The Sarbanes-Oxley Act passed four years ago. Many think the law is working, but aren’t sure how it affects e-mails.
It was President George W. Bush that brought the Sarbanes-Oxley Act into being, with the intention to boost accounting oversight and corporate responsibility. The main thrust of the act was to increase accounting and auditor regulations, augment disclosure requirements, generate new federal laws and jack up the penalties under existing federal law. In other words, the whole idea was to make larger companies get their bookkeeping in order.
One of the most important facets of this act centers on the details relating to data security, protection and retention. Data these days refers to many things, but it also includes e-mail. The question quickly grew to ask how the Sarbanes-Oxley Act affects e-mail retention policies in a workplace. Here is some interesting information that not many people are aware of relating to business documents in today’s electronic workplace. If you aren’t clear on any of the regulations in this act, invest time with a Dallas business lawyer to get answers.
Just about 93 percent of all material (business documents) is created electronically. Since that’s the case, many companies are now facing the looming question of what on earth do they do about e-mail retention questions. E-mail and its retention has now become a top priority issue that can’t be ignored. The bottom line is that companies need to develop off-site storage. For example, an online service that stores encrypted data and protects it.
In referring to the Sarbanes-Oxley Act, you’ll find it mentions three stipulations dealing with e-documents, which includes e-mails. They deal with destruction/alteration, obstruction of justice and mandatory document retention. Very simply, when dealing with destruction/alteration, the act says that those who knowingly alter, conceal, falsify, mutilate or destroy any document (paper/electronic) because they want to obstruct any proceedings involving a federal agency may face up to 20 years in jail, be fined or both.
If a company has an e-mail retention policy, then it must also include a security plan. Along those same lines, the company must allow only certain people clearance to access archived e-mails, generate a report with that individual’s name when he or she accesses the secure information and write down any changes to existing documents. The act goes even further and mandates that a company keep records, such as e-mails, for up to five years. The e-mails are to be classified by date, month and year to allow auditors to quickly access pertinent information.
These are provisions that are crucial to the operation of your company, and in order to ensure you are in compliance with the Sarbanes-Oxley Act, you will want to discuss your various issues and questions with an experienced Dallas business lawyer.