Data Management and Regulatory Compliance Laws

Prominent federal regulations impacting records management:

1. Sarbanes Oxley Act
   Implements multiple sweeping reforms within the accounting industry
2. Healthcare Insurance Portability and Accountability Act (HIPAA)
   Limits the use and disclosure of individually identifiable information
3. Gramm-Leach-Bliley Act (GLB)
   Requires financial institutions to ensure the security and confidentiality of customers’ non-public, personal information
4. USA Patriot Act
   Measures to prevent, detect and prosecute terrorism and international money laundering, giving the government new powers to request confidential company info
5. Fair and Accurate Credit Transactions Act (FACTA)
   Protects “consumer information” and provides regulations to properly dispose of it and protect against unauthorized disclosure
6. Bank Secrecy Act
   Requires financial institutions to maintain records of transactions that are useful to the Department of Treasury in criminal, tax and regulatory investigations
7. Electronic Signature in Global and National Commerce Act
   Provides assurances that electronic records and contracts can have the same legal authority and protection as paper records and contracts
8. Rules 26 & 34 of the Federal Rules of Civil Procedure
   Governs the discovery and disclosure of information relevant to civil actions
9. Uniform Preservation of Private Business Records Act (UPPBRA)
   Enacted by several states business records not otherwise specified may be destroyed after the expiration of three years
10. Uniform Photographic Copies of Business & Public Records as Evidence Act
    Reproductions of records have the same legal significance as the original (UPA)
11. SEC Rules 17a-3 & 4
    Record retention requirement governing broker-dealer records in all formats
12. The Paperwork Reduction Act of 1980
    Provides the framework to control the paperwork burdens the federal administrative agencies can place on the public
13. Department of Defense: Standard for Records Management Software
    Establishes mandatory baseline functional requirements for Records Management Applications (RMA) software

State regulations

1. New York: Information Security Breach and Notification Act
   Governor George Pataki signed the Information Security Breach and Notification Act (A04254) into law on August 10th, 2005, joining a growing number of states which legislate the protection of consumers' personal data.
2. California's SB-1386 law requires disclosure of compromised data
   Privacy law requiring all businesses that own or license computerized data with personal information, to disclose to residents any data security breach if unencrypted personal information is reasonably believed to have been acquired by an unauthorized person.
3. Washington's Substitute Senate Bill (SB-6043)
   Enacted on July 23rd, 2005, the law regulates disclosure standards concerning data security breaches involving unencrypted personal information.

International regulations

1. Safe Harbor Act (European Union Data Protection Directive)
   Places new requirements on businesses that wish to collect, process or transfer personal data from an EU Member State
2. ISO 15489 – Records Management Standard
   International standard that provides a high level framework for recordkeeping
3. Canadian Personal Info Protection and Electronic Documents Act (PIPEDA)
   Governs the collection, use, and disclosure of personal info in commercial activities