Presentation is loading. Please wait.

Presentation is loading. Please wait.

Development of your Company’s Record Information System and Disaster Preparedness The National Emergency Management Summit Thomas D. Anthony Frost Brown.

Published byDortha O’Connor’ Modified over 6 years ago

Similar presentations

Presentation on theme: "Development of your Company’s Record Information System and Disaster Preparedness The National Emergency Management Summit Thomas D. Anthony Frost Brown."— Presentation transcript:

1 Development of your Company’s Record Information System and Disaster Preparedness The National Emergency Management Summit Thomas D. Anthony Frost Brown Todd LLC Attorneys at Law 201 E. Fifth Street Cincinnati, Ohio 45202 (513) February 4, 2008 Track 2.07 CINLibrary v1

2 Principal Purposes Efficient and effective management;
Good business practices; Destruction and elimination; Adherence to laws and regulations; Avoidance of fines, sanctions, obstruction of justice charges; Avoidance of spoliation of evidence; Safeguard and back-up records; Protection of individuals and their information. 2 CINLibrary v1

3 Business Requirements
Products or services; Dependence on product designs, blueprints, specifications, formulas; Use of plans, operational models and manuals; Use of data banks of individual information; Training and safety under OSHA, etc.; Purchasing methods and protocols; Intellectual property, sales and marketing literature; Information technology, accounting and management; Other business rules of the organization. 3 CINLibrary v1

4 State Law Regulatory Agencies
Banking Utilities Real Estate Tattoos Health Care Uniform Preservation of Business Records Act Data Breach Notification Acts 4 CINLibrary v1

5 Federal Laws Section 6801 and 6805(b)(2) of the Gramm-Leach-Billey Act, 15 USC Section 6801; Section 552 of the Freedom of Information Act; Section 552(a) of the Privacy Act; The National Archives in Records Administration, 44 US Code Chapter 21; The Federal Records Act, 44 US Code Chapter 21; The Federal law on disposal of records, 44 US Code Chapter 23; The Internal Revenue Code; The Paper Reduction Act, 44 US Code Chapter 35; The Health Insurance Portability and Accountability Act of 1996 (HIPPA), 42 US Code 1320d-2(d)(2); The Sarbanes Oxley Act of 2002, Public Law ; The Administrative Procedures Act, 5 US Code Chapter 5; The PATRIOT Act; The Environmental Protection Act. 5 CINLibrary v1

6 International Laws The Safe Harbor Act which was adopted in 1998 by the European Union and also known as the European Union Data Protection Directive. The Canadian Personal Information Protection and Electronic Documents Act (PIPEDA). France: CNIL Guidelines. Ireland: Data Protection Acts of 1998 and 2003. Germany: Federal Data Protection Act. Italian: Personal Data Protection Code. Asian Pacific: Economic Conference privacy principles. 6 CINLibrary v1

7 The Seven Steps 1. Form the management team.
2. Create the response team. 3. Categorize all records. 4. Identify all retention requirements. 5. Prepare the record retention policy. 6. Prepare the backup and retrieval plan. 7. Train all parties on response and their roles in it. 7 CINLibrary v1

8 Formation of Management Team
Legal Department Tax Staff Information Technology Senior Management Review record retention policies of other companies Create timelines, milestones, and targets Leadership “buy-in” and enforcement 8 CINLibrary v1

9 The Response Team The team leader = in-house counsel
Information technology Litigation support specialists Outside counsel Attorney-client privilege Outside storage vendor Communications team 9 CINLibrary v1

10 The Response Quick and efficient implementation of the response plan
Business copies and personal copies. All forms of media All forms of electronic equipment Educate IT personnel IT backup schedules, retention and destruction protocols, networks, servers, and the electronic mapping Back up mapping and management IT for business purposes only “Blind” copies easily revealed Halt destruction FRCP rule 16(c) and 16(h) pretrial conferences 10 CINLibrary v1

11 The Response Relevance and Privilege
Engage crisis communications group Use intrusion detection technology Internal notification of data security breaches Plan for data security breaches Adopt measures to contain and control breaches Formulate crisis communications content 11 CINLibrary v1

12 The Response Identify law enforcement agency contacts
Prepare written procedures for notification of victims Conduct assessment of scope of breach Notify affected individuals as soon as possible Deploy crisis communications plan 12 CINLibrary v1

13 Notification By email Conspicuous notice on website
Notice to major media outlets – 75% of population At least ¼ page ads in newspapers for 3 weeks No less than 45 days within discovery of event 13 CINLibrary v1

14 Sort by Category and Format
Letters Corporate Records Contract Business Records Written Electronic Folders 14 CINLibrary v1

15 Retention Requirements
1. Statutes of Limitations 2. Business Needs 3. Historical Value 4. Legal and regulatory requirements 5. Business and industry practices 15 CINLibrary v1

