Regulations, Laws & Compliance

Wondering about the laws and regulations around email archiving? It's important to ensure that your archiving practices are in compliance.


“Discovery,” in the legal sense, is the early phase of litigation when opposing parties must provide each other with pertinent information, records and documents. eDiscovery refers to electronic data to be used as evidence in a legal case.

Electronic discovery covers any electronic data (often referred to as ESI, or electronically stored information) that could be considered as evidence. For example, spreadsheets, Word documents, audio files, video files and most importantly, email, are all subject to eDiscovery.

Encryption at Rest

Sensitive or confidential email content should be encrypted both in transit and at rest. Encryption at rest provides enhanced protection against data theft or exposure.

Freedom of Information Act (FOIA)

FOIA governs public access to government records. Its purpose is to ensure the public has access to information about government activities. FOIA stipulates that government agencies must disclose records unless the agency can make a case for an exemption. Any person can request the information. (Text of FOIA.)

With FOIA, there is a presumption of disclosure. This means the burden is on the government to prove why the information should not be released. If proof is not made, government agencies must disclose the requested information. There are specific exemptions in FOIA, including matters of national defense, trade secrets and private personal information.

Health Insurance Portability and Accountability Act (HIPAA)

HIPAA required the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans and employers (known as covered entities and business associates). Although HIPAA puts forth some standards for sending Protected Health Information (PHI), which includes email addresses, via email, there are no specific regulations regarding email archiving.

Because customers can set their own retention periods within Authority, covered entities and business associates can retrieve email for the mandated and minimum preservation period of up to six years required by HIPAA.

Open Records

While FOIA covers regulations concerning U.S. national public records, many states have enacted their own open records acts as part of the Freedom of Information Act. The overall intent of open records laws is to promote government openness and transparency.

Service Organization Controls (SOC) Inc., the parent company of Authority, has successfully conducted a Service Organization Controls (SOC) 2 audit/examination of the Trust Service Principles: Security, Availability and Privacy. The main purpose of the SOC 2 Type 1 report is to show our customers that an independent third party has evaluated our systems and controls and our adherence to those systems and controls.