Laws and Major Regulations Related to Records Management
Records management practices and standards are delineated in many federal regulations. Also, there are a number of state statutes that have passed and in some cases they actually supersede federal regulations; therefore it is crucial to understand compliance within the state or states where an organization operates.
On the federal level, public companies must be vigilant in verifying, protecting, and reporting financial information to comply with requirements under Sarbanes–Oxley and the Gramm–Leach–Bliley Act (GLBA). Healthcare concerns must meet the requirements of HIPAA, and investment firms must comply with a myriad of regulations by the Securities and Exchange Commission (SEC) and National Association of Securities Dealers (NASD).
Following is a brief description of current rules, laws, regulators, and their records retention and corporate policy requirements. (Note: This is an overview, and firms should consult their own legal counsel for interpretation and applicability.)
The Financial Institution Privacy Protection Act of 2001 and Financial Institution Privacy Protection Act of 2003 (Gramm–Leach–Bliley Act) was amended in 2003 to improve and increase protection of nonpublic personal information. Through this Act, financial records are to be properly secured, safeguarded, and eventually completely destroyed so that the information cannot be further accessed.