Messaging Regulatory Compliance

What is regulatory compliance?

Every organisation is bound by applicable laws, policies and regulations. Failure to adhere to, or comply with, these could result in fines and prohibitions, in other words ‘significant business impact’. Regulatory compliance is simply unavoidable, and the best we can do is to stay compliant. Most messaging regulatory compliance laws require retention of emails, and below are a few examples of such regulation:

Compliance Law



Payment Card Industry – Data Security Standards (PCI – DSS)

United States

1 year

AICPAGenerally Accepted Privacy Principles (GAPP)

United States

Retain PII until no longer required

Australian Essential 8 (ACSC 8)


3 months or more

Data Protection Act (DPA)

United Kingdom

Retain PII until no longer required

Sarbanes Oxley (SOX)

United States

7 years

Bundesdatenschutzgesetz (BDSG)


Retain PII until no longer required

While the above list is limited, there are innumerable laws which apply to industries in different regions. Moreover, businesses could be subject to compliance with multiple laws, which is certainly the case with multinational organisations.

How should you choose a solution and retention strategy which addresses compliance, and caters to longer-term requirements? Here are a few pointers:

1. Start by evaluating your compliance requirements

2. Evaluate an appropriate email data governance solution. A few examples are below:

a. Journaling – A concept of storing a copy of every sent or received message

b. Archiving – This involves storing a copy of all messages on inexpensive storage and retaining the same for a predefined period. Examples include solutions like Veritas Enterprise Vault, Mimecast, Commvault

c. Retention – This concept reduces the need to move data to a different location, but rather assigns a retention tag to the data at source. Examples include retention solutions for Microsoft Exchange, O365, Google Vault

3. Consider an eDiscovery solution – Data must be produced anytime when requested. However, this is something many organisations do not plan for, thus facing huge eDiscovery costs coupled with fines. It is imperative you plan for this in advance, and preferably leverage an email retention solution which includes eDiscovery (at least as an available option). You may consider solutions from Veritas, Proofpoint, Barracuda, Mimecast

4. Reduce complexity – I have seen organisations rely on a combination of multiple solutions to address their retention and eDiscovery requirements. While this does address the problem, it adds a lot of management overhead and complexities. Hence, it is advisable to consider a wholistic solution which addresses all of these requirements. A few examples are O365 Compliance model, Veritas Enterprise Vault Cloud, Mimecast etc.

How can Insentra help with messaging regulatory compliance?

We are specialists in security solutions and our proven project methodology will help us (and you) understand your requirements better, thus mapping them with your long-term compliance goals. Please feel free to get in touch with Insentra to know more.

Join the Insentra Community with the Insentragram Newsletter

Hungry for more?

[Managed Services for Partners]

Managed Azure and Analytics – Simplifying your cloud operations

By [John Gallacher]

2020 is well underway and here’s to a good one for all. I’ve spent a fair bit of time reflecting on 2019 and it was quite a year for our Managed Services crew.

[Managed Services for Partners]

Effectively Manage & Improve User Experience with Insentra’s UXaaS

By [Gary Cohen]

Have your users stopped complaining and logging calls? Are they just used to waiting for applications to launch and to respond to their commands?

[Managed Services for Partners]

Enhanced Support Services

By [Aaron Parker]

Insentra is redefining traditional IT support with Enhanced Support Services (ESS). This proactive support service is backed by our engineers who not only resolve immediate incidents, but work with partners to prevent future challenges.