Webupon

In a very short period of time, information technology has completely transformed the way businesses communicate. This has led to increased productivity for business owners, and better convenience for customers. 

But this convenience also brings with it potential threats that had never existed before. Now, we’re seeing a host of unprecedented cases relating to privacy, retention and disclosure of information.

Case in Point:

According to a recent study by Intel, an average corporate laptop theft incident can cost an average of $50,000. Although the machine itself is fairly inexpensive, the intellectual property stored on these systems has the potential to cause serious legal problems for the company that had the responsibility to protect it.

Now more than ever, it’s important that you take the time to speak with your lawyers and company executives in order to craft a data management strategy that will shield you from unanticipated future legal problems.

And when it comes to information compliance, your corporate emails are the first place you should look.

There are a surprising number of laws and regulations with which you may need to comply when administering an email system. A “cloud-based” or “Software-as-a-Service” email archiving system can simplify much of the process while minimizing costs for your company. By outsourcing this process, you also get access to experienced experts in the field of data management and compliance.

Of course, you need to take your specific legal obligations into account when considering your email management options.

HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) imposes several requirements concerning security and privacy. Specifically, this regulation covers healthcare providers and their contractors, and states that patient information must be kept private and secure.

Email archiving and storage will require rigorous controls under HIPAA. HIPAA requires that all personal health information be protected, which means that it should not be exposed in unencrypted email.

While some providers will interpret this to mean that no patient data should even be sent via email, this approach is not necessary, as it is possible to impose HIPAA -compliant email technology to impose privacy on email transmission and email archives.

For this reason, email archives, and even email transmissions, should be encrypted. Authorization and authentication are also necessary for HIPAA compliance.

Sarbanes-Oxley

Sarbanes-Oxley governs how financial data is stored in publicly-held corporations, and is meant as a safeguard against corporate fraud. Although the first level of concern is the actual use, access, and storage of financial data, there is an email aspect to it as well.

Sarbanes-Oxley auditors will always include an enhanced email infrastructure as well to ensure compliance with section 404 of the Act, which imposes a strict set of internal security controls.

One of the most important elements of email security in regards toSarbanes-Oxley is encryption.

Because the regulation imposes safeguards against unauthorized use of financial data, companies governed by Sarbanes-Oxley will typically use encrypted email when sending any financial information, even internally.

Gramm-Leach-Bliley

The Gramm-Leach-Bliley Act governs financial institutions and their contractors, and is meant to safeguard the privacy of consumers’ personal financial information.

LikeHIPAA, there is a privacy element. But in the case of Gramm-Leach-Bliley , the safeguard is meant as a measure to help prevent the incidence of identity theft, as well as leakage of important financial information that may contain personal data.

If you are selecting a cloud-based email provisioning or archiving system, make sure that your cloud provider is fully compliant with any and all regulations that apply to your organization. Be aware too, that there is an indirect element to compliance as well.

Even if a piece of legislation does not cover you directly, there is a chance that if you are a subcontractor or supplier to another company that is covered under legislation, then you too, must be equally covered.

Regardless of which compliance regulation governs your company, general best practices apply. This means using multiple layers of content protection, encryption when appropriate, and ensuring that cloud services providers are fully compliant and provide an audit trail.

By keeping up with the latest legal trends and applying privacy best practices to your information privacy, you’ll be able to ask better questions and avoid problems further down the road.

Disclaimer:

While reading this, please keep in mind that nothing contained in this article constitutes legal advice. They are simply talking points that will hopefully lead to more meaningful dialogue with your legal representatives.

Some of the facts in this document may have changed since the time it was written, and other facts may be open to alternate legal interpretation. If you’re at all uncertain about any legal matters, you should still ask your lawyer.

For more information about compliance and data protection methods including online backup and email archiving, please contact Storagepipe.