If you receive errors when attempting to view this white paper, please install the latest version of
"MessageLabs, now part of Symantec, provides a range of managed services to protect, control, encrypt and archive electronic communications. Listed as a leader in the Gartner Magic Quadrant and many other analyst reports, and with more than 19,000 clients ranging from small business to the Fortune 500 located in more than 86 countries, MessageLabs services are widely recognized as a market leader in the messaging and web security market."
Source : MessageLabs
Compliance Rules: Rules and Tools, Policies and Best Practices for Cost-Effective, Comprehensive Compliance in the United States
Comprehensive Compliance is also known as :
Comprehensive Compliance Program,
Effectively Manage Compliance Costs,
Comprehensive Compliance Tips,
Comprehensive Compliance Tools,
Effectively Manage Comprehensive Compliance Costs,
Comprehensive Compliance Strategy,
Comprehensive Compliance Management,
Comprehensive Compliance Examinations,
Comprehensive Compliance Firm,
Comprehensive Compliance Controls,
Management Comprehensive Compliance,
The ePolicy Institute, www.epolicyinstitute.com, and MessageLabs, now part of
Symantec, www.messagelabs.com, have created this business guide to provide
Best-Practices Guidelines for Corporate Compliance with Federal and State Laws
and Regulatory Rules.
Through the implementation of a strategic Compliance Program, incorporating
clearly written rules, formal employee education, and effective Hosted Services
solutions, U.S. employers can enhance productivity, cut costs, reduce (and in some
cases eliminate) the likelihood of email- and Hosted Service-related litigation,
regulatory investigations, security breaches, privacy violations, and other electronic
Compliance Rules: Rules and Tools, Policies and Best Practices for Cost-Effective,
Comprehensive Compliance in the United States is produced as a general bestpractices
guidebook with the understanding that neither the author, ePolicy Institute
Executive Director Nancy Flynn, nor the publisher, MessageLabs, now part of
Symantec, is engaged in rendering advice on legal, regulatory, or other issues.
Before acting on any rule, policy, or procedure addressed in Compliance Rules:
Rules and Tools, Policies and Best Practices for Cost-Effective, Comprehensive
Compliance in the United States, you should consult with legal counsel or other
professionals competent to review the relevant issue.
The ePolicy Institute is a leading source of speaking, training, and consulting
services related to workplace email and Internet policies, communication, and
management. The ePolicy Institute is dedicated to helping employers limit email
and Hosted Service risks, including litigation and regulatory investigations, while
enhancing employees' electronic communication skills.
Visit www.epolicyinstitute.com to learn more.
MessageLabs, now part of Symantec, is a leading provider of integrated messaging
and Hosted Service security services, with over 18,000 clients ranging from small
business to the Fortune 500 located in more than 86 countries. MessageLabs, now
part of Symantec, provides a range of managed security services to protect, control,
encrypt and archive communications across Email, Hosted Service and Instant
Messaging. These services are delivered by MessageLabs, now part of Symantec,
globally distributed infrastructure and supported 24/7 by security experts. This
provides a convenient and cost-effective solution for managing and reducing risk
and providing certainty in the exchange of business information.
Table of Contents
- Overview: U.S. Companies Face Ever-Increasing Compliance Hurdles
- In the Electronic Office, Risks Abound: Litigation and Regulations,
Security and Privacy Create the Need for Strategic Compliance Management
- Electronically Stored Information Plays an Ever-Expanding Evidentiary Role:
Federal Rules of Civil Procedure Raise the Bar for Compliance Management
- Legal Discovery:
Are You Prepared to Meet the Challenges of Email Discovery?
- Top 10 Legal and Business Reasons to Retain and Archive Corporate Email
- Protect the Integrity of Your Email:
What Type of Email Makes Good Business Records and Reliable Evidence?
- Regulators Grow Increasing Watchful:
Regulators Take Seriously the Protection and Production of Electronic Evidence
- States Put Teeth in Privacy Laws: Security Breach Notification Laws Take Data
Theft and Compliance with Laws and Procedures Seriously
- State Encryption Laws: Widespread Changes in the Use, Storage, and Transmission
of Personal Data
- Hosted Services Minimize Risks, While Software and Hardware Maximize Vulnerabilities
- The MessageLabs Services Advantage: Hosted Services Support Compliance with
Federal and State Laws, Government and Industry Regulations
- Seven Corporate Compliance Tips: Prepare Today for the Eventuality of a Lawsuit,
Regulatory Audit, or Security Breach Tomorrow
- About The ePolicy Institute
- About MessageLabs, Now Part of Symantec
U.S. Companies Face Ever-Increasing
Organizations of all types and sizes, industries and
professions have long been mindful of the need for
legal and regulatory compliance. In the current
economic environment, however, forward-thinking
organizations now are shifting their focus somewhat.
