General discussion

Locked

Email Archiving Regulations

By matt.santee ·
I am a network administrator for a credit union in Texas. I have been tasked with finding out what the regulations are regarding email archiving for our credit union. Specifically, I need to know:

1. What type of email needs to be archived? (i.e. All email, only those that contain business related or member information, etc.)
2. How long do we have to store the email?
3. How accessible does the archived email need to be?
4. Etc., etc.

Any information regarding these regulations, or where to find these regulations, would be greatly appreciated.

Thank you.

Matt

This conversation is currently closed to new comments.

7 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

The starting point would be..

by fluidtech In reply to Email Archiving Regulatio ...

Sarbanes-Oxley Act of 2002

I'm not sure of what level of implementation this is at...but this is where you should start.

Collapse -

Legal issue, not IT issue

by stress junkie In reply to Email Archiving Regulatio ...

When I was working for a mutual fund company they had an entire department of people whose only job was to research regulations and determine if the company was in compliance with the regulations. The department's name was the Compliance Department. The whole idea of asking the IT department to research regulations and determine if the business is in compliance with those regulations is asking the IT department to practice law. That's illegal.

Any business that looks for legal advise from the IT department is asking for trouble. Your employer should hire a legal consultant or someone who is licensed to practice law for this. When you say "We are in compliance with this or that regulation." you are giving a legal opinion. You shouldn't do that.

Collapse -

it's simple

by Jaqui In reply to Email Archiving Regulatio ...

ask your boss how long you have to keep all account records.

here, when I was working in a bank, we had to keep all records for 7 years.
every transaction slip, everything, for 7 years.

it falls under the government regs for finacial institutions.

Collapse -

He was told to do the research

by stress junkie In reply to it's simple

You are essentially saying what I said. The business managers should know the regulations. Matts problem is that he was told to do the research. That is a serious problem. You really need an attorney to give a legal opinion. In leiu of that the business managers can do the research and make up their own mind about what is required, at their peril. The IT department should only be asked to find a way to implement requirements that are stated by the management.

So, as you say yourself, the IT department depends on the managers to state the requirements. Then the IT department can implement the stated requirements.

Collapse -

yup,

by Jaqui In reply to He was told to do the res ...

but his source is his boss.
then he's implementing what his boss decided was needed and he's not under the gun for picking wrong.

legal requirements for financial records are specific for each country, most do use the 7 year, and all data. just for ease of international business / banking.
( an industry standard? )

about the only difference was that here every letter, email is included in the laws. no exceptions.
what are the laws there?
his boss already knows the answer to the question.
so get the boss to detail what, for how long, and how accessable.

Collapse -

With a recent Court ruling here

by HAL 9000 Moderator In reply to yup,

We keep all e-mail indefinitely sure we archive it but we keep it here for ever or the life of the company and then pass it onto the receiver's if appointed.

Currently here an E-Mail has the same force in Law as a Letter so for purely legal reasons they are all kept no matter what they are.

I've only needed to pull an archive once to prove that a e-mail that allegedly originated from one business proportion an illegal activity didn't actually originate from that business but had been altered once sent.

With the upcoming Anti Terror Laws that will be coming soon we will not only need to keep them indefinitely but have a chain of proof in place just to prove that our archived e-mail was what was actually sent or received so it's gong to get a bit messier to comply but really it's no big deal.

I would presume that the Homeland Security Act in the US imposes the same obligations as our upcoming laws. So we no longer need to only comply buy work on the idea that we need to be able to look into the future to make sure that our clients are protected from changes that may be made latter.

Col

Collapse -

A possible place to turn

by MirrorMirror In reply to Email Archiving Regulatio ...

I used to work for the Texas Credit Union League. If your CU has paid it's dues, then you can ask them if there are any regulations with regards to credit unions.

In all truth, I think that it is up to the person running the CU or the board of directors.

Back to Software Forum
7 total posts (Page 1 of 1)  

Related Discussions

Related Forums