
Sarbanes-Oxley
The Sarbanes-Oxley Act of 2002 created a set of record retention requirements for all public companies. Email has become part of 70% of all business communication. Of those emails, information regarding business transactions and business decisions and must be retained for compliance.
Companies who were non-compliant, or have willfully destroyed records, can face fines and up to 20 years in prison. The following Sox sections have the most relevance to electronic messages (i.e. email, instant messages).
Section:
- 404
- 302
- 103
- 105
- 409
- 802
Erado’s SOX compliance solutions make sure your organization is in compliance and ensures that your organization is in compliance with these retention regulations.
Gramm-Leach-Bliley
The Gramm-Leach-Bliley Act (commonly called GLB or GLBA) is also known as the Financial Modernization Act of 1999. The GLB Act includes provisions to protect all consumers’ personal financial information held by financial institutions.
For efficiency, most organizations use email to communicate internally and as a vehicle for the exchange of documents and correspondence between businesses and consumers.
Since personal financial information can be transmitted via email and instant message, it is critical to ensure that the security and management complies with GLB.
The penalties include for the financial institution can be up to $100,000 for each violation, and the officers and directors of the financial institution may be personally liable. Criminal penalties may include up to 5 years in prison.
GLB requires protecting customers and clients personally identifiable information (PII), Erado’s archiving solutions incorporate state of the art data encryption, that ensures stored e-mail and instant message data are archived and secured to GLB compliance standards.
Erado’s SecureMail e-mail encryption application makes sure that when PII is sent, it is detected, encrypted, and delivered securely.
FERC Compliance
Today, the vast majority of organizations use email and instant messaging to communicate internally, and as a vehicle for the exchange of documents and correspondence between businesses and their outside consultants, accounting and audit firms. Since these communications often contain information about business transactions and decisions, these communications must be retained as per the following FERC Regulations 18 CFR Part 35 and Part 284.
These regulations effect the following entities as defined by FERC.
- Public Utilities (all)
- Natural Gas Companies
- Electric Producers
- Gas and Oil Production and Training
The FERC regulations require each entity under its jurisdiction to have an electronic data (electronic messages) retention policy that archives the electronic data in an encrypted format to WORM (write once read many) media. Data retention time periods vary from 5 to 6 years based upon the type of energy and wholesale, versus retail distribution.
Erado’s FERC compliance solutions make sure your organization is in compliance to ensure that your organization is in compliance with these retention regulations.
