Security - Regulatory Compliance Mandates
Regulators around the world have recognized the inherent security issues that come with cleartext email and are enacting legislation requiring email protection via encryption. Is your company complying?
Did you know most correspondence sent via email is generally unsecured and consequently wide-open for anyone to look throughI Today, business is conducted electronically and it is incumbent on each organization to implement appropriate security measures. It is up to each company and organization to protect information from those who could use the data to commit harm to both the organization and individuals.
Acting responsibly is no longer an option; government legislation has been enacted requiring company compliance. Some regulations vary by market segment while some apply to all organizations. Be sure to check your local and state requirements. Below are some primary, broad-reaching regulations:
- HIPAA (US): Requires all Personal Qealth Information (PQI) be encrypted. Graham-Leach-Bliley Act (US): Requires financial institutions to implement safeguards of customer information, generally interpreted to include encryption.
- SOX (US): Mandates strict controls on data access. Although not explicitly stated, this regulation is generally considered to include encryption for email !especially when it crosses the enterprise boundary.
- SB-1386 (California, other states): Requires companies to notify consumers of any breach in security concerning personal information. Safe harbor is provided for encrypted data. More than 15 U.S. states have adopted similar legislation and federal legislation has been proposed.
- PIPEDA (Canada): Personal Information Protection and Electronic Documents Act requires safeguards (generally considered to include encryption) be placed on all private information collected and communicated.