The Email Signature Handbook
Toggle navigation
  1. The Email Signature Handbook
  2. The Email Disclaimer
  3. The law: United States

US Email Disclaimer Law

US email disclaimer laws.

Federal Information Security Management Act (FISMA)

The Federal Information Security Management Act (FISMA) places the onus squarely on agencies to ensure the security of data within the different branches of the US government (federal, state and local).

The Act defines a comprehensive framework to protect government information, operations and assets against natural or man-made threats. Every government agency is required to conduct annual reviews of information security programs, with the intent of keeping risks at or below specified acceptable levels in a cost-effective, timely and efficient manner. As part of FISMA compliance, agencies and departments must implement ways to track the contents of all outgoing emails. This includes the implementation of an authorized US email disclaimer on all mails.

The need for an email disclaimer

FISMA states that for regulatory compliance an appropriate US-authorized email disclaimer needs to be included in all email communications. This is because the act covers the security of data used by federal and state governments.

Email disclaimer usage then filters down into different industries where there are different requirements.

Further information

Federal Rules of Civil Procedure (FRCP)

The Federal Rules of Civil Procedure (FRCP) are regulations that specify procedures for civil legal suits within United States Federal Court system. A revision to the Rules which went into effect on 1 December 2006 was established for companies to make provisions for the handling of electronic records and to accommodate electronic discovery (using electronic data for civil legal actions). An organization must know where their data is, how to retrieve it, how to meet data requests and determine what data will not be subject to search.

The need for an email disclaimer

FRCP mandates that a company has to use an appropriate email disclaimer clearly stating that the content of the email will not be used to avoid the loss of a lawsuit when specific data is requested. This came about in 2006 when revisions to the law were made regarding how electronic data is exchanged and protected.

Further information

Freedom of Information Act (FOIA)

The Freedom of Information Act is a federal law that allows for the full or partial disclosure of previously unreleased information and documents controlled by the United States government.

The speed and economy of email often makes it the preferred means of delivery, carrying risks that the wrong information might be sent or the wrong recipient addressed. As email has become so prevalent for interdepartmental communications, security of communications has become a serious concern. US email disclaimer law helps to mitigate some of these issues.

The need for an email disclaimer

In order to comply with the FOIA, a law guaranteeing individuals access to public records kept by government agencies, an email disclaimer is essential. This will then inform a mail recipient that the email may contain sensitive information.

Further information

Gramm-Leach-Bliley Act (GLB)

The GLB Act applies to “financial institutions” – businesses that offer financial products or services to individuals to be used primarily for personal, family, or household purposes. Financial institutions like banks, securities firms and insurance companies are covered by the SEC (Securities and Exchange Commission). Businesses that provide many other types of financial products and services to consumers fall under jurisdiction of the FTC (Federal Trade Commission) for the purposes of enforcing GLB.

Violation of the Act may result in a civil action brought by the U.S. Attorney General. The penalties include up to $100,000 for each violation. In addition, “the officers and directors of the financial institution shall be subject to, and shall be personally liable for, a civil penalty of not more than $10,000 for each such violation”. Criminal penalties may include up to 5 years in prison. The Act has been cited by many as the cause of the 2007 subprime mortgage financial crisis, which triggered the recession of 2008.

The need for an email disclaimer

All American financial organizations have to attach disclaimers to their emails in order to avoid any confidentiality breaches. However, a disclaimer does not make the content of an email 100% confidential. Therefore, it is used to warn customers about transmitting sensitive data like account details.

Further information

Health Insurance Portability & Accountability Act (HIPAA)

The Health Insurance Portability and Accountability Act (HIPAA) offers protection for millions of American workers by improving portability and continuity of health insurance coverage. There are two sections to the Act. HIPAA Title I deals with protecting health insurance coverage for people who lose or change jobs. HIPAA Title II includes an administrative simplification section which deals with the standardization of healthcare-related information systems.

Information must be stored in robust data centers that provide minimum guaranteed uptime and very high security. Anyone who obtains and discloses information with the intent to sell, transfer or use it for commercial gain or malicious harm can face penalties of up to $250K in fines and 10 years in jail.

The need for an email disclaimer

This act strongly recommends that all US healthcare organizations use email disclaimers to highlight patient confidentiality in all communications.

Now, a disclaimer is only meant to be used to inform patients and does not actually make a company fully compliant with HIPAA law. Nonetheless, it is designed to ensure that patients are aware that the email they are receiving is not 100% secure, the content placed within the message is of a confidential nature, and that they should pass the email on to the relevant person if they are not the correct recipient.

Further information

The Public Information Act, Texas State

The Texas Public Information Act is a series of laws incorporated into the Texas Governmental Code that guarantee an individual’s unrestricted access to public records kept by government agencies. Certain exceptions may apply to the disclosure of the information.

Governmental bodies shall promptly release requested information that is not confidential by law, either constitutional, statutory, or by judicial decision, or information for which an exception to disclosure has not been sought.

The need for an email disclaimer

Like FISMA, the Public Information Act strongly recommends the use of an email disclaimer to indicate that the data within the message must remain confidential.

Further information

Sarbanes-Oxley 2002

Among the most visible record keeping regulations are those imposed by SEC and related exchanges on communication between securities traders/brokers and the public. All US financial organizations and any UK organizations that trade on the NYSE are required to meet these regulations.

SEC rules 17a-3 and 17a-4 require broker-dealers to create, and preserve in an accessible manner, a comprehensive record of each securities transaction they effect and of their securities business in general.

The need for an Archiver

The US Financial Services market is perhaps one of the most heavily regulated markets in the world when it comes to document and email archiving. An audit system and US email disclaimer are vital for accountability.

At all times, a member, broker, or dealer must be able to have the results of an audit system available for examination by the staffs of the Commission and the self-regulatory organizations of which the broker or dealer is a member.

Any audit results must be preserved for the time required for the audited records. The need to guarantee, capture, store and maintain messages in a non-erasable manner is a key requirement that mail servers and home grown archive systems cannot deliver. Speed of retrieval is also a key factor when dealing with Legal Discovery orders. Non-compliance comes with huge fines in the region of several million dollars being levelled at organizations.

Further information

How Exclaimer Can Help:

If you're looking for an easy way to design and manage professional email signatures across your whole organization, we're here to help. Find out more or start your free trial today!

Learn More Start your Free Trial




Recommended reading

Free Email Signatures for Dummies guide.

Get a free copy of our official Email Signatures for Dummies guide

Exclaimer and email signature software.

Comply with disclaimer law with email signature software from Exclaimer