EMAIL ENCRYPTION Team 2.0 Pamela Dornan, Thomas Malone, David

EMAIL ENCRYPTION Team 2.0 Pamela Dornan, Thomas Malone, David Kotar, Nayan Thakker, and Eddie Gallon

Statistics about Email Use 247 billion emails are sent each day. That’s one email every 0.00000305 seconds. In the time it takes you to read this sentence, some 20 million emails entered cyberspace. Corporate email accounts will grow on average of 25% every year for next 5 years. Daily business email traffic per day will grow on average 13% every year for next 5 years. 96% of employees believe their companies face some level of legal risk associated with poor email management. 69% believe employees ignore policies about emailing unencrypted confidential information through insecure channels.

Federal Industry Regulations The Gramm-Leach-Bliley Act (GLBA) Protects consumers’ personal financial information held by financial institutions. Mandates financial institutions should use encryption to mitigate the use of disclosure or alteration of sensitive information in storage and transit.

Federal Industry Regulations Family Educational Rights and Privacy Act (FERPA) Protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education. Encrypt all confidential, non-directory, and sensitive personal information. Encryption is required for all such information that is saved on portable computing devices such as thumb drives and laptop computers; encryption is highly recommended for other devices as well.

Federal Industry Regulations The Health Information Technology for Economic and Clinical Health (HITECH) Act Strengthens HIPAA, and increases fines of up to 1.5 million – a considerable increase from the previous 25,000 fine. If a breach occurs, business are required to provide notification of the breach to affected individuals and the HHS (Health and Human Services) Secretary. If a breach affects 500 individuals or more, the breach is published on the OCR (Office for Civil Rights) breach list and media outlets serving the affected individuals’ state or jurisdiction must be notified.

State Regulations Massachusetts Under Mass 201 CMS 179, Massachusetts requires companies to encrypt all personal information of state residents transmitted electronically or wirelessly. Nevada NRS 603A10 passed in October 2008 and mandates that all businesses, no matter how small or what they do, must secure confidential customer information if it is sent electronically. Statute 603A.215 states that any form of Internet communication must encrypt personal data.

State Regulations Washington Passed in January 2008, HB 257411 protects personal information that is managed by any person or organization that conducts business in the state. If personal information — including name combined with Social Security number, driver’s license number, financial account information — is transmitted or stored on the internet, the law requires it to be secured and deems encryption as the accepted practice.

Email Encryption-Company X Company X requirements: Company X is a mid size company in a food industry, with 300 employees that has customer presence in all states and Internationally Communicates externally with remote employees, customers, business partners, consultants and regulatory entities using email on daily basis Required under federal regulation to use encryption to mitigate the use of disclosure or alteration of sensitive information in storage and transit

Requirements for Company X Current Risks & Challenges for Company X: Based on the recent survey conducted at the Company X, following risk were identified: Company X is not compliant under Federal regulation of HIPAA Act which could risk company with financial liability and company reputation Mobility - a new risk on the rise users spend an average of 42 percent of their mobile time using email. With increasing dependence on mobile devices for access to data whenever, wherever, mobile email is a major concern

Questions ?