Security, Contractual Agreements and Compliance: Why YOU Might Need an Email Client

July 17, 2013 by Staff Writer
Security, Contractual Agreements and Compliance: Why YOU Might Need an Email Client
With so many free or cheap online email and collaboration options available these days, there would seem to be no reason at all to warrant purchasing email software., for instance, is the latest iteration of Microsoft's Hotmail online email solution. It offers convenient, cost-free access to email and collaboration tools that would benefit any small business. In addition, it allows companies to use their company's website in their email address free of charge, totally eradicating the need for an in-house mail server. And for a small company, that could be a big saving.


Why on earth then would anyone consider using email software that has to be maintained, updated, or patched - probably at your cost? Well, it depends very much where you are in the world, and which industry you are in, but probably one key reason is security. Consider one moment GMail's terms and conditions:

"By submitting, posting or displaying the content you give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display on or through, the Services."

In addition, they add:

"You agree that this license includes a right for Google to make such Content available to other companies, organizations or individuals with whom Google has relationships for the provision of syndicated services, and to use such Content in connection with the provision of those services."

However you interpret it, according to the above, whatever content you add to a GMail email becomes Google property and it seems they can do as they wish with it. The likelihood that they will divulge what content you have provided hem would seem is next to none, but that is the tradeoff with free email - and if you cannot live with those terms and conditions, it is probably better to put your hand in your pocket.

Contractual Obligations

However, putting your hand in your pocket might not be the solution to your particular situation. Although solutions like's big brother Office 365 might offer the terms and conditions you prefer, depending on the line of business you are in, they might not be solutions you can use simply because they are in the cloud. The United States' Department of Defense (DoD) for instance has the following in their agreement for non-classified users connecting to government computers:

"I will not use web based e-mail (e.g., Gmail, Yahoo, AOL, etc.) or Internet "chat" services (e.g., Google Chat, America Online (AOL), Microsoft Network (MSN) Instant Messenger, Yahoo, etc.) from my computer."

As a paid alternative, whether Office 365 comes under that category is open to debate, but it is worth checking those agreements you signed at the start of a contract and clarifying what they mean - it might not just be the DoD that prefer email clients to cloud solutions.


Another key area that might dictate if you can use cloud email or not might be compliance. This is a huge area, but the bottom line is this: Depending on the industry you are in, there may be a number of industry standards you might need to comply with for legal business operation. One such example is Health Insurance Portability and Accountability Act compliance, or better known as HIPAA compliance.

HIPAA applies to how workers maintain healthcare insurance coverage when they change jobs. As such, it would seem very unlikely that it covers email usage. But when you consider it, maintaining healthcare insurance coverage might require moving patient health records around by email, and if that email is not secure, it could fall into the wrong hands. As a result, legislators added provisions to safeguard patient information sent by electronic means.

HIPAA standards for email cover issues like access and encryption. Whether a company complies with these standards is subject to audits. HIPAA maintains that email used in this environment must support TLS and SSL, but while services like GMail often support SSL when accessing websites, and support TLS for inbound email transport, it still might prove they are not HIPAA compliant. HIPAA requires companies have a 'Business Associate Agreement' signed with a vendor, and that is something that you just cannot get from a free email service provider - they set the terms, not you.


However unlikely it might seem, it may prove that industry standards dictate exactly how you can use email. Undoubtedly email solutions like GMail, Yahoo! and Outlook probably offer the bulk of business users the security they require, while the bulk of business agreements do not cover email usage. In addition, there are of course companies that provide online email solutions that are geared towards helping their customers meet the standards of specific their industries, but whether the more popular web-based (and free) email solutions meet those standards is open to investigation, and it is your job to find out exactly what industry standards apply for your specific business.

You never know - you might just need to keep your email out of the cloud and on your PCs. And if that is the case, you might just be looking for free alternatives to buying Microsoft Outlook.

Article Rating

Rate this article:

Article Rating


  • 1
  • 2
  • 3
  • 4
  • 5

Top 3 Hosts From Our Search

1The VPS Company