LA Data Security - Compliance and Regulation Experts in Records Management

LA Data Security understands records management regulations.

INDUSTRY LEGISLATION

LA Data Security is here to help you understand and comply with records management regulations.

Bank Secrecy Act, BASEL II, DoD, FACTA, Gramm-Leach-Bliley, HIPAA, ISO 15489, Sarbanes Oxley, UPPBRA

Complying with government regulations is essential to protecting your company's data. Studies find a direct correlation between a company's compliance record and its ability to protect sensitive data. Need expert assistance? Call LA Data Security today.

Bank Secrecy Act
Requires financial institutions to maintain records of personal financial transactions that are useful to the Department of Treasury in criminal, tax and regulatory investigations.
BASEL II
Basel II aims at creating an international standard to determine the minimum capital allocated by banks to guard against different types of risk exposures. The revised guidelines address credit risk, market risk and operational risk. The capital required by the bank to safeguard its solvency and economic stability is directly proportional to the aggregated risk it carries.
DoD 5015.2-STD – Department of Defense Design Criteria Standard for Electronic Records Management Software Applications
Establishes mandatory baseline functional requirements for Records Management Applications (RMA) software used by the DoD Components in the implementation of their records management programs; defines required system interfaces and search criteria to be supported by the RMAs; and describes the minimum records management requirements that must be met, based on current National Archives and Records Administration (NARA) regulations.
Electronic Signature in Global & National Commerce Act
Provides assurances that electronic records and contracts can have the same legal authority and protection as paper records and contracts; requires that companies address their e-commerce activities and implement measures to ensure that these activities meet acceptable standards.
(FACTA) Fair and Accurate Credit Transactions Act of December 2003 and The FACT Act Disposal Rules
The Fair and Accurate Credit Transaction Act of 2003 (FACTA) added new sections to the federal Fair Credit Reporting Act (FCRA, 15 U.S.C. 1681 et seq.), intended primarily to help consumers fight the growing crime of identity theft. Accuracy, privacy, limits on information sharing, and new consumer rights to disclosure are included in FACTA. (Pub. L. 108-159, 111 Stat. 1952)
FACTA requires organizations that possess or maintain “consumer information” for business purposes to properly dispose of it by taking reasonable precaution to protect against unauthorized disclosure. This includes consumer information in any format including electronic records.
Gramm-Leach-Bliley Act (GLB)
Also known as the Financial Modernization Act of 1999, the GLB is a federal law enacted in the United States to control the ways that financial institutions deal with the private information of individuals. The Act consists of three sections: The Financial Privacy Rule, which regulates the collection and disclosure of private financial information; the Safeguards Rule, which stipulates that financial institutions must implement security programs to protect such information; and the Pretexting provisions, which prohibit the practice of pretexting (accessing private information using false pretenses). The Act also requires financial institutions to give customers written privacy notices that explain their information-sharing practices.
(HIPAA) Healthcare Insurance Portability and Accountability Act of 1996
Limits the use and disclosure of individually identifiable information relating to the physical or mental health of individuals absent the consent or authorization from the patient; requires that all records regardless of format be managed as part of the organization’s official records management program; applies to doctors, hospitals, pharmacies, medical billing services, health care plans, HMOs, and business associates of these entities such as their accountants and attorneys; imposes strict data disposal requirements, including overwriting or physically destroying all magnetic media that is no longer in use or that is given away or sold

ISO 15489 – Records Management Standard developed by the International Organization for Standards in 2001
International standard that provides a high level framework for recordkeeping and specifically addresses the benefits of records management, regulatory considerations affecting its operation and the importance of assigning responsibility for recordkeeping. Provides specific detail about the development of records management policy and responsibility statement and outlines processes for developing recordkeeping systems.
The Paperwork Reduction Act of 1980
Provides the framework to control the paperwork burdens the federal administrative agencies can place on the public and empowers the Office of Management and Budget (OMB), Executive Office of the President, to develop regulations to implement the act and to enforce continual monitoring of the process.
Rules 26 & 34 of the Federal Rules of Civil Procedure
Governs the discovery and disclosure of information relevant to civil actions; applies to organizations facing litigation and those aware that a discovery request may be made; organizations with poor records management programs can face court sanctions and loss of rights in litigation.
Sarbanes Oxley
Applies in general to U.S. and non-U.S. publicly held companies and their audit firms - dramatically affects the accounting profession and impacts not just the largest accounting firms, but any CPA actively working as an auditor of, or for, a publicly traded company. Provisions of SOX detail criminal and civil penalties for noncompliance, certification of internal auditing, and increased financial disclosure; imposes new criminal penalties relating to fraud, conspiracy, destruction of evidence and interfering with investigations; requires management to establish and maintain an adequate internal control structure and procedures for financial reporting.
SEC Rules 17a-3 & 4
Record retention requirement governing broker-dealer records in all formats.
(UPA) Uniform Photographic Copies of Business & Public Records as Evidence Act
Enacted by almost all states, it specifies that reproductions of records have the same legal significance as the original and may be used in place of the original for all purposes including evidence.
(UPPBRA) Uniform Preservation of Private Business Records Act
Statute enacted by several states declares that unless a specific period is designated by law for their preservation, business records which persons by the laws of this state are required to keep or preserve may be destroyed after the expiration of three years from the making of such records without constituting an offense under such laws.
USA PATRIOT Act (October 2001)
Gives the government new powers to request confidential company information and requires that financial institutions know their customer base intimately; Provides the government with authority to intercept wire, oral and electronic communications and to prosecute offenders; reporting requirements now extend to credit unions and entities trading commodities and futures; requires every financial institution to develop and implement an anti-money laundering program.