United States

Records management practices and standards are delineated in many federal regulations. Also, a number of state statutes have passed. In some cases they actually supersede federal regulations; therefore, it is crucial to understand compliance within the state or states where an organization operates.

On the federal level, public companies must be vigilant in verifying, protecting, and reporting financial information to comply with requirements under Sarbanes—Oxley (SOX) and the Gramm–Leach–Bliley Acts. Health care concerns must meet the requirements of the Health Insurance Portability and Accountability Act (HIPAA), and investment firms must comply with a myriad of regulations by the Securities and Exchange Commission (SEC) and National Association of Securities Dealers (NASD).

This appendix presents a brief description of current rules, laws, regulators, and their records retention and corporate policy requirements. (Note: This is an overview, and firms should consult their own legal counsel for interpretation and applicability.)

Gramm–Leach–Bliley Act

The Financial Institution Privacy Protection Act of 2001 and Financial Institution Privacy Protection Act of 2003 (Gramm–Leach–Bliley Act) was amended in 2003 to improve and increase protection of nonpublic personal information. Through this act, financial records must be properly secured, safeguarded, and eventually completely destroyed so that the ...