Sarbanes-Oxley Act (SOX): Federal law that requires retention of business records, including emails, particularly for publicly traded companies. Sets requirements for corporate record-keeping and places criminal penalties for non-compliance.
Federal Rules of Civil Procedure (FRCP): Federal rules governing civil procedure including electronic discovery requirements. Specifically addresses preservation and production of electronically stored information (ESI) including emails.
Freedom of Information Act (FOIA): Federal law requiring disclosure of government agency records upon request, necessitating proper email retention for government entities.
Electronic Communications Privacy Act (ECPA): Federal law governing the privacy of electronic communications, including email storage and access restrictions.
HIPAA: Healthcare privacy law requiring specific retention and security measures for protected health information, including when transmitted via email.
Gramm-Leach-Bliley Act (GLBA): Financial services law requiring protection and proper retention of consumer financial information, including email communications.
SEC Rules 17a-3 and 17a-4: Securities and Exchange Commission rules specifying record-keeping requirements for broker-dealers, including email retention periods and storage methods.
FINRA Rules: Financial Industry Regulatory Authority rules governing email retention and supervision requirements for member firms.
FDA 21 CFR Part 11: Food and Drug Administration regulations for electronic systems, including requirements for email retention in pharmaceutical and medical device companies.
DOD 5015.2: Department of Defense standard for records management that affects government contractors and specifies email retention requirements.
State Data Protection Laws: Various state-specific requirements for data protection and retention, which may affect email retention policies.
CCPA: California Consumer Privacy Act providing specific requirements for handling personal information, including email data, for California residents.
GDPR: European Union's General Data Protection Regulation affecting organizations handling EU resident data, including specific requirements for email retention and deletion.
