All About Cloud Hosting And Security

Is My Business Governed By Federal Regulations On The Internet?

By in Compliance, Email, Internet Security


The internet is a popular way for businesses in numerous industries to reach out and keep in touch with both potential and existing clients. It’s an easy way to inform website visitors about new products, services and news about your organization, but with this convenience also comes responsibility to adhere to laws and regulations that are in place to protect consumers privacy and other concerns.

Here is a list of industries that must abide by Government regulations while conducting business on the internet.

Regulations May Govern Your Industry

  • Healthcare Industry - Health care providers and business associates must abide by regulations set forth in HIPAA and HITECH laws. This includes hospitals, health clinics, dentists, psychologists, non-profit health care organizations, pharmacies, health and life insurers, medical billing companies, physicians, nurses, covered entities, and any entity that’s entrusted with sharing or transmitting personally identifiable health records or information. HIPAA establishes standards for electronic data exchange, confidentiality and security of all information related to healthcare. Data must remain accessible to authorized users and auditors while remaining secure and protected from unauthorized sources or usage by way of encryption.
  • Financial Advisors and those involved in investing, stock trading and other financial guidance - Financial Advisors and others in the business of offering financial advice, investment guidance, securities trading, stock brokerages, stock dealers, those that send investment sales literature all fall under several compliance regulations mandated by FINRA including SEC and NASD. Hedge Fund Managers/Advisors and their companies with assets worth $25M or more are governed by theInvestment Advisors Act. All these regulated entities are required to archive Email correspondence for a period of time, up to 10 years. These messages must be stored in an archive available online, with a second copy stored on tamper proof media. Further, messages are required to be time and date stamped with a unique serial ID, in case it’s required for Discovery in litigation.
  • All publicly traded companies - All publicly traded companies are governed by regulations set forth in the Sarbanes-Oxley Act, or SOX. All publicly traded companies are required to comply, along with associated attorneys and business partners. Sarbanes-Oxley has also set an e-records management standard for all business to follow. Sarbanes-Oxley was implemented in 2002 and legislates how business records are protected and preserved to prevent destruction and corruption. Further, SOX, as it is commonly referred to, enforces corporate accountability particularly in the face of audit and litigation requests. It mandates that all electronic records, audit work papers and correspondence be retained for a period of seven years. Further, tamper proof resources are required to prevent corruption and modification of records. Penalties for SOX violations include fines and possible imprisonment for up to 20 years.
  • Canadian Investment Dealers - Regulations aren’t just limited to the United States. Investment Dealers in Canada must abide by rules set forth in IDA 29.7 that mandate that all client correspondence and related documents, including emails, must be retained for five years from the date of creation. Additionally, all sales literature and related documents must be retained for two years from the date of creation. Archived sales literature and correspondence must be readily available for inspection by the Association at all times.

Other regulations like the FRCP and the Freedom Of Information Act broadly cover all businesses and people, even if they aren’t subject to regulation set forth in the healthcare and financial industries.

  • Federal Rules Of Civil Procedure or FRCP includes anyone who could be summoned in a US civil law suit. Both residents and businesses in the US, and companies conducting business or transactions with said entities fall under these compliance rules. The FCRP mandates that any party involved in litigation must be able to produce electronically stored information in as little as fourteen days. Furthermore, information must be obtained in an easily accessible form, typically its native format.
  • The Freedom Of Information Act - The FOIO covers all US Government entities, federal, local and state and those who do business with any federal or state agency or funded institution and went into effect in July 1967. It mandates that government records, documents and correspondence be disclosed to the public. It further mandates that if you are in business with a government funded institution or a state or federal agency that you must retain all email records and business correspondence. Further, government entities must also retain email records as they subject to the FOIA.

If your business is found in violation of any of these regulations you could face serious fines, penalties and in some cases, even criminal charges. This is a risk that no one should be willing to take, even if you think they’re just running a small Ebay business. Even though you might be small, you aren’t exempt.

Need a solution for your compliance requirements? We can help! Please click here to get a free, no obligation quote for Email encryption, Email security and Email archiving services, that keep your business compliant in today’s regulated world.