HIPAA

The Freedom of Information Act (FOIA), and its state public-records equivalents, gives the public the right to request records held by government agencies. Agencies must search, review, redact, and produce responsive records quickly — making fast, accurate archive search essential.

SEC Rule 17a-4 requires broker-dealers to preserve certain electronic records for specified periods in a non-rewriteable, non-erasable (WORM) format, with indexing and prompt retrievability. It is one of the most cited drivers of immutable email and communications archiving in financial services.

The Financial Industry Regulatory Authority (FINRA) oversees U.S. broker-dealers and sets rules for retaining and supervising business communications, including electronic messaging and social media. FINRA expects firms to capture, retain, and review communications and to produce them on request.

The Markets in Financial Instruments Directive II (MiFID II) is an EU regulation that, among other things, requires firms to record and retain communications — including phone calls and electronic messages — related to transactions, typically for at least five years.

The Criminal Justice Information Services (CJIS) Security Policy governs how criminal justice information is accessed, stored, and protected by law enforcement and their vendors. CJIS mandates strong encryption, strict access control, and audit readiness for systems that hold this data.

The General Data Protection Regulation (GDPR) is the EU privacy law governing personal data. It creates obligations such as data minimization and the right to erasure, which archives must reconcile with retention requirements through granular policy and defensible deletion.