Compliance - Regulatory Overviews

Businesses today must be up-to-date and compliant with a wide range of state, federal, and international regulations. To help organizations better understand what is required, we have provided a list of the key regulations businesses should be concerned with, and a summary of what they entail:

■ FRCP ■ GDPR ■ HIPAA ■ SEC 17a (3,4) ■ NASD 2210 ■ NASD 2711 ■ NASD 3010 ■ NASD 3110 ■ Sarbanes-Oxley ■ Investment Advisors Act ■ IDA (The Investment Dealers Association of Canada)

Below we listed samples of international compliance and regulation-driven retention practices, some are not mandated by law but are used to develop Best Practices for email and electronic record retention to compliant with certain specific regulations.

North America

• US: HIPAA (Health Insurance Portability and Accountability Act); SOX (Sarbanes-Oxley); GLBA (Graham Leach Bliley Act); FRCP (Federal Rules for Civil Procedure); CAPSTONE Compliance.
  

• Canada: PIPEDA; Rule 30.02 Ontario Rules; Bill 198 Multilateral Instrument.
  

• MessageSolution Data Redaction

  
  
  

  GDPR: The newly enacted law and the revised version of regulation on Personal Identifiable Information (PII) and Payment Card Industry Data Security Standard (PCI DSS), which will be officially effective in May 2018.
  

• Euro-SOX: MiFID (Markets in Financial Instruments Directive); European Union Data Protection Directive 95/46; European Union Directive 2006/24/EC.
  

• UK: Data Protection Act 1998; CPR (Civil Procedure Rules).

• Germany: German Federal Data Protection Act; German Telecomms Data. Retention Act; Criminal Procedures Act.

• Switzerland: Swiss Federal Data Protection (DPA); Basel II audit procedures; (SCO) Swiss Code of Obligations.

Global

• PCI DSS (Payment Card Industry Data Security Standard).
  

• ISO 19779/27001 (International Standards Organization).
  

• IT Security standard, ITIL (IT Infrastructure Library).
  

• Framework for service delivery, CoBIT (Control Objectives for Information and Related Technology).
  

• IT security standard, risk management in financial services, COSO (Committee of Sponsoring Organizations).

Asia-Pacific

• Australia: Privacy Act; APRA (Australian Prudential Regulation Authority); CLERP 9. China: Anti-Corruption Compliance.
  

• Japan: J-SOX; JPIPA (Japanese Personal Information Protection Act).
  

• India: Right to Information Act; Companies Act with more comprehensive audit procedures.
  

• Singapore: Companies Act.
  

Latin America

• Brazil: Azaredo Law; Bill #6891/02.
  

• Mexico: Federal Freedom of Information Act; Ley Federal de Transparenciay Accesoa la Informacion Publica Gubernamental; Leydel Mercado de Valores.