Industry Regulation Trends

Interesting industry and regulatory trends have emerged in just the last few years that should spur many organizations into action.

As various forms of electronic communication evolve and grow at breakneck speed, the SEC reacts by regulating the finance and brokerage industries. Precedents have already been set with federal mandates such as Gramm-Leach-Bliley Act¹ (GBLA), Sarbanes-Oxley² (SOX) and the Health Insurance Portability and Accountability Act³ (HIPAA) which ensure the privacy of digital information and retention of business-oriented messages for a specified period of time. The improper management of such information as healthcare records can lead to being held in noncompliance.

Furthermore, government agencies, such as the Food and Drug Administration, Environmental Protection Agency, Internal Revenue Service, Occupational Safety and Health Administration, state insurance regulators and other federal and state agencies regularly request access to e-mail for audit or review.

The SEC added Sec 17A in 1997 even before email growth exploded from 505 million mailboxes in 2000 to 1.2 billion in 2005. Sec 17A in 2002 followed with additional regulation requirements for IM or instant messaging. IM, widely dubbed as “email without lag time” became widespread in 2003 when 590 million people held IM accounts.

In 2002 the SEC imposed $8M in fines to organizations that did not archive employee e-mail. These firms did not comply with SEC 17A-4 and NASD 3010 regulations pertaining to electronic communications. As part of this mandate the SEC has also updated their regulations to include computer-based Instant Messaging, as provided by AOL, Yahoo, MSN and Reuters, and the additional communication channels provided by the BlackBerry.  NASD RFC 2007 was the first step towards implementing a compliance requirement for all types of mobile messaging including SMS/Text, PIN-2-PIN Messaging and Web Mail.

Want an expert legal opinion?

The following excerpt is from an article entitled, “BlackBerry in the Regulatory Spotlight,” written by Jeffrey Plotkin of the law firm of Day Pitney LLP in February 2008.  Plotkin is the former Assistant Regional Administrator of the SEC’s New York Regional Office in the Division of Broker-Dealer Enforcement.

“The Guidance [FINRA 12/07 Guidance] was a shot across the bow of any securities firm that has been less than vigilant in ensuring that electronic communications with customers from employees’ wireless handheld devices are captured and monitored. At this juncture, member firms cannot blame any further compliance shortcomings related to handheld devices on a lack of guidance from the regulators. FINRA’s pronouncement is clear: firms must either be able to capture, retain, and monitor all electronic communications with customers from handheld devices, or must prohibit them.”

If you would like a complete copy of the article “BlackBerry in the Regulatory Spotlight”, please click here.

¹ Financial institutions are obligated to protect privacy of customers & their non-public personal information.

² Designed by the SEC to thwart fraud in public companies, requires regulated companies to implement internal controls for gathering, processing and reporting accurate and reliable financial information.

³ Companies in the health care industry are legally required to safeguard e-mail messages & attachments containing information related to patient’s health status, medical care, treatment plans and payment issues.

⁴ E-Mail Policy Best Practices: Implementing & Enforcing E-Mail Policies to Maximize Regulatory Compliance, 2005. By Nancy Flynn, Executive Director, The ePolicy Institute and author: E-Mail Rules, Instant Messaging Rules, The ePolicy Handbook, Writing Effective E-Mail.