Compliance Journaling & Managed Folders

The ability to journal all classes of data in an enterprise is an important piece of Elephant Outlook’s architecture. The following list shows some of the more well-known U.S. regulations that specify requirements that may rely on journaling technology:

• Sarbanes-Oxley Act of 2002 (SOX)   A U.S. federal law that requires the preservation of records by certain exchange members, brokers, and dealers.
• Security Exchange Commission Rule 17a-4 (SEC Rule 17 A-4)   A U.S. Security and Exchange Rule that provides rules regarding the retention of electronic correspondence and records.
• National Association of Securities Dealers 3010 & 3110 (NASD 3010 & 3110)   The NASD requires that member firms establish and maintain a system to "supervise" the activities of each registered representative, including transactions and correspondence with the public. Also, NASD 3110 requires that member firms implement a retention program for all correspondence that involves registered representatives. These regulations affect primarily broker-dealers, registered representatives, and individuals who trade securities or act as brokers for traders who are subject to the regulations.
• Gramm-Leach-Bliley Act (Financial Modernization Act)   A U.S. federal law that protects consumers’ personal financial information held by financial institutions.
• Financial Institution Privacy Protection Act of 2001   This law amends the Gramm-Leach Bliley Act to provide enhanced protection of nonpublic personal information.
• Financial Institution Privacy Protection Act of 2003   This law amends the Gramm-Leach Bliley Act to provide enhanced protection of nonpublic personal information.
• Health Insurance Portability and Accountability Act of 1996 (HIPAA)   A U.S. federal law that provides rights and protections for participants and beneficiaries in group health plans.
• Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (Patriot Act)   A U.S. federal law that expands the authority of U.S. law enforcement for the stated purpose of fighting terrorist acts in the United States and abroad.

In addition to these U.S. laws and regulations, the following regulations also specify requirements that may rely on journaling technology:

• European Union Data Protection Directive (EUDPD)   This directive standardizes the protection of data privacy for citizens throughout the European Union (EU) by providing baseline requirements that all member states must achieve through national implementing legislation. The EUDPD influences privacy protections in other countries or regions because of the limitations that it puts on sending personal information outside the European Union. Ordinarily, the EUDPD allows such transmission only to areas that are deemed to have adequate standards for various items, including data security.
• Japan’s Personal Information Protection Act   A law promulgated by the Japanese government to regulate the collection, use, and transfer of personal information. The Personal Information Protection Act applies to government or private entities that collect, handle, or use personal information of 5,000 or more individuals.

Various corporate retention policies exist for e-mail, voice mail, and fax communications. With Managed Folders, a user can organize messages into Outlook folders that are provisioned and managed by the company policies. An automated process scans the inbox and these folders to retain, expire, or journal communications based on compliance requirements.

Journaling is a compliance-focused service to copy the original e-mail messages that are sent or received by departments or individuals in organization, to and from recipients outside your organization, or both, for use in the organization's e-mail retention or archival strategy.

Journaled messages can be archived to any SMTP address, including an Exchange mailbox or Windows SharePoint Services site.

Next: Data Center Facilities