Is it possible to ask for consent for disclosure on secure e-mail?

keithsauer507 · ‎07-12-2010

We are in the financial industry, plagued by many obscure and mundane regulatory compliance restrictions. In order for us to send electronic documents out IronPort, the firm that handles our compliance states that the end user must consent to receiving this first, only electronically. A phone call is not enough.

So they want it so that our IronPort sends them an I Consent or a I do not Consent radio/button/link/ etc.. in an e-mail. If an only if they "Consent", that they be taken to a page to log in and decrypt that e-mail. For compliance purposes, we need to keep a record of those who consent to viewing disclosures and other documents electronically.

I was thinking of changing the wording on the initial e-mail "You have recieved a secure e-mail" to add the regulatory required language that states, by downloading and reviewing this message, you automatically concent to ..." , etc.. Then using read reciepts we would be able to see if they opened the message, they obviously agree.

Sounds good to me, but our compliance firm wants to see if we can do it the other way first. Can IronPort send a radio button or an I agree / I disagree button?

Kevin Luu · ‎07-13-2010

The ability to send a separate "Consent for Disclosure" email that proceeds the securedoc.html/secure envelope, is not possible. It's just not built into the system. You may want to file a feature request for that.

In the interim, you can do like you suggested. Like in the screenshot below, if you modify both the Encryption Envelope html/text body and use that instead of the System Default, then at least you can say you made a good attempt to satisfy that requirement.

Here are the basic instructions:

1. Mail Policies > text resources > Encryption Notification Template (HTML) and Encryption Notification Template (TEXT)

2. Add whatever "Consent for Disclosure" your company wants

3. Then go to "Security Services > Encryption Profile" and select the new text resource templates that you created.

4. You can make the font/text red and a larger font so that it stands out. You may want to even re-word the entire template as you see fit.

Good luck.

Let me know if you have questions.

keithsauer507 · ‎07-14-2010

Thank you. I think we may just have to change the wording on the initial secure message like in your example. Hopefully the compliance people are OK with it. We do get read receipts returned to us upon signing in and reading a secure message. This should be the "proof" that the auditors want. We have a Mail Archiving system that stores all e-mail for a number of years as well.

Next week we are setting up a conference call along with our Cisco sales rep and technical consultant. Via e-mail, they indicated they have a few idea's, but we will have a nice pow-wow and ensure our solution is looked at via all angles. Perhaps we will open an RFE at that time for future product enhancements.

We're very pleased with the IronPort, and Cisco's help in general. Its great stuff and I reccomend it all the time.

Thanks again!

kyerramr · ‎07-14-2010

Keith,

Do you use the Hosted Encryption (CRES with Email Security Appliance C/X-Series) or In-house Key server (IEA - IronPort Encryption Appliance)?

Thanks,

Kishore

keithsauer507 · ‎07-15-2010

We use the CRES hosted solution with the IronPort C160.