Mere adherence to laws and regulations is no longer
enough. Thanks to tight economic conditions and a
fiercely competitive business environment, proactive
managers and executives are committed to implement-
ing strategic email and Hosted Service management
programs that combine formal e-pPolicies with
employee education and proven, reliable technology
designed to deliver cost-effective, comprehensive
compliance with the ever-increasing guidelines set
forth by U.S. federal and state courts, legislative
bodies, and regulatory entities.
Whether your business is regulated or unregulated,
public or private, a mid-market company with hundreds
of users or a large enterprise employing thousands,
you simply cannot afford to take chances with email
and Hosted Service management. Laws and regula-
tions vary by industry and state. Depending upon the
industry and U.S. jurisdictions in which you operate or
have customers, you must comply with all relevant
federal and state laws and government and industry
regulations or face potentially costly consequences
including protracted litigation, stiff regulatory fines,
reputation-shattering security breaches, malicious
intruder attacks, lost productivity, business interrup-
tions, and public embarrassment should a workplace
lawsuit be filed or the media get wind of a particularly
salacious electronic disaster story.
In the Electronic Office, Risks
Litigation and Regulations, Security and
Privacy Create the Need for Strategic
Fully 90% of business documents produced and
acquired by companies are electronic, with email
serving as a virtual file cabinet for the vast majority of
business records, according to the Association of
Record Managers and Administrators (ARMA).
Consequently, email plays an ever-expanding eviden-
tiary role in workplace lawsuits and regulatory investi-
Nearly a quarter, 24%, of U.S. employers have had
employee email subpoenaed in the course of litigation
or regulatory audits, and another 15% of companies
have gone to court to battle lawsuits specifically
triggered by employee email, according to American
Management Association/ePolicy Institute research.
Fully 29% of U.S. businesses were involved in at least
one litigation matter in 2007, with 32% battling lawsuits
involving $20 million or more, reveals the Litigation
Trends Survey from Fulbright and Jaworski L.L.P. and other electronically stored information will one day
become part of the evidence pool. The question is
when will you be asked to produce employee email as
part of legal proceedings or a regulatory investigation?
Information Plays an Ever-Expanding Evidentiary Role:
Federal Rules of Civil Procedure Raise the
Bar for Compliance Management
There's no doubt that the evidentiary role of workplace
e-mail and other electronically stored information (ESI) will
continue to expand. Email and other ESI creates the
electronic equivalent of DNA evidence. The United States
Federal Court made this clear in 2006 when the much-
anticipated amendments to the Federal Rules of Civil
Procedure (FRCP) were announced. FRCP affirms the
fact that all electronically stored information including
email messages, attachments, and other data is discov-
erable and may be subpoenaed and used as evidence-
for or against your organization in litigation.
Best Practice: Unmanaged email and other ESI
can trigger financial, productivity, and legal
nightmares should your organization one day find
itself embroiled in a workplace lawsuit. The cost and
time required to produce subpoenaed email, retain
legal counsel, secure expert witnesses, mount a legal
battle, and cover jury awards and settlements could
put you out of business. Best practices call for a
proactive approach to email management. Combine
written content, usage, and retention policies with a
Hosted Managed Email Archiving Service to ensure
your organization's ability to preserve, locate, and
produce legally valid email evidence.
Are You Prepared to Meet the Challenges of
During the legal discovery process, the court orders each
party to produce all documents, including email messages,
attachments, history of Hosted Service surfing, and other
ESI relevant to the case. The need to quickly locate and
promptly produce legally valid ESI, including email
messages and attachments, ups the ante for employers.
Fail to meet your discovery obligations, and your organiza-
tion may be slapped with a court-imposed financial penalty
or other sanction including instructions to the jury to
assume that your company has intentionally destroyed
When subpoenaed, email and other ESI must be retrieved
and relinquished in a timely and authentic manner and
may be used as evidence to support or sink your case.
