Email compliance will clearly have different meanings for different organisation depending on both their industry and their location. However, there are certain fundamental commonalities that transcend state and industry.

Foremost among these is the need to automate a system for archiving email and in equal measure, to be able to categorise and understand its email traffic. If an organisation, in the public or private sector, needs to prevent certain types of information from being disclosed through email traffic, then there is a base-level requirement to be able to read and understand the contents of email traffic. Without visibility to the data sent, corporate controls are nothing more than good intentions.
 
How difficult it is to reach the necessary level of compliance will again be dependent on both the national (and trans-national laws) that apply and also on the nature of the organisation itself. First and foremost, though, a technology-based solution must be brought into play in tandem with the will to monitor and manage email traffic that the sender and recipient may regard as private and personal.

Email usually flows through one of two sources; either a corporate email system or through one or more private email accounts typically accessed through the web. However, mobile phone based email is also adding an additional level of complexity to the picture.
 
Designing an email compliance solution requires an understanding of not only the traffic to be monitored and archived, but also the types of information that must be protected. Again, how easy or difficult it is to achieve compliance will depend in great part of which laws are being complied with and the nature of the organisation itself.

In the United States, for example, new legislation has been introduced to tighten information flow controls for both financial institutions and healthcare providers. These typically require a much greater degree of control than is necessary in other industries.