Using Gmail - Are you violating a federal law?

I'm always surprised at how casually some business leaders treat their e-mail security.  In this era of security regulations and privacy concerns it's stunning to hear that they still use providers like Googles gmail.  Apparently the appeal of "free" e-mail service outweighs the need for confidentiality even in organizations that are required by law to protect confidential communications.

Did you realize that G-mail scans the content of EVERY e-mail that passes through their service?  If you're a HIPAA regulated organization or regulated by one of the other federal or state privacy statutes that's a clear violation and is subject to AT LEAST a serious fine and maybe more.

When asked about Google searching through the content of client e-mails, Googles Executive Chairman Eric Schmidt replied that they have what they term as "the creepy line" when examining client emails but endeavor not to cross it.  He never really defined where intrusive ends and "creepy" begins, unfortunately. 

The bottom line is - reading other peoples communications is NEVER appropriate and in most cases it's illegal except apparently at Google.

Here's some guidance on e-mail for you:

• If you have confidentiality concerns don't use gmail, Yahoo Mail or any other public e-mail service. 
• Don't let your employees use it for company communications either!  The penalties will still fall to you, if caught.
• Remember, if you're HIPAA regulated, ALL communication containing personal health information must be encrypted in-transit so you must encrypt it.
• All PHI communications and documents at rest (stored on a server) must also be encrypted which eliminates these providers from consideration.

The penalty for violating someones privacy can be up to $50,000 per e-mail event so beware.

Retention of all communication is also regulated now.  Personal Health Information (PHI)  in e-mail and documents must be held AT LEAST for the life of the person or persons mentioned in that document.  Sarbanes-Oxley, e-discovery rules and other federal and state regulations have similar constraints.  You can't just delete old e-mails and documents anymore when confidential information is potentially involved.  Keeping it in a public forum that is easily accessible by individuals like services like gmail that are outside of your control just compounds your problems.

Confused by all of the security problems with e-mail?  Give one of our Security Specialists at ACT Network Solutions a call at (847) 639-7000 or contact us via e-mail at security@act4networks.com.