Survey Results: Email Regulatory Compliance

A study completed last year among business email users revealed some alarming, if not surprising, results. Evidently, there is still a high degree of risk for both employees and organizations in how private and confidential information is handled within email.

The survey’s author, VaporStream, “provides a confidential and recordless messaging platform.” As such, we cannot consider them a neutral party in the realm of email security and compliance. Even so, the survey’s findings are concerning and should at least be considered by email administrators and information technology managers.

Among the themes that emerge from this survey are a pervasive lack of awareness among employees regarding what email compliance policies, if any, exist at their organization and both unintentional and deliberate violations of those policies. Naturally, these conditions pose a serious exposure to risk and reveal that many organizations remain ineffective in mitigating that exposure.

Lack of Awareness

If employees are ignorant of their organization’s acceptable use policies, we can only expect wide-spread violations of those policies. The survey reported:
* Q: Does your company have an acceptable-use email policy?
A: 42.7% No or Unsure

* Q: Does your company monitor or archive email?
A: 46.5% No or Unsure

Lack of Compliance

Failure of employees to recognize that email may be monitored or may violate regulations or policies leads to its misuse, putting both employees and employers at significant legal, regulatory, security and business risk.

* Q: Have you ever sent private and confidential business information via email?
A: Nearly 3 out of 4 Yes

* Q: Have you ever used your work email to send or receive private and confidential information that was unrelated to your job?
A: Nearly 50% Yes

* Q: Have you ever accidentally leaked private and confidential business information via email?
A: Nearly 1 out of every 10 Yes

* Q: Have you ever hit reply all instead of reply when responding to an email?
A: Nearly 60% Yes

* Q: Have you or any member of your organization ever sent information via email that was in violation of regulatory compliance?
A: Nearly 25% Yes (either “accidentally” or “intentionally”)

Printed email containing private and confidential information can be left on a printer, at an airport lounge, a hotel business center or trade show booth. Further, these emails can be retained in a printer’s memory.

* Q: Have you ever printed out email messages with private and confidential information?
A: More than 50% Yes

Organizational leadership has cause for concern. Infractions of compliance regulations carry serious consequences; at best, damaged reputations and, at worst, fines or imprisonment.

* Q: “Have your or any member of your organization ever sent information via email that was in violation of regulatory compliance?”
A: 73.7% of those from larger companies (100+ employees) “Yes” (45.7% “accidentally” and 28% “intentionally”)

After reading these survey results, you may be alarmed about your own company. You should ask yourself: How is your organization doing? Do you have policies in place? Are these communicated to employees? Are employees complying with these policies? If so, how do you know?

It is never a bad idea to make sure your organization is reiterating email compliance best practices to your employees. If you spend a small amount of time educating them, you can save a lot of time and money that may otherwise cause you a lawsuit or violation.

 

******************************************************************************************************

Compliance Attender for Lotus Notes is designed to intercept, inspect and manage email communications in real-time. The core of Compliance Attender is its tight integration with IBM Lotus Domino’s mail rules facility, providing the ability to act on messages before they are routed. Compliance Attender is designed as a series of modules that satisfy specific business needs. Based on the modules needed and the rules that are set up, organizations can Journal, Filter, Classify and ToneCheck (i.e., analyze and respond to the emotional impact of) messages. Organizations may purchase individual modules or combine them to build email compliance management software that fits their needs.

Learn about Sherpa Software’s Compliance Attender, by clicking here.

Leave a Reply

Your email address will not be published. Required fields are marked *