Presentation is loading. Please wait.

Presentation is loading. Please wait.

Should Your Bucket Have Holes in It? Part 1 – Things That Shoot Holes in Buckets John Montaña Montaña & Associates 1.

Published byBeatrix Gallagher Modified over 9 years ago

Similar presentations

Presentation on theme: "Should Your Bucket Have Holes in It? Part 1 – Things That Shoot Holes in Buckets John Montaña Montaña & Associates 1."— Presentation transcript:

1 Should Your Bucket Have Holes in It? Part 1 – Things That Shoot Holes in Buckets John Montaña Montaña & Associates 1

2 Why Big Buckets? Simplicity Smaller administrative overhead Simpler system configuration Easier for users to understand Reality Granular identification of records may be impossible Granular system configuration may be difficult or impossible 2

3 Legal Systems Two main legal systems: Common Law U.K., U.S., and former U.K. colonies Civil Law Most of the rest of the world Local, unique systems China Vietnam Russia 3

4 Issues to Be Aware Of Don’t assume the rules are the same everywhere Retention requirements vary Regulatory regimes familiar to U.S. or Canadian records managers may be: Vague and unhelpful Absent Many countries have IG/RIM laws on the books dating from the early 1800’s. 4

5 Retention Requirements Can vary dramatically: Payroll – from 2 years to 45 years Tax and accounting records – from 3 years to 75 years Personnel files – from 3 years to permanent 5

6 Statutes of Limitation Often much longer than U.S. or Canadian: As long as 20 or 30 years for commercial matters or general limitations Sometime much shorter than U.S. or Canadian As little as 2 months for HR or commercial matters 6

7 Media Requirements Electronic records may not be allowed Many countries have records laws dating from the 1800’s Electronic records may require e-signatures or authentication Laws may have specific, detailed requirements for signatures Records that do not follow the protocol may be denied legal effect 7

8