NASD Rules 3010 and 3110
National Association of Securities Dealers Rules 3010 and 3110 were amended in 1997 and 1998, in part to respond to the increased use of email in business communications. The rules required correspondence with the public relating to the investment banking or securities business to be retained. A firm was required to have policies and procedures for the review of correspondence, and monitor compliance with these policies and procedures. It was also necessary to specify what types of correspondence would be reviewed before and after its distribution.
A NASD notice to its members about this amendments to these rules stated that, "In conducting reviews, members may use reasonable sampling techniques. As an example of appropriate evidence of review, e-mail related to the member’s investment banking or securities business may be reviewed electronically and the evidence of review may be recorded electronically." So here we see that the securities industry faces a strong recommendation to perform statistical sampling of its email.
Importantly the notice also states that, "NASD Regulation would expect members to prohibit correspondence with customers from employees’ home computers or through third party systems unless the firm is capable of monitoring such communications." Surely, this is a regulation often broke by individual employees, and one would imagine that few companies have effectively developed email monitoring programs in response to it.
In December 2014, FINRA's new consolidated rule 3110 replaced the old NASD rules, but the general requirements are still very similar.