Previously, we outlined how to evaluate a company's compliance with the Health Insurance Portability and Accountability Act. In this piece, we'll take a look at the essentials to keep in mind with communication solutions, and in particular, email.
GFI noted that several industry regulations and governing bodies — including the Sarbanes-Oxley Act, HIPAA, the Food and Drug Administration, the U.S. Securities and Exchange Commission, the Financial Industry Regulatory Authority and the National Association of Securities Dealers — have special requirements when it comes to companies' email solutions. Each of these necessitate that businesses have a searchable email archive to ensure transparency in connection with corporate communications and other dealings. For this reason, organizations operating under or in conjunction with these rules and groups must have specialized email systems in place.
Here are a few crucial factors to consider when it comes to compliant email and communication solutions:
Protected communications archive
As noted above, firms must have a searchable archive of their communications on hand, both to comply with industry standards, and to provide for auditors. When an audit takes place, the company must prove they have followed regulations. Having an archive of all communication including all emails and messages sent and received streamlines the audit.
However, storing this information can offer a valuable hacking target. Thus, the archive should be protected by authentication credentials — two-factor where possible. This can ensure that only authorized viewers are able to see the records.
Security for each message
In addition to protecting the message storage system, company managers should also adequately secure each individual message being transmitted. A best-of-breed email platform will have advanced encryption in place at the point of sending, which can prevent messages from being intercepted. Hosted email systems, such as the compliant-ready solutions offered by Hostway, have this capability built in.
Encryption is particularly important considering the incredibly sensitive information corporate emails can contain. For instance, employees may need to send a list of customer details to another staff member or partner. As the list may contain names, email addresses or payment information pertaining to consumers, protection — which falls in line with industry regulations — is needed to ensure the safety of this data.
Compliance when sending commercial emails
In addition to considering emails sent to and from the company's employees and its partners, decision-makers must also take into account the messages they send for marketing purposes. According to the Federal Trade Commission, these must follow the CAN-SPAM Act, which provides rights for the recipients of commercial messages.
As email campaigns become more prevalent, it is paramount to ensure compliance with CAN-SPAM. When sending out emails for marketing purposes, senders must maintain the following requirements:
- Refrain from using email header information that might mislead recipients.
- Subject lines must be directly connected to the content of the message.
- The email must be identified as an advertisement.
- Senders must provide location information for recipients.
- Companies must offer an opt-out option for recipients.
- Businesses are responsible for ensuring that partners and other firms that market on their behalf follow CAN-SPAM guidelines as well.
Overall, taking these items into consideration will help guarantee that messages are secure and compliant with the regulations governing the organization's industry.