The CAN-SPAM Act
Our lives are rife with spam email. In fact, at one point, it was getting serverely out of hand. Fortunately, email companies have given us the tools to fight against junk email coming into our inbox, but the Federal Trade Commission took matters in their own hands and drafted the CAN-SPAM Act. According to the FTC’s official website, there are 7 main requirements to the CAN-SPAM Act:
1) Don’t use false or misleading header information;
2) Don’t use deceptive subject lines;
3) Identify the message as an ad;
4) Tell recipients where you’re located;
5) Tell recipients how to oft out of receiving future email from you;
6) Honor opt-out requests promptly;
7) Monitor what others are doing on your behalf.
The FTC’s website answers a lot of quests and defines these 7 main requirements. When it comes to email regulations, the CAN-SPAM Act is one that every person can appreciate!
Email Regulations in Nevada
Nevada is one of the couple states that has addressed the issue of protecting personal, identiable information over the Internet head-on. They have a specific state law for this very purpose, which reads:
NRS 597.970 Restrictions on transfer of personal information through electronic transmission. [Effective October 1, 2008.]
1. A business in this State shall not transfer any personal information of a customer through an electronic transmission other than a facsimile to a person outside of the secure system of the business unless the business uses encryption to ensure the security of electronic transmission.
It may be hard to grasp the ramifications of this law; so many companies in Nevada pass personal information through email. That’s where a complete understanding of email regulations in Nevada is completely necessary. If not that, then it’s important to find an encryption company that has experience with residents of Nevada.
Nevada (along with Massachusetts!) should be commended for their regulations on protecting consumer information via email. Encryption is important for the transmission of this information, and it’s something every company should look into implementing before it becomes a law in your state!
Email Regulations Using an On-Premise Solution or Software-as-a-Service (SaaS)?
Archiving options for email regulations usually come in two different categories, software as a service (SaaS) and on-premise email archiving. Both email archive solutions have benefits.
Defining SaaS and On-Premise Email Archive Solutions
Before deciding which email archive option to choose, it is important to know how each system works. With SaaS, neither hardware nor software is needed to complete the email archiving task. The email operating burden is shifted to a third-party, messages are preserved securely at a third-party data center, and businesses have access to their archive via secure Internet connection. With on-premise email archiving, much of the archiving duties are completed on-site as well as having the emails stored at the business location.
Comparing the Two Email Archive Solutions
When comparing SaaS versus on-premise email archiving, there are a few distinctions. The first feature to consider is what appliances, software and/or hardware are necessary to carry out the email archiving duties, and what your company is comfortable with.
Another difference which exists when comparing SaaS vs. on-premise email archiving is who is responsible for the maintenance, monitoring and upkeep of the email archive service. With SaaS email archiving, an outside email archive provider will handle many of the duties associated with the email archive solution. In an on-premise email archive system, the IT department of the company is the entity which handles much of the email archiving details.
FINRA Email Regulations (NASD 3010 & NASD 3110)
The email regulations which involve FINRA are NASD 3010 and NASD 3011. Here’s a quick overview of each:
NASD 3010
- Procedures and policies put into place to supervise, review and sample registered representatives' electronic communication. Supervisors are required to have the ability to review outgoing email for noncompliant language.
- Documented records are required to show that supervisory procedures are being enforced.
NASD 3110
- All records should be retained in teh same format as SEC Rule 17a-4 (non-rewriteable, non-erasable, and time-stamped), and be retained for at least three years.
It’s important to note that in the first two years of the three-year requirement from NASD 3110, all email and Internet-based messaging need to be easily accessible.
Because of all these rules and regulations, using an outdated method like backup tapes will not work – a proper email archiving and compliance solution is essential for NASD 3010 & NASD 3110 compliance. The best email archiving vendors have solutions in place where archived emails can quickly and efficiently be produced.
Do the research, ask your potential email archiving vendor how their solution is in compliance with FINRA email regulations.
Email Regulations From The SEC (17a-3 & 17a-4)
Although some may view email archiving as a simple and easy way to govern company emails, it is so much more. Email archive solutions for email regulations enable users to comply with federal regulations and maintain the corporate knowledge stored within their email systems in good working. There are certain regulatory bodies which concern themselves with monitoring the email archiving habits of companies and corporations. For the SEC, two essential rules to know and understand for its email regulations are SEC 17a-3 and SEC 17a-4.
SEC 17a-3 & SEC 17a-4
The main SEC rules which govern the topic of email archiving are SEC 17a-3 and SEC 17a-4. These rules cover various aspects of email archiving but some of the main points are as follows:
- Electronic business records must be archived for 3-6 years, depending on business;
- Email messages have to be stored in a safe, tamperproof way;
- Email must be indexed properly;
- Third-party downloader must be appointed by the company so access to the archived emails is possible;
- Email must be archived in duplicate and stored in different locations.
All of these previously listed rules are created to ensure proper retention and maintenance of email which may have been sent to those outside the company, received from outside parties and interoffice email.
Learning More About Email Regulations
As the years pass by, more and more regulations pertaining to business operations are coming into existence. Federal regulatory authorities want to make sure that companies and corporations are carrying out their daily business operations in the proper manner and institute regulations and laws to mandate. With that said, there are quite a few specific email regulations and laws that are being constantly updated with the ever-changing landscape of electronically-transmitted information.
Email governance regulations have been instituted by authorities such as the Securities and Exchange Commission (SEC) and the Financial Industry Regulatory Authority (FINRA), to name two of the more prominent names in this regulatory area. Compliance with SEC and FINRA regulations in addition to rules and regulations under the Federal Rules of Civil Procedure (FRCP), Sarbanes-Oxley Act (SOX) and the Health Insurance Portability and Accountability Act (HIPAA) make compliance with email archiving guidelines imperative.
Proper Storage of Company and Corporation Emails
One of the main requirements under a few different SEC and FINRA regulations is that businesses must maintain proper storage of historical company emails. This involves the act of archiving emails and keeping them indexed in such a way so as to produce them quickly. Email preservation with an email archiving solution can be completed with a SaaS solution or on-premise email archiving service. The regulations outline how companies must store their emails, how long they must keep the emails archived and other pertinent rules.
Need More Info?
Welcome
Links
Advertisement