Jlhoffman Support

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Tuesday, 18 June 2013

Using Gmail - Are you violating a federal law?

Posted on 10:47 by Unknown
I'm always surprised at how casually some business leaders treat their e-mail security.  In this era of security regulations and privacy concerns it's stunning to hear that they still use providers like Googles gmail.  Apparently the appeal of "free" e-mail service outweighs the need for confidentiality even in organizations that are required by law to protect confidential communications.

Did you realize that G-mail scans the content of EVERY e-mail that passes through their service?  If you're a HIPAA regulated organization or regulated by one of the other federal or state privacy statutes that's a clear violation and is subject to AT LEAST a serious fine and maybe more.

When asked about Google searching through the content of client e-mails, Googles Executive Chairman Eric Schmidt replied that they have what they term as "the creepy line" when examining client emails but endeavor not to cross it.  He never really defined where intrusive ends and "creepy" begins, unfortunately. 

The bottom line is - reading other peoples communications is NEVER appropriate and in most cases it's illegal except apparently at Google.

Here's some guidance on e-mail for you:
  • If you have confidentiality concerns don't use gmail, Yahoo Mail or any other public e-mail service. 
  • Don't let your employees use it for company communications either!  The penalties will still fall to you, if caught.
  • Remember, if you're HIPAA regulated, ALL communication containing personal health information must be encrypted in-transit so you must encrypt it.
  • All PHI communications and documents at rest (stored on a server) must also be encrypted which eliminates these providers from consideration.
The penalty for violating someones privacy can be up to $50,000 per e-mail event so beware.

Retention of all communication is also regulated now.  Personal Health Information (PHI)  in e-mail and documents must be held AT LEAST for the life of the person or persons mentioned in that document.  Sarbanes-Oxley, e-discovery rules and other federal and state regulations have similar constraints.  You can't just delete old e-mails and documents anymore when confidential information is potentially involved.  Keeping it in a public forum that is easily accessible by individuals like services like gmail that are outside of your control just compounds your problems.

Confused by all of the security problems with e-mail?  Give one of our Security Specialists at ACT Network Solutions a call at (847) 639-7000 or contact us via e-mail at security@act4networks.com.
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Ransomeware Now #1 MalwareThreat - Learn More Here
    I just read an outstanding white paper from a couple of researchers at Sophos Security outlining how Ransomware is passing up FakeAlert malw...
  • Computer Support Rates - When Cheap Really Isn't
    What's in a labor rate?  Why are some IT companies more expensive than others?  Our company is neither the most expensive in our market ...
  • Server Configuration - Heaven Save Us From Well-Meaning Amateurs!
    How do I tell the client what their old tech did to them?  They've got to spend a bunch of money to correct the mess he made and I'm...
  • When It's Time To Fire A Customer
    What?  Isn't that backwards?  Isn't it the customer that usually does the firing? Usually, as business people, we work so hard to fi...
  • Using Personal Computers In the Workplace
    At ACT, we support a great many organizations that allow employees to use their own computers at work.  Sadly, I've noticed that some of...
  • What to do with Windows XP
    Well, it had a good long run.  Windows XP is now 13 years old.  In less than 10 months Microsoft is pulling the plug on our old friend XP.  ...
  • Wireless Networking Is Due For A Big Jump In Performance
    Just when we were getting comfortable with the 802.11n wireless standard, here comes a newer and better wireless solution - 802.11ac.  It wi...
  • Documentation - The Key To Client Support Success
    Recently, we won the trust of a new client that was unhappy with the service provided by their previous IT company.  After the client notifi...
  • Going to the Cloud is easy, getting out is a lot tougher!
    Everyone is pushing you to take your business to the cloud, right?  It's easy, right?  The sales rep used all the right words in his pit...
  • Support for Windows XP and Office 2003 stops on April 8th.
    All Microsoft support for Windows XP and Office 2003 stops on April 8th. What are the risks to your business if you don't upgrade? Let...

Blog Archive

  • ▼  2013 (39)
    • ►  November (3)
    • ►  October (4)
    • ►  September (2)
    • ►  August (4)
    • ►  July (3)
    • ▼  June (9)
      • Is your Anti-Virus software a Leader or a Laggard?
      • Wireless Networking Is Due For A Big Jump In Perfo...
      • Using Gmail - Are you violating a federal law?
      • Security Apps For Android Smart Phones
      • Security Apps For Your iPhone
      • What to do with Windows XP
      • Data Backup - Are you Pennywise or Pound Foolish?
      • Using Personal Computers In the Workplace
      • Almost 700,000 Notebooks Lost in Airports Annually
    • ►  May (3)
    • ►  April (3)
    • ►  March (6)
    • ►  January (2)
  • ►  2012 (12)
    • ►  December (2)
    • ►  November (8)
    • ►  October (2)
Powered by Blogger.

About Me

Unknown
View my complete profile