From the late 1990s, numerous new regulations have been introduced in both the United States and Europe, often in the wake of corporate scandals where unethical business practices fell foul of existing financial reporting and disclosure rules. The backlash from these high profile episodes prompted newer corporate compliance legislation, such as Basel II in Europe and Sarbanes-Oxley in the United States. This is now being implemented alongside the likes of the EU Data Protection Directives and the Privacy & Electronic Communications Regulation, to ensure that companies put and keep their houses in order.
In general, the relationship between email and the law is a patchy one, with a mismatch of old and new law dealing with old and new issues. There is no single law relating directly to the use of email, and yet it is touched by several pieces of legislation intended to balance the interests of privacy and human rights with protecting corporate investment and security.
For example, in the UK, the 7th Principle of the Data Protection Act requires that businesses take ‘appropriate measures to prevent the unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.’ Although somewhat ambiguous in its definition, it essentially means that companies must protect all electronic communications containing customer data, including all emails sent and received.
It is not just customer information that must be considered. In order to be compliant with the regulations, businesses must take appropriate measures to mitigate the risk of disclosing valuable or sensitive organisational data. Unauthorised access to or distribution of financial forecasts, intellectual property or any other company-sensitive information can not only contravene legislation but may also do substantial damage to an organisation’s credibility, reputation and future competitiveness. It is also worth remembering that contracts are often inadvertently created via email – without either party realising it.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.