A company’s IT infrastructure is usually considered a cost, even if it pays for itself. It’s an operating expensive that is often vital to the running of the company, but still regarded as cost. That places it negatively in the minds of many decision makers in business. That can often get in the way of making investments in new technologies, or ones seen as option, like email archiving.
Even though the various legislation have been around for a few years, many companies still don’t take them seriously.
SEC, FINRA, HIPAA, Sarbanes-Oxley, NYSE and NASD all have a series of regulations that relate to the use and storage of electronic information. That information can be in the form of email, Instant Messages, Facebook updates, forum posts or even podcasts.
The regulations are complex and cover just about everything from how electronic information is written, managed, sent, received and stored.Small to medium-sized businesses need to take into account all these rules and seek advice wherever necessary.
Here are some of the highlights of some of the rules and how they relate to email archiving.
SEC and FINRA rules demand organizations record and store all electronic business records for a period of 3 and 6 years. They must be preserved in their original format, be tamper proof and non-erasable. They must also have duplicate records stored offsite to increase their chances of survival.
The Health Insurance Portability and Accountability Act (HIPAA) is a series of regulations that require that any business that has contact with medical records to encrypt all email, store it in a secure location, monitor network traffic for data leaks and monitor staff who have access to patient privileged information.
The Sarbanes-Oxley Act (SOX), also known as the Public Company Accounting Reform and Investor Protection Act of 2002 is another SEC ruling. It says relevant records are to be stored for a set period of no less than 5 years. This is mainly for financial data and public company information. However, it has implications for almost any company that does business in the United States.
The NASD and NYSE have their own rules that relate to email archiving. They mostly repeat what the SOX and SEC regulations cover, but makes them relevant to many more companies who do email archiving.
There is a lot to consider when doing business in the US. Especially if that business is financial, deals with PFI, or is a public company. Email archiving is a mandatory undertaking for just about any business, in any industry in the country, and should be regarded as essential, not optional.
Recent surveys showing that less than 30 percent of businesses in the country had either an email archive or backup system shows that these rules still aren’t being taken seriously enough. With our economic situation and lack of confidence in many companies, you can expect to see regulators come down hard on those who don’t comply. If nothing else than to make an example of them for others.