An increasing mobile workforce has left many IT departments clueless in how to effectively protect, secure and manage the devices. Nine out of ten IT departments, worry about compliance associated with regulatory demands regarding mobile devices. Almost fifty percent of IT departments believe they’ll need to change their existing policies in order to meet regulations in future. For employers the benefits of having a mo-bile workforce are considerable as it means business can be conducted anywhere and at any time.
Banks, insurance companies, stock exchanges and brokerage firms must adhere to particular regulations regarding mobile-based communication. Sensitive material is constantly being channeled through mobile devices, and therefore must be regulated for security and legal purposes.
There are a number of obligations that firms in the financial services and other heavily regulated industries must satisfy with regard to text message monitoring and retention and protection of content, including:
• SEC Rule 17a-3: requires production of records
• SEC Rule 17a-4: requires retention of records
• FINRA Rules 3010, 3113: requires supervision and retention of records
• Investment Adviser’s Act Rule 204(2) requires maintenance of records
• FINRA Regulatory Notice 11-39: provides guidance for use of personally owned devices that contain corporate information.
• FINRA Regulatory Notice 10-06: provides guidance for use of Web 2.0
• FINRA Regulatory Notice 10-59: requires encryption of content on portable media devices
• FINRA Regulatory Notice 07-59: provides guidance for review and supervision of electronic communications
• The Health Insurance Portability and Accountability Act (HIPAA) requires Protected Health Information (PHI) to be sent securely to prevent its access by unauthorized parties.
• Sarbanes-Oxley, which applies to most publicly owned corporations, imposes a variety of requirements for retention of content, such as communications between senior executives, auditors and others involved in managing financial
and other corporate records.
• FERC Order 717: requires retention of various types of communication, including instant messaging, for five years.
• FERC Part 125: imposes retention periods for records maintained by public utilities and others.
In addition to these, there are a variety of other requirements that focus on the monitoring, retention and/or production of data, including the Gramm-Leach-Bliley Act, various data breach laws in 46 of the 50 US states, and the Federal Rules of Civil Procedure. Moreover, individual states have their own procedures for managing civil litigation, many of which have been updated to reflect the growing quantity of electronic information that organizations manage.
Gramm-Leach-Bliley Act (GLBA) Financial Services Modernization Act of 1999
Protects the rights of individuals in regards to their personal financial information, Violations of the Act can result in significant fines up to $100,00 plus possible jail time.
Key-points of the GLBA:
– Secure the confidentiality of all customer records and information
– Provide access to all customer records to prevent harm or inconvenience to any customer
– Storage of this information must be extremely secure by strong access controls and secure passwords
– Communication through emails must be kept secure and encrypted
– Sensitive customer information must be protected in case of physical disaster or technological failure.
Regulates organizations in the following services: financial services, insurance, tax preparation, banking, consumer credit reporting, brokering
With the advancement in technology, every company wants to be ahead of the competition. Through mobile device communication, companies can have quick exchanges with their costumers. This new technology can lead to liability issues if a problem were to arise. These companies require a system to archive and monitor all electronic communication made within their system. Regardless of the industry your company is in, without proper procedure in place to securely protect your clients private information, you could be open to liability. Allowing employees to communicate with clients through mobile communication will increase productivity and offer your clients a higher level of customer service. Companies would need an end-to-end mobile communication recording and reporting system in place, that is flexible enough to comply with present and future requirements.