The key to looking at an email isn’t in the words that it contains, but the meaning and intent behind those words. Using a combination of linguistic theory, extensible pattern matching, and contextual analysis, policy allows you to focus on capturing what’s important and refine out the things that aren’t. Technically Creative has worked tirelessly on creating one of the most comprehensive lists of policies ready to be used in your environment to help your business control the flow of data within your organization.


Companies often hire people specifically for public relations. These individuals have been trained to interact with news organizations in an effective and efficient manner and understand how to best portray the image that the company desires. Most importantly, these individuals understand what information should and should not be released to the public. It is therefore in a company’s best interest to prevent unauthorized individuals from communicating with news organizations.

The Communication with the Press/News Organizations policy is intended, as the name implies, to monitor and capture unauthorized users from sending electronic communications to members of the press or individuals employed in a news organization. The policy works by analyzing a communication after it is sent to determine if any of the recipients are external addresses. Once the presence of an external address is identified, the policy then refers to a list of common news organization addresses to determine if any of the recipients are affiliated with the press. If a match is found, the event is captured and flagged for review by an individual who will determine the severity of the violation.

It can be argued that reputation is the greatest asset that a company has. When an employee speaks in a negative manner about the company, this can have a severely damaging impact on that company’s reputation. In addition to being generally distasteful, speaking poorly of your employer, manager, or a company is unprofessional and can also ruin an employee’s reputation as a result. The Corporate Criticism policy captures communications that criticizes the company, its products, or members of management. By ensuring that these comments are captured, a company ensures that the reputation of the company and the employee are not damaged and it maintains a positive professional work environment.

The Corporate Criticism trigger works by analyzing a communication for the presence of criticizing language such as “The performance around here is awful”, “The managers around here are crap”, or “It makes this company look incompetent”. The trigger also identifies language that indicates intent to resign such as “I can’t take it at this job any more”, “I really hate working here”, or “I can’t stand who I’m working for”. Once a customer-determined amount of matches occurs the trigger fires and flags the event for review.

The Exchange Act 15 U.S.C. 78u-6 defines a whistleblower as “an individual who provides, or 2 or more individuals acting jointly who provide, information relating to a violation of the securities laws to the Commission, in a manner established, by rule or regulation, by the Commission.” Section 6(h)(1) states that “No employer may discharge, demote, suspend, threaten, harass, directly or indirectly, or in any other manner discriminate against, a whistleblower in the terms and conditions of employment because of any lawful act done by the whistleblower.” The Securities and Exchange Commission Regulation 21F 240.21 outlines the guidelines by which whistleblowers can submit information to the SEC regarding violations and be classified as a whistleblower thereby entitling them to all the rights, privileges, and rewards thereof. Regulation 21F 240.21F-9 states that “to be considered a whistleblower under Section 21F of the exchange act, you must submit your information about a possible securities law violation by either of these methods: (1) Online, through the Commission’s website located at; or (2) By mailing or faxing a Form TCR (Tip, Complaint, or Referral) to the SEC Office of the Whistleblower”.

The Whistleblower policy is intended not to prevent employees from whistleblowing on their employer, but instead to ensure that the employee attempting to distribute such information is allowed to do so through the proper channels to ensure that they are eligible for all legal rights granted to whistleblowers. The policy looks for a possible whistleblower situation and allows an organization to take appropriate steps in response to this information.

The Whistleblower trigger works by scanning electronic communications for language that may indicate the individual’s intention to whistle blow, such as “They are lying to the regulators”, “Violating NASD Rule 2030”, or “The information that I bring is unethical and is in direct violation of NASD regulations”. When a customer-determined threshold of matches is reached, the trigger fires and flags the event for further review to determine the level of severity.

The Sending to Personal Addresses policy is a DLP (data loss prevention) policy. As opposed to the standard approach useing a black list that establishes a list of addresses that cannot be recipients, this policy uses a white list to determine a set of email addresses that are not considered violations. This is due to the fact that a personal email address is not limited to simply Hotmail, Yahoo, Gmail, etc. This method ensures that any message sent to an address that is not on this list is captured.

The policy works by analyzing an email to determine whether it is internal or external. Once the policy confirms that it is outbound, it will then confirm that the message contains at least one attachment. If an attachment is found, the policy then confirms that the total message size is greater than 15kb (this is to prevent signature logos from being captured). When it confirms the message size, it then analyzes the list of recipients to ensure that the addresses are on the white list. If an address is not on the white list, policy will verify if any other recipient is on the list.

Once all of these conditions are met, the policy captures the event and flags it for review by an individual who will determine the level of severity.


Contact Technically Creative to discuss your communication surveillance policy or rule needs further or to discuss our current policy/rule catalog. To download the complete ‘Technically Creative Policy Catalog’ description PDF document, fill out the form and we’ll send it directly to your inbox.

To learn more about Communication Surveillance Policy and/or Rules, schedule
a 15-minute discovery call with Technically Creative Experts.