Back

Email disclaimer laws for the United States – Part Two

Yesterday, we started to look at some of the email disclaimer laws that are used in the United States. However, there was no way that we were going to get through all of them, so read on to find what other disclaimer laws are in effect.

Health Insurance Portability & Accountability Act (HIPAA)

The Health Insurance Portability and Accountability Act (HIPAA) offers protection for millions of American workers by improving portability and continuity of health insurance coverage. There are two sections to the Act. HIPAA Title I deals with protecting health insurance coverage for people who lose or change jobs. HIPAA Title II includes an administrative simplification section which deals with the standardization of healthcare-related information systems.

Information must be stored in robust data centers that provide minimum guaranteed uptime and very high security. Anyone who obtains and discloses information with the intent to sell, transfer or use it for commercial gain or malicious harm can face penalties of up to $250K in fines and 10 years in jail.

The need for an Archiver
All patient information, authorizations, policies, procedures and contracts with business associates must be retained for at least 6 years.

The Public Information Act, Texas State

The Texas Public Information Act is a series of laws incorporated into the Texas Governmental Code that guarantees an individual’s unrestricted access to public records kept by government agencies. Certain exceptions may apply to the disclosure of the information.

Governmental bodies shall promptly release requested information that is not confidential by law, either constitutional, statutory, or by judicial decision, or information for which an exception to disclosure has not been sought.

The need for an Archiver
In order to comply with the Public Information Act, an efficient email archiving system for compliance is a must. Email is a public record, just like any other document, so it is vital that a system is in place to control the increasing amount of email data. In addition, it is vital that there is an ability in place to quickly respond to compliance requests.

Sarbanes-Oxley 2002 (SOX)

The Sarbanes-Oxley Act of 2002 (often shortened to SOX) is legislation passed by the U.S. Congress to protect shareholders and the general public from accounting errors and fraudulent practices in the enterprise, as well as improve the accuracy of corporate disclosures. It came as a result of the large corporate financial scandals in the early 2000s involving Enron, WorldCom, Global Crossing and Arthur Andersen. It also affects any UK companies trading on the US Stock Exchange.

All publicly-traded companies are required to submit an annual report of the effectiveness of their internal accounting controls to the US Securities and Exchange Commission (SEC). Essentially, SOX legislates what used to be IT security best practices. The major provisions of the Sarbanes Oxley Act (SOX) include criminal and civil penalties. Anyone who knowingly alters, falsifies, destroys, or otherwise tampers with a document or record can be fined and/or imprisoned for up to 20 years.

The need for an Archiver
All relevant audit-related documentation must be retained for a period of at least seven years. This includes contracts, policies, authorizations, verifications, recommendations, performance reviews and financial data.

SOX also addresses the need for companies to effectively manage risk in all its forms including ensuring that data residing on corporate computers is adequately archived and protected from damage or tampering. To comply with these needs, an effective email archiving system is required that is can scale to the needs of archiving large amounts of data in a secure manner for long periods of time.

SEC Rule 17a-4/ NASD 3010 (Securities Exchange Act 1934)

Among the most visible record keeping regulations are those imposed by SEC and related exchanges on communication between securities traders/brokers and the public. All US financial organizations and any UK organizations that trade on the NYSE are required to meet these regulations.

SEC rules 17a-3 and 17a-4 require broker-dealers to create and preserve, in an accessible manner, a comprehensive record of each securities transaction they effect and of their securities business in general.

The need for an Archiver
The US Financial Services market is perhaps one of the most heavily regulated markets in the world when it comes to document and email archiving. An audit system is vital for accountability.

At all times, a member, broker, or dealer must be able to have the results of an audit system available for examination by the staffs of the Commission and the self-regulatory organizations of which the broker or dealer is a member.

Any audit results must be preserved for the time required for the audited records. The need to guarantee capture, store and maintain messages in a non-erasable manner is a key requirement that mail servers or indeed homegrown archive systems cannot deliver. Speed of retrieval is also a key factor when dealing with Legal Discovery orders. Noncompliance comes with huge fines in the region of several million dollars being levelled at organizations.

At the end of the day, email disclaimers may seem to be boring and unnecessary, but they are strictly enforced in many developed countries. Also, the need to archive emails is becoming more and more important due to the high levels of emails that are sent everyday. Do your company a favor by making sure that you have compliant legal disclaimers in your email signatures and invest in a dedicated email archiving solution.