Some states, including Massachusetts and Nevada, have passed legislation requiring RIAs to encrypt personally identifiable information (PII) sent in emails, and it is good practice for RIAs to proactively protect client data to avoid possible fines by states or lawsuits by clients.
Advisor Products recently partnered with Erado Message Control Solutions to bundle email archiving with email encryption, helping RIAs meet regulatory requirements efficiently.
With RIAemail, all messages are scanned for PII. If you send a message that contains a client’s name and account number, for example, RIAemail is designed to scan the message on Erado’s email servers and automatically encrypts any messages containing PII. While the technology is not perfect, it is more than 98% reliable in flagging messages containing PII and can drastically reduce your risk of sending PII -- with absolutely no work by you.
Messages that contain PII are encrypted using TLS (Transport Layer Security). TLS and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide communication security over the Internet.
When you send an email that’s encrypted using TLS, it will be decrypted automatically if the recipient’s email server uses the TLS protocol. About half of all email servers currently utilize the TLS protocol. TLS is widely used by corporate email servers, especially at financial institutions, and some popular mail hosts, such as Cablevision support TLS. Only some free webmail services support TLS. Some but not all of Google’s Gmail servers support TLS, but Yahoo does not.
When a recipient’s email is not TLS-capable, the email recipient will receive an email with a password telling him to log into a secure portal to view and download the message. Below are screenshots illustrating how it works.
If you send PII to a client or allied professional and their email service does not support TLS, the recipient is sent a message like the one above with a link to where the message can be viewed. The password is an image. (Since, in this example, the recipient's email provider is Yahoo and Yahoo’s email system does not automatically display images in emails, the recipient must click on the “show images” button in the upper right to display the image with the password.)
When the recipient clicks on “show images,” the password is displayed along with a link to a secure portal where the email can be viewed and downloaded.
When the recipient clicks on the link, a browser window pops up where the recipient can input his email address and the password to view the email.
After submitting the password and email address, the recipient can then view and download the email.
RIAemail, which includes archiving as well as encryption, costs $150 to set up and $265 a year per account.
It can be bundled with cloud-based compliance solutions Advisor Product offers RIAs, including hosted Microsoft Exchange, Microsoft Office 365, social media archiving, and FINRA-reviewed social media content for advisors.
Please call our sales group at 516 333 0066 x 224 with any questions. Or please post questions to A4A.
PII is defined by California State Law as unencrypted electronic information that includes an individual’s first name or initial, and last name, in combination with any one or more of the following: