Compliance and the Web

In the past months, Cisco acquired Ironport, Autonomy acquired Zantaz and most recently, Google acquired Postini. The acquired companies all were involved with email scanning, archiving and compliance. In today's digital world, there are multiple regulations such as Sarbanes-Oxley(SOX), Health Insurance Portability and Accountability Act (HIPPA), Gramm-Leach-Biley (GLB) which govern the creation, distribution and management of corporate records and communications.

Email is an interesting case -- since email serves as a substitute for a conversation (i.e. a phone call) as well as a permanent record (like a printed document).

I would strongly suggest that a web site, particularly a transactional web site is another form of communication which should be treated the same as email when it comes to the need for compliance.

A Web transaction is a bi-directional conversation between the end user and the company. During this conversation, items such as terms and conditions are presented, product suitability, price and more are exchanged. Since this content is dynamic and changing (i.e. price is a condition, not a lookup, stock trades depend on market conditions -- price, availability) it must be captured and made available in the same fashion as an email.

We take it for granted that your "Call May be monitored for legal or productivity reasons", that "Your email will be archived", when will your call with the virtual agent (i.e. the Website) be recorded as well for compliance?

--Robert Wenig, Founder & Chief Technology Officer