Nonetheless, the business community continues to exhibit
an alarming lack of skill when it comes to electronic
records management. Fully 65% of enterprises and 28%
of small to mid-sized (SMB) organizations have faced e-
discovery, according to Enterprise Strategy Group
research. Yet, only 34% of organizations have email
record retention policies and schedules in place, Ameri-
can Management Association/ePolicy Institute
For unregulated private sector companies, the law
does not require the retention of business-related
email. Nonetheless, there are compelling reasons to
combine a retention policy with a Hosted Managed
Email Archiving Service to ensure that your
organization's email is securely stored and can be
readily searched and supplied when needed.
Top 10 Legal and Business
Reasons to Retain and Archive
- Email creates business records that can protect the
organization in the event of a lawsuit.
- Email business records can help shelter you from
false claims and unfounded lawsuits.
- Email evidence that is preserved and produced by
your organization may motivate your opponent to settle
a weak claim out of court, saving you time and money
in the process.
- Email may provide your organization with the all-
important evidence it needs to successfully defend-
and win a workplace lawsuit.
- Email records may enable your organization to take
legal or disciplinary action against employees who
violate company policies, fail to perform, or otherwise
act contrary to the best interests of the organization.
- Email provides a written record that can "speak" for
witnesses who may be unwilling or unable to testify.
- Email records can fill in the blanks when human
- Email provides the written records that all
businesses need in order to operate properly. Formal
documentation of transactions, decisions, personnel
matters, and day-to-day operations is essential to
efficient business management. No entity of any kind
can function without reliable records.
- Email helps keep the courts happy. Failure to
produce email during legal discovery may lead to
financial penalties if the court believes your organiza-
tion has intentionally destroyed email evidence.
- Email archiving guarantees your ability to produce
evidence that the court recognizes as trustworthy,
tamperproof, and authentic. Legally compliant, in other
Protect the Integrity of Your
What Type of Email Makes Good Business
Records and Reliable Evidence?
To be considered legally valid, the court must deem email
to be authentic, trustworthy, and tamperproof. Unfortu-
nately, email can easily be changed and rendered
legally invalid just by clicking edit and change. Even all-
important business records can be forged when sent or
received via email. Unless properly managed and
securely archived, email opens your organization to a
variety of claims ranging from "I never received your
message" to "That's not what the attachment said."
Best Practice : Organizations that are eager to
protect email records are advised to turn to archiving
technology to ensure forensic compliance. For
example, by instantly encrypting and archiving a copy
of every internal and external email sent or received
across your organization, a Hosted Managed Email
Archiving Service olution guarantees that your email is
secure and tamperproof. Nothing in your archive can
be deleted or altered. Everything in your archive is
authentic and legally compliant.
As detailed in The e-Policy Handbook, 2nd Edition, to
qualify as a good business record and reliable legal
evidence, email must embody five qualities:
- Authenticity: To be accepted as legal evidence, email
must be authentic. You must be able to demonstrate the
origin of a business record including who wrote the
original message and who added to or altered it. Hosted
Managed Email Archiving Services guarantee email
- Integrity: A good email business record has integrity.
You can prove that its content and meaning have not
been altered since its creation. Hosted Managed Email
Archiving Services guarantee email integrity.
- Accuracy: To be legally acceptable, email must be
accurate about the facts originally documented, and it
must remain accurate throughout its life. In other words,
you must be able to prove that the message has not been
tampered with Hosted. Managed Email Archiving
Services guarantee email accuracy.
- Completeness: It is essential for an email message
and its metadata or parts (body, header, attachments, log
files relating to transmission and receipt) to remain intact
as part of a complete record. Hosted Managed Email
Archiving Services guarantee email completeness.
- Repudiation: In contract situations, it's easy for a party
to claim that he did not receive an email message, or that
he is not responsible for promises made via email.
Protection against repudiation is a function of good email
records and evidence. Protection against repudiation
depends on the reliability of the process used to ensure
email authenticity, integrity, accuracy, and completeness.
Hosted Managed Email Archiving Services protect
against messaging-related repudiation.
Regulators Grow Increasing
Regulators Take Seriously the Protection
and Production of Electronic Evidence
Over the years, government and industry regulators
have turned an increasingly watchful eye to the content
created and business records generated by email
messages and attachments, Hosted Service surfing,
and other ESI. In fact, 36% of U.S. companies reported
increased regulatory inquiries or investigations in 2007.
At the same time, approximately 50% of financial
services, insurance, engineering, construction, technol-
ogy, and communications companies experienced an
upswing in regulatory audits, according to Fulbright &
Don't take chances with regulatory compliance.
Consult with legal counsel to ensure that your organiza-
tion is in compliance with regulators' email-related
rules, policies, and procedures. Among the email-
related regulatory rules with which U.S. employers
must concern themselves:
Sarbanes-Oxley (SOX) Regulations: For public
companies and registered public accounting firms,
inadequate email management and lax email security
can lead to SOX violations. Designed by the Securities
and Exchange Commission (SEC) to thwart fraud in
public companies, SOX requires regulated companies
to implement internal controls for gathering, process-
ing, and reporting accurate and reliable financial
information. Effective email management is fundamen-
tal to SOX compliance. Consequently, email security
breaches, from intercepted messages to corrupted files
to leaked, stolen or lost data, can put your organization
at risk of noncompliance. Knowingly altering or
destroying records that are vital to an audit or investiga-
tion can net guilty parties 20 years in federal prison and
fines of $15 million.
Gramm-Leach-Bliley Act (GLBA): Under GLBA,
financial services firms and other businesses are
legally obligated to protect the privacy of customers
and their nonpublic personal information. Email
management is fundamental to GLBA compliance.
Security breaches, intercepted messages, corrupted
files, and leaked, stolen, or lost data can put your
organization at risk of noncompliance. Failure to
comply with GLBA can result in 10 years in prison and
a $1 million fine.
SEC and FINRA Rules and Regulations: Regulated
financial services firms and broker-dealers who fail to
manage written email content or retain email business
records according to SEC and FINRA regulations can
face lengthy investigations, seven-figure fines, career
derailment, and embarrassing headlines.
Payment Card Industry-Data Security Standard
(PCI DSS): PCI DSS establishes standards and
technologies to protect cardholder data. Email
management and Hosted Service security are essen-
tial to ensure data protection and regulatory compli-
ance. Merchants and agents who fail to comply face
potential fines of $500,000 per incident.
Best Practice: To maximize SOX, GLBA, SEC,
FINRA, and PCI DSS compliance, ensure that
financial data and related documents are effectively
protected from malware, viruses, and other malicious
intruders and are preserved in a legally compliant
manner. Combat messaging threats and comply with
regulatory demands with Hosted Services including
Email Anti-Virus, Email Archiving, Email Continuity,
and Email Content Control proven effective weap-
ons in the battle against increasingly sophisticated
and potentially costly email threats and regulatory
Health Insurance Portability and Accountability
Act (HIPAA): Does your organization operate within
the health care arena, represent medical clients, or
otherwise provide services or products to health care
companies? If so, you are legally required by the
Health Insurance Portability and Accountability Act
(HIPAA) to protect the privacy of patient information.
HIPAA requires healthcare organizations and their
suppliers to safeguard email messages and attach-
ments that contain electronic protected health
information (EPHI) related to a patient's health status,
medical care, treatment plans, and payment issues.
Failure to do so can result in seven-figure regulatory
fines, civil litigation, criminal charges, and jail time.
Best Practice: Employers governed by HIPAA
have a choice: Use policy, employee training, and
technology including Hosted Managed Email
Archiving, Anti-Virus, Continuity, and Content Control
Services to ensure the safe and compliant use of
email to transmit and store HIPAA-regulated patient
information or suffer potentially stiff penalties and
prison time for noncompliance.
In addition, the Internal Revenue Service (IRS), Family
Educational Rights and Privacy Act (FERPA), Office of the
Comptroller of the Currency (OCC), FDIC, Federal
Information Security Management Act, Family Educational
Rights and Privacy Act, and the U.S. Patriot Act are just a
few of the tens of thousands of federal regulations and
regulatory bodies that regularly request access to email for
audit or review. If you are unsure which government or
industry regulations govern your employees' use of email,
now is the time to find out.
States Put Teeth in Privacy
Security Breach Notification Laws Take Data
Theft and Compliance with Laws and
As of December 2008, 44 states, the District of Columbia,
Puerto Rico and the U.S. Virgin Islands had enacted
breach notification laws, requiring companies to notify
customers and other affected parties in the event of a
security breach involving personal identity and financial
The law takes data theft and corporate compliance with
security laws and procedures seriously. Comply with
best practices and the law in those states in which you
operate or have facilities. If your company touches
credit cards, Social Security numbers, protected health
information, financial data, or other sensitive and
private consumer information, then you must combine
policy with technology to ensure compliance with data
breach notification laws.
