 Does
your company meet the standards for record keeping among your employees,
transactions, and communications?
Many existing regulatory agencies, including the Federal Trade
Commission Safeguards Rules, the Health Information Portability and
Accountability Act (HIPAA) and the Gramm-Leach-Bliley Act (GLBA) now
require that the companies subject to those rules and regulations
establish a comprehensive information security plan.
HIPAA requires healthcare institutions to
enact and enforce security measures so that patient information
remains confidential. GLBA, government and other agencies also
require similar provisions. Should an institution fail to comply, it
will be subject to regulatory enforcement actions, including fines,
litigation and/or license revocation.
The National Association of Securities
Dealers (NASD) requires that both written and electronic
correspondence with public customers be maintained. When an employee
or other representative of any broker-dealer sends business related
email, it must be preserved and maintained in a manner that verifies
the authenticity of the collected data. This also encompasses web
based email from home, all chat conversations and instant messaging.
Legislation such as the Sarbanes-Oxley Act,
passed in response to the Enron/Arthur Anderson scandal, imposes
severe penalties for the destruction of data, including electronic
data. Other recent legislation establishes a compelling obligation
for businesses to preserve electronic data that may be relevant to
an audit or legal matter.
Read More Articles :
|
