Do Your Records Management Practices Align with the Law?
North of the 49th
There are some really interesting laws around the world. Did you know that our Canadian neighbors have a law that radio stations must play at least 35% Canadian content? It came into being just as Burton Cummings and Randy Bachmann of the Canadian group, The Guess Who, produced their number one hit, American Woman. How ironic is that title? The law helped promote Canadian artists and their music and continues to do so to this day.
South of the 49th
Here at home, we have our own laws designed to protect our people, businesses, and environment. In the Record Management world, we have a variety of laws in place because we serve a variety of people and purposes. If your business isn’t familiar with them, you might be at risk of breaking the law and placing someone or something at risk. Laws are designed to be a protection, not an inconvenience. Consider these laws and if your business practices align.
1. Financial Records
The Gramm-Leach-Bliley Act (GLBA) was designed to protect financial records by ensuring they are properly secured, safeguarded and eventually destroyed so they can no longer be accessed.
The USA PATRIOT Act was designed to unite and strengthen the country by providing tools required to intercept and obstruct terrorism. It requires that the identity of a person opening a financial account must be verified by the financial institution, and provides law enforcement organizations broad investigatory rights, including search warrants. Ask yourself:
- Do you have a chain-of-custody process in place from beginning to end?
- Are you collecting the right information and is it properly protected?
2. Personal Health Information
- Are you controlling who has access to health information?
- Do you provide audit trails for electronic record systems?
- Do you ensure that electronically-transmitted PHI is remains confidential and secure?
3. All Record Keeping
The Sarbanes-Oxley Act (SOX) of 2002 sets the minimum retention time for documents prior to their destruction.
The Code of Federal Regulations (CFR) includes more than 5,000 references under 50 separate titles with regard to records retention.
The Securities and Exchange Commission Rule 174A-4 (SEC) requires that records must be available to be produced or reproduced using either micrographic media or electronic storage media, and original copies of all communications be preserved for no less than three years; the first two in an easily-accessible location. Ask yourself:
- Are you aware of the required retention period for each of your unique documents?
- Do you ensure documents are kept long enough and destroyed at the end of their retention period?
- Do you have any documents that have surpassed their retention period?
Suggestions for Staying Compliant
- Stay current with records management legislation. Laws are amended regularly, and you need to stay up to date on changes.
- Know that a single violation can be very costly. This goes beyond financial impact, as a data breach could cost your company its reputation, staff, clients, and their business.
- Evaluate your current process and adjust as needed. Regular training will help keep you and your business up to date. It will reflect well on your company should an audit ever need to be done.
- Consider investing in outside help. A professional, reputable records management company will know all the laws that pertain to your business and make it their business to help you stay compliant with the applicable laws. An investment in information security now could safeguard your financial position and your business reputation.
Docusafe offers a great records management service that will ensure your New Jersey, New York, or Pennsylvania business is following all required laws. We would love to partner with you. Just give us a call at 888-264-7367 or complete the form on this page to start the conversation.
Request Your Quote
When You're Ready, Let's Talk!