State Encryption Laws:
Widespread Changes in the Use, Storage,
and Transmission of Personal Data
As detailed in the MessageLabs, now part of Syman-
tec, whitepaper, New State Laws Enforcing Encryption,
Massachusetts and Nevada in 2008 enacted legisla-
tion to enforce the encryption of personal information,
resulting in widespread changes in the ways compa-
nies use, store and transmit personal data. Michigan
and Washington State now are considering following
their lead. While only two states have adopted encryp-
tion laws so far, the laws, which apply to out-of-state
companies with operations or customers in those
states, have far-reaching consequences.
The Massachusetts regulations (201 CMR 17.00) take
effect on May 1, 2009 and are the most comprehensive
encryption requirements imposed on companies by
any state. The regulations require companies to
encrypt all personal information transmitted electroni-
cally or wirelessly. Businesses also must encrypt all
personal information stored on laptops and other
portable devices including BlackBerries, cell phones,
iPods, and USB drives. In Massachusetts, encryption
technology must include anti-spyware and anti-virus
software, up-to-date patches, virus definitions, and
security software that can receive the most current
security updates on a regular basis.
The Nevada law (Statute 597.970) prohibits any
business in Nevada from sending a customer's
personal information through an electronic
transmission except via fax unless the business
uses encryption to ensure the security of the transmis-
sion. The law stipulates that all email, Hosted Service
sites, and other forms of Internet-based communication
involving customers' personal information must be
encrypted. The law defines personal information as first
name or initial plus last name, along with a Social Secu-
rity number, driver's license, ID card, credit or debit
card or account number, plus a security code or
password granting access to an individual's financial
California Security Breach Information Act and
Other State Privacy Acts
To quote The Washington Post, "Novel state laws that
push the legal envelope also have a way of catching on
in other states. Nowhere has this been more evident
than with California's landmark 2003 data breach
disclosure law, variations of which have been adopted
in 40 states." The California Security Breach Informa-
tion Act (CA-SB 1386) and similar laws nationwide
apply to all organizations that retain, transmit, or access
electronic information on state residents. The intent is
to identify and alert residents whose private information
or financial data has been compromised.
Stricter than past regulations, these new state data-
security laws establish a standard that can be used in civil
litigation to allege negligence on the part of businesses
that lose personal data, according to The Wall Street
Journal. More practical business implications are the
internal time and costs to identify where personal informa-
tion is being stored, how it is transmitted, and what
encryption solutions are available.
Best Practice: To safeguard personal or sensitive
data whose transmission could activate state encryp-
tion laws or other privacy acts, companies are advised
to deploy Hosted Managed Security Services
designed to effectively identify personal information in
any electronic transmission and, if necessary, block or
encrypt the transmission.
Hosted Services Minimize Risks,
While Software and
Hardware Maximize Vulnerabilities
Just as electronic business communication tools have
evolved, so too have the technology solutions used to
manage email, IM, and the Hosted Service in a compliant,
secure, and cost-effective manner. Software and
hardware appliances once provided the gold standard for
workplace risk management and data security. No longer.
Mindful of an increasingly competitive business environ-
ment, motivated by the need to mitigate risks and manage
compliance, and marshaled by growing budgetary
constraints, organizations increasingly are turning to
Hosted Services to seamlessly support compliance
functions, shore up security breaches, and stem network
and perimeter risks. As 40% of companies of all sizes
have already discovered, Hosted Services offer the most
efficient and effective way to minimize security risks and
maximize compliance with legal, regulatory, and organi-
zational rules and policies without breaking IT's budget
or the company's bank.
A reliable, easy, and affordable solution, the Hosted
Services model is gaining ground with enterprises of all
sizes. MessageLabs, now part of Symantec, reports that
80% of mid-sized to large enterprises with over 1,000
employees plan to expand their use of Hosted Services
services. According to SearchCIO-Midmarket.com, 40%
of companies of all sizes currently use at least one Hosted
Services application. Forrester Research reports a 33%
increase in the number of large enterprises using Hosted
Services and a 50% increase in the number of small-to-
medium-sized businesses (SMBs) that turned to Hosted
Services between 2007 and 2008. Industry insiders
expect that, among companies with 100 or more employ-
ees, 70% will adopt Hosted Services solutions by 2012.
