Don't Overlook Federal and State Data Regulations

Posted by: Rod Kurtz on December 28, 2009

Tracking new regulations and compliance rulings from federal and state government can be dizzying—they include FRCP, HIPAA, GLB, and more. But now more than ever, the government expects all businesses to comply, not just large corporations.

Today, every company is responsible for its data and for securing its customers’ information, no matter how much it costs to do so. In today’s litigious business world, the possibility of being dragged into a lawsuit is very real, and if that happens, you will likely need to make your information available to the process. And woe to the company that cannot comply with basic regulations, because a judge will not accept that you thought those requirements applied only to the big companies.

A good example is a recent investigation involving Freddie Mac. A small agency working with Freddie Mac was pulled into the investigation, and the agency had to complete a request by the government for an electronic discovery search. The agency assumed the cost would be minor, but it did not have an automated approach to managing its data in place. The inaccessibility of the data required an army of attorneys and staff to perform a hands-on physical review. The cost came to $6 million. When the agency sought relief, it was turned down by an appeals court. It should have known better.

So here are some first steps to avoid future problems:

1. Know what the regulations are. Start with the main federal and state Web sites at www.business.gov. After you are already fairly clear on the regulations, then (and only then) take advantage of the huge number of online communities (LinkedIn and Yahoo have active sites) that discuss the regulations;

2. Make sure that those who interface with your IT system know exactly what information is stored, and where;

3. Use the right technology to classify and separate the most valuable business information, and secure that data properly;

4. Segregate older, infrequently accessed material to less expensive storage facilities;

5. Clean your data house by actively identifying and destroying documents whose age exceeds document retention policies.

Follow a few simple guidelines, and you can save yourself a major headache in the future—not to mention a lot of money.

Ursula Talley
Vice President of Marketing
StoredIQ
Austin, Tex.

Reader Comments

PeterK

January 5, 2010 10:44 PM

for further information about records management and records disposition schedules, one should contact ARMA International http://www.arma.org which is the professional association for the records management profession. ARMA has chapters located throughout the US as well as Canada and Japan. Their bookstore contains a wealth of information including ANSI standards related to Vital Records protection, management of electronic messages and the development of records disposition programs. one additional organization to contact would be the Institute of Certified Records Managers http://www.icrm.org

Post a comment

 

About

Want to improve the way you run your business? Entrepreneurs, academics, and consultants from diverse industries offer practical advice on a variety of topics each business day.

To submit a tip for consideration, first check our archive of previous tips to make sure you're not repeating a tip someone has already contributed. Then send the tip to Small Business channel contributor Michelle Dammon Loyalka. Because of the volume of material she receives, she may not respond to each individual.

BW Mall - Sponsored Links

Buy a link now!