Categories: Articles

What a Company Needs to Think about to Become Compliant

What a Company Needs to Think about to Become Compliant

Federal Statutes

The Gramm-Leach-Bliley Act:
Requiring every business who accesses or uses a customer”s personal financial information to issue a privacy statement that notifies its customers “in clear and conspicuous language” on an annual basis how that information is collected and used and to comply with its stated privacy policy to protect the privacy of such information;

The Health Insurance Portability and Accountability Act:
Requiring every business who accesses or uses an individual”s protected health information to issue a privacy statement that notifies such individuals on an annual basis how that information is collected and used and to comply with its stated privacy policy to protect the privacy of such information;

The Sarbanes Oxley Act:
Requiring accountants who audit or review Financial Statements for a business to retain certain business records relating to that audit or review; and imposing criminal liability on any business that engages in document destruction, even nbso if such document destruction occurs before the business has any formal notice of an official proceeding, and without the necessity of proving a bad intent for the destruction, i.e., a “corrupt persuasion.”

Securities and Exchange Commission (SEC):
A 1997 amendment to the Securities and Exchange Commission (SEC) Act requires financial institutions to keep records of digital communications between broker/dealers and customers. Records must be stored on media that are not subject to change, are easily accessible for the first two years and retains unchanged for no fewer than six years.

What is required to be compliant?
Regulations today require a company”s top management to:

(a) Affirm their ultimate responsibility for the company”s internal financial controls in writing in their annual report;
(b) Provide an assessment of and attest to the effectiveness of those controls; and
(c) Obtain a separate report from a third-party auditor evaluating and validating management”s assessment of the company”s controls. To achieve this it will be critical to have controls, policies and procedures in place and documented.

  • What does this mean for business today?
    Email is no longer a novelty to conduct business today for small or large, privately owned or publicly traded companies
  • Email is considered admissible as a business record in a court of law by way of defense against litigation
EMT

Recent Posts

Shared Mailbox vs. Regular Mailbox in Microsoft Exchange

Microsoft Exchange provides multiple ways to control email communication in a business. Shared Mailboxes and…

2 days ago

Remote Work Rising: The New<br>Way We’ll Work

Remote working was once a niche specialty, only used by tech-savvy and freelancers. But in…

2 days ago

The Role of Print Servers In<br>An Organization

While we live in a digital age, print is still a staple for many businesses.…

2 days ago

Implementing Anti-Spoofing Rules for Email Protection

Increasingly, email communication is playing a pivotal role in business operations, facilitating collaboration, customer engagement,…

3 days ago

The Comprehensive Benefits of MSP Management for Servers, Exchange, O365, VPN, and Networks

As the digital landscape evolves, businesses of all sizes face the challenge of managing complex…

3 days ago

Cost-Benefit Analysis of On-Premises Network/Server Infrastructure vs. Azure-Based Cloud Infrastructure

In the evolving landscape of information technology, businesses constantly seek the most efficient and cost-effective…

3 days ago