Organizations often make the mistake of telling internal stakeholders that they need to follow all legal requirements for retention – rather than telling them that they must follow the organization’s retention schedule, which includes – but is not solely built upon – regulatory mandates
Before starting the review of the draft updated retention schedule with key stakeholders, ask for and communicate a directive from the legal department/information governance steering committee mandating that legal requirements for record retention are not to be exceeded except for compelling reasons
Over the past decade, organizations have amassed vast quantities of business information, dispersed and scattered – each with its own regulatory and legal requirements causing organizations to be behind when it comes to governing their information assets
Law enforcement agencies should be notified if the breach was the result of a hacking, theft, or other crime, or if legal requirements mandate government notification
FTSE 100 ‘Litigation Happy’ Almost two thirds (62%) of the FTSE 100 have previously been sued or initiated legal action, highlighting the increasingly litigious nature of our society, and with 65% of the FTSE 100 having US offices and 88% global operations, this inclination to sue could get worse in line with the highly litigious nature of the US and complexities of international legal requirements. Complex Channels Cause Confusion 92% of the FTSE 100 were found to have disparate information channels across the business e.g. twitter, email and paper, and with the growing use of non-searchable multimedia platforms like YouTube and technologies which move data outside the organization, such as cloud computing, organizations could be storing up a huge problem if requested to provide information to meet legal requirements
When determining the appropriate Retention Periods it is not just legal requirements which must be given consideration
And do that of course in a way that will take into account the legal requirements that we have and the risks associated with it
Board The Board establishes a compliance system and regularly monitors the results to assure itself that the corporation’s employees are complying with applicable law and any other policies that the Board has adopted, including the applicable legal requirements for document creation, storage, and deletion
1 Comment - no search term matches found in comments.
The RIM Program referred to here, is typically charged with the following (or equivalent): developing and deploying a RIM function for managing records enterprise-wide in order ensure compliance with legal requirements and applicable RIM/industry standards and best practices, to mitigate legal risk and to meet business needs
3 Comments - no search term matches found in comments.
On the surface, the cloud is like any other off-site storage solution – in the sense that it affects the ability of an organization to meet its legal requirements and enforce its legal rights with respect to its records
8403 Colesville Rd #1100Silver Spring, MD 20910USA
Phone: (301) 587-8202Toll free: (800) 477-2446Fax: (301) 587-2711Email: hello@aiim.org
JoinBenefitsLearn More
About UsTerms of Use