Best Practice: For employers eager to reduce
business and security risks associated with electronic
communication, there is a solution. Implement a
strategic email and Hosted Service management
program that combines written policy with employee
training and a Hosted Services solution and watch
electronic threats decrease as compliance with legal,
regulatory, and organizational rules increases.
A means of outsourcing enterprise applications,
Hosted Services complement and complete the
organization's security fortress, delivering heightened
security at a compelling price.
Software-based security alone simply cannot
safeguard messaging like Hosted Services can.
Software tools leave the organization vulnerable to
attacks from within. If you rely solely on software to
protect your system, you may find yourself at the mercy
of a skilled adversary or malicious malware eager to
damage your organization's assets, reputation, and
future by: (1) accessing your memory to glimpse inside
"secure" applications; (2) capturing keystrokes and
display data to steal secrets from local applications and
remote terminals; (3) disabling the tools that are
designed to uncover malware and check for informa-
tion misuse; and (4) misleading the software that is
designed to assess system health and integrity.
Hardware devices offer no more protection than
software. Hardware solutions put the organization at
risk of data theft and corruption. Obsolescence poses
a challenge. Costs capital expenses, operating
expenses, taxes, and asset depreciation take a toll on
the bottom line. And the inevitable adoption of mobile
devices, off-shoring, and collaborative technologies
simply doesn't lend itself to a hardware solution.
At the end of the day, proven reliable Hosted Services
that provide email archiving, encryption, content
control, and continuity, facilitate security and
compliance with fewer headaches and lower costs
than software or hardware solutions can offer.
The MessageLabs Services
Hosted Services Support Compliance with
Federal and State Laws, Government and
MessageLabs Policy Based Encryption Service
The fastest, easiest way to implement an email encryp-
tion solution to ensure compliance with federal, state,
government, and industry rules and regulations,
MessageLabs Policy Based Encryption Service allows
you to create and enforce flexible policies matching
your exact requirements. The hosted service encrypts
messages automatically, instantly, securely based
on sender and recipient information, or detailed scans
of email content and attachments for words, names,
phrases, numbers, and file types. Recipients of
encrypted email can easily access messages without
any special knowledge. IT management and costs are
significantly reduced, as key management is handled
by MessageLabs, now part of Symantec., with that is
sSimple to set-up, configure and use.
MessageLabs Managed Email Archiving Service
for Microsoft Exchange
The courts appreciate consistency. If you can demon-
strate that your organization has consistently applied
clear email usage, content, and retention policies-
supported by comprehensive employee education and
a proven-effective managed email archiving service-
then the court is more likely to look favorably upon your
organization should you one day find yourself embroiled in
a workplace lawsuit.
MessageLabs Managed Email Archiving Service for
Service provides you with a proven email archiving solution
that meets your needs for mailbox management, e-
discovery, email compliance, and supervision. High-
performance search, using MessageLabs, now part of
Symantec, and advanced distributed search architecture,
means archived email can be retrieved in seconds, regard-
less of storage size.
MessageLabs Anti-Virus Protection Service
The only online solution with a 100% capture rate of known
and unknown email viruses, MessageLabs Managed
Email Anti-Virus Service supports all email server
platforms and provides protection from viruses, phishing,
trojans, worms, and other forms of malware. The anti-virus
protection service stops known and unknown viruses at
0-hour before they reach your network, so your business
avoids costs associated with system downtime, productiv-
ity loss, and brand damage. A Hosted Service,
MessageLabs Email Anti-Virus Service requires no
hardware or software, is easy to implement, with offers
24x7x365 support, and has proactive detection for new,
emerging, and converged threats.
MessageLabs Email Content Control Service
MessageLabs Email Content Control Service scans and
filters email content and attachments to identify confiden-
tial, malicious, and otherwise inappropriate language,
along with offensive jokes and other banned content sent
or received by employees. A Hosted Managed Email
Content Control Filtering Service, the MessageLabs
Services enables you to quickly and easily address and
control incoming, outgoing, and internal content minus
the cost and hassle of hardware or software purchases,
installation, upgrades, and maintenance.
MessageLabs Email Continuity Service
MessageLabs Email Continuity Service helps organiza-
tions maximize email availability and guard against the
disruption and data loss that can result from an email
outage. Services include an on-demand Email Failover
System that kicks in seamlessly when an outage occurs,
allowing email users to continue sending and receiving
messages through Outlook, Lotus Notes, Hosted Service
browser, or BlackBerry devices'without interruption. With
MessageLabs Managed Email Continuity Service, a back-
up email system is permanently primed to come onstream
at the flick of a switch, which you control. Hosted in top-tier
data centers and easily administered from a single Hosted
Service console, MessageLabs Managed Email Service
keeps email fully functional in spite of primary system
failures and regardless of where users are located.