16 Prepare the Policy Avoid selective destruction
Policy must be “reasonable” To be reviewed by a hostile third party Express desire to satisfy business and legal requirements Specify rational for each retention period Federal, international and state retention requirements Consider and plan for possible disaster scenarios Be conservative Identify all official records Identify official authority Reasonably comprehensive Avoid selective destruction Create back up plans Communicate back up plans to employees Develop comprehensive communication plan 16 CINLibrary v1

17 Spoliation of Evidence
Never destroy records involved in litigation Spoliation worse than damaging documents Fines, penalties and more… 17 CINLibrary v1

18 Publishing, Training and Oversight
Distribute policy to all company personnel Train on meaning, purpose, and operation Practice disaster simulations Practice dealing with all forms of media All must comply Periodically audit and revise Senior management engagement and approval 18 CINLibrary v1

19 Documentation Approvals of proper executives
General counsel, CIO, director of taxation, vice president or president Policies, procedures, audits, revisions Engage outside storage vendors Operational implementation 19 CINLibrary v1

20 Document Destruction Have clear plans and processes
Keep notes of what was destroyed, when, and by whom Avoid appearance of selective destruction No individual discretion Impose litigation “Holds” Create and follow business rules 20 Cinlibary CINLibrary v1

Download ppt "Development of your Company’s Record Information System and Disaster Preparedness The National Emergency Management Summit Thomas D. Anthony Frost Brown."

Similar presentations

and Electronic Records Retention: IT Requirements Paul Dworak Office of Compliance 565-4906.

and Electronic Records Retention: IT Requirements Paul Dworak Office of Compliance
Introduction to Records Management Policy

Introduction to Records Management Policy
Red Flags Rule BAS Forum August 18, 2010. What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.

Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.

IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.
Clean-up Days!.

Clean-up Days!.
© 2014 Nelson Brown Hamilton & Krekstein LLC. All Rights Reserved PRIVACY & DATA SECURITY: A LEGAL FRAMEWORK MOLLY LANG, PARTNER, NELSON BROWN & CO.

© 2014 Nelson Brown Hamilton & Krekstein LLC. All Rights Reserved PRIVACY & DATA SECURITY: A LEGAL FRAMEWORK MOLLY LANG, PARTNER, NELSON BROWN & CO.
Www.frostbrowntodd.com Ethical Issues in the Electronic Age Ethical Issues in the Electronic Age Frost Brown Todd LLC Seminar May 24, 2007 Frost Brown.

Ethical Issues in the Electronic Age Ethical Issues in the Electronic Age Frost Brown Todd LLC Seminar May 24, 2007 Frost Brown.
E-Discovery LIMITS ON E-DISCOVERY. No New Preservation Rule When does duty to preserve attach? Reasonably anticipated litigation. Audio sanctions.

E-Discovery LIMITS ON E-DISCOVERY. No New Preservation Rule When does duty to preserve attach? Reasonably anticipated litigation. Audio sanctions.
W W W. D I N S L A W. C O M E-Discovery and Document Retention Patrick W. Michael, Esq. Dinsmore & Shohl LLP 101 South Fifth Street Louisville, KY 40202.

W W W. D I N S L A W. C O M E-Discovery and Document Retention Patrick W. Michael, Esq. Dinsmore & Shohl LLP 101 South Fifth Street Louisville, KY
1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,

1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,
EDiscovery and Records Management. Records Management- Historical Perspective- Paper Historically- Paper was the “Corporate Memory” – a physical entity.

EDiscovery and Records Management. Records Management- Historical Perspective- Paper Historically- Paper was the “Corporate Memory” – a physical entity.
Developing a Records & Information Retention & Disposition Program:

Developing a Records & Information Retention & Disposition Program:
Session V Records Management Process Development

Session V Records Management Process Development
Network security policy: best practices

Network security policy: best practices
Department of Commerce Records Management Training.

Department of Commerce Records Management Training.
Created May 2, 20081 Division of Public Health Managing Records What is a Record? What is a Records Retention & Disposition Schedule? Why is this Important?

Created May 2, Division of Public Health Managing Records What is a Record? What is a Records Retention & Disposition Schedule? Why is this Important?
RECORDS MANAGEMENT MELANIE WELCH 1. What Is the Sunshine Law? The Sunshine law grants every person the Constitutional right to: ◦ View or copy any public.

RECORDS MANAGEMENT MELANIE WELCH 1. What Is the Sunshine Law? The Sunshine law grants every person the Constitutional right to: ◦ View or copy any public.
Why Information Governance….instead of Records & Information Management? Angela Fares, RHIA, CRM, CISA, CGEIT, CRISC, CISM 817.352.4929 or

Why Information Governance….instead of Records & Information Management? Angela Fares, RHIA, CRM, CISA, CGEIT, CRISC, CISM or
Electronic Records Management: What Management Needs to Know May 2009.

Electronic Records Management: What Management Needs to Know May 2009.

Similar presentations

Ads by Google