Information from technology firm Waterford Technologies and other sources contributed to this grid of the various regulatory frameworks affecting email retention.
Regulations |
Industry Affected |
Impact |
Penalties/Non-Compliance |
NASD Rules 3010 and 3110 |
Securities |
Retain Customer Correspondence for Up to 6 years |
Fines |
Sarbanes-Oxley |
Public Corporations |
Best to Retain all documents and emails – Corporate Accountability |
Fines to $5MM and 20 years Imprisonment for destroying emails |
COSO |
Public Corporations |
Best to Retain all documents and emails – Corporate Accountability |
Fines May be Covered Under Sarbanes-Oxley |
Gramm-Leach-Bliley |
Financial Institutions |
Requires protection of non-public personal information for outside distribution |
Fines and up to 5 years Imprisonment |
California Privacy Law (SB 1386) |
Any Company Doing Business with California Residents |
Requires protection of non-public personal information for outside distribution |
Civil Action Allowed for “Injured” Customers |
HIPAA |
Medical |
Patient Privacy and ensure document integrity |
Fines to $250K and Imprisonment up to 10 years |
Freedom of Information Act |
Any Company Doing Business with any Federal or State Agency or Funded Institution |
Requires Information to be made Available to the Public for Inspection |
Potential Damage to Corporate Reputation |
ISO 17799 |
Potentially Required for Cyber-Liability Insurance |
Guidelines to Monitor and Protect Information Infrastructure |
Potential Damage to Corporate Reputation |
USA Patriot Act |
Potentially any Entity in the USA |
Laws to Require Information Disclosure to Protect Against Terrorism |
Fines and Imprisonment |
Canadian Personal Information and |
Any business under legislative authority |
Requires protection of non-public |
Fines up to $100K |
Electronic Documents Act |
of Parliament |
personal information for outside distribution |
Canadian Ontario Securities Commission, Commodity Futures Act |
Canadian Commodities Trading Institutions |
Provides protection against misleading information and requires document retention |
Fines up to $5 million and Imprisonment up to 5 Years minus one day |
Canadian, Ontario Securities Commission, Securities Act |
Canadian Securities Trading Institutions |
Enhances CEO and CFO accountability along with tighter financial reporting |
Fines up to $5 million and Imprisonment up to 5 Years minus one day |
Florida Sunshine Act |
Any business under legislative authority |
Emails sent or received by state employees are public records and are subject to public disclosure unless otherwise exempted. The law further states that “a public record may be destroyed or otherwise disposed of only in accordance with retention schedules established by the Division of Library and Information Services of the Department of State.” |
|
FDA |
Food, drug, agriculture |
Business records that were created and
maintained electronically must comply with all
the same archival requirements as hardcopy
documents (including audit trail, system
security, system self-check, etc.). |
|
FERC (CFR TITLE 18) |
Energy |
Title 18 Chapter 23 Correspondence and
working papers in connection with the making
of rates and compliance of tariffs,
classifications, division sheets, and circulars
affecting the transportation of property. Must
be retained for 2 years after cancellation of
tariff. |
|