Five Lessons from Hillary’s Email Saga: Why Part 11 Should be a Universal Best Practice
[Posted on: Thursday, September 8, 2016] Bernie Sanders famously said that “people are sick of hearing about Hillary Clinton's "damn emails”, and perhaps he was right. However, the findings from the FBI investigation of the matter continue to highlight several issues with email security common with many senior executives. Part 11 regulations provide some of the best policies for system integrity and data storage that applies to email communications as well. Politics aside, emails are perhaps one of the easiest and most rampantly misused modes of communication. Most of us write tens of them and read hundreds of emails each day, and use multiple hardware, software and connections in the process. Emails contain critical information about internal discussions and decisions, and are used to establish the chain of communication. Emails are excellent source to demonstrate timely decisions since they come with their own time-stamps and other ways to determine authenticity. However, emails could also cause a lot of headache (pun intended) if not properly organized, archived and stored. So, here are five lessons we can learn from the very public discussion on email security taking clues from 21 CFR Part 11. First, never mix work and personal emails. It is not worth the convenience. Work emails should be strictly for work-related communications. Personal emails are an integral part of our life, but it becomes almost impossible years later to dissect work and personal emails if they live in the same common email address, server and device. If you have kept your work and personal emails separate, there will not be issues of your privacy when the work emails are audited for compliance. Second, never delete emails. Deletion of messages gives a perception of hiding, and hiding is always interpreted negatively by auditors. Make authorized and complete copies of all email trails to demonstrate compliance. Copies should be certified for authenticity. Third, always dispose of old devices properly. Wiping a device before disposal or reuse is essential. Wiping is much stronger cleaning of devices compared to deletion. If vendors are used, assure timely wiping of devices. Never mail critical devices by unsecure packages. Devices can get lost in transit, stolen, or worst. Fourth, phones can be hacked and used for espionage, so don’t use smart phones for storing, sending or communicating about critical information. Similarly public internet and broadband are highly insecure that can be easily used to steal information. And, fifth, always trust corporate policies about email security. A common mistake made by executives is to ask their peers for advice, and collect anecdotes. Just because the last person got away with wrong practices, does not mean you will too. Emails are a great asset for communication. But they need to be handled properly. It is important to have clear policies for email communication and strict enforcement of the same.
|
|