Prepare Today for the Eventuality of a
Lawsuit, Regulatory Audit, or Security Breach
- Know and adhere to the email and ESI retention, discovery, and content rules of federal and state courts and
industry and government regulators.
- Define "business record" for your organization on a companywide or department-by-department basis. Establish
email business record retention rules, policies, and procedures.
- Support your email retention policy with proven reliable archiving. Automate the archiving process to enhance
productivity, reduce costs, enforce policy compliance, and ensure the legal validity of email evidence with
MessageLabs Managed Email Archiving Service.
- Create an audit trail. Eliminate potential surprises by investigating your email system to determine exactly who
has been doing precisely what on the system. Take steps, through written record retention policy and MessageLabs
Managed Email Archiving Service, to demonstrate that your email records are authentic, reliable, and legally compli-
ant. Remember, if you can demonstrate that your archiving service is reliable and your email records are tamper-
proof, then your organization will be on more solid footing with courts and regulators.
- Research and comply with privacy, encryption, and breach notification laws in every state in which you operate or
- Deploy MessageLabs Hosted Services including Email Content Control, Image Control, URL Filtering, and Hosted
Service Security Services to identify personal information in any electronic transmission and, if necessary, block or
encrypt the transmission.
- Rely on MessageLabs Hosted Services Solutions to seamlessly support legal and regulatory compliance
functions, shore up security breaches, and stem network and perimeter risks.
About The ePolicy Institute
The ePolicy Institute is dedicated to helping employers limit email-related risks, including litigation, through effective
email and Internet policies and training programs. The author of 10 books published in 5 languages, including The e-
E-Mail Rules, Blog Rules, Instant Messaging Rules, E-Mail Management and Writing Effective E-Mail, ePolicy
Institute Executive Director Nancy Flynn is an in-demand speaker, trainer, and seminar leader with clients worldwide.
She also serves as a consultant to law firms and as an expert witness in email-related litigation. Since 2001, The
ePolicy Institute has collaborated with American Management Association on an annual survey of workplace email
and Internet policies, monitoring procedures, and best practices. A respected media source, Nancy Flynn has been
interviewed by thousands of media outlets including Fortune, Forbes, Time, NewsWeek, BusinessWeek, Wall Street
Journal, US News & World Report, USA Today, Readers' Digest, National Public Radio, CBS Early Show, CNBC,
CNN Headline News, CNN Anderson Cooper 360, Fox Business News, NBC and ABC. For information about
ePolicy Institute training and consulting, products and services, contact Nancy Flynn at 614-451-3200 or
About MessageLabs | Now part of Symantec
MessageLabs, now part of Symantec, provides a range of managed services to protect, control, encrypt and archive
electronic communications. Listed as a leader in the Gartner Magic Quadrant and many other analyst reports, and
with more than 18,000 clients ranging from small business to the Fortune 500 located in more than 86 countries,
MessageLabs, now part of Symantec, is widely recognized as a market leader in the messaging and Hosted Service
MessageLabs, now part of Symantec, provides a highly effective and integrated set of on-demand services, to stop
both known and unknown threats before they reach your corporate boundaries, address a range of content manage-
ment challenges and provide around the clock protection for your company. Without the need for hardware or
software, MessageLabs, now part of Symantec, services can be deployed anywhere in the world in a matter of
minutes. Completely integrated across a global platform, our services for email, Hosted Service and IM, offer a "one
window" management interface and 24/7 worldwide service and support from our team of security experts. This
provides a convenient and cost-effective solution for managing and reducing risk and providing certainty in the
exchange of business information.
MessageLabs is widely recognized as a market leader in
the messaging and web security market.
© 2009 Nancy Flynn, The ePolicy Institute.&8482; All rights reserved. This publication
may not be reproduced, stored in a retrieval system, or transmitted in whole or in
part, in any form or by any means, electronic, mechanical, photocopying, recording,
or otherwise, without the prior written permission of Author and Executive Director
Nancy Flynn, The ePolicy Institute, www.epolicyinstitute.com, 2300 Walhaven Ct.,
Columbus, OH, 43220. Phone 614/451-3200. Email: firstname.lastname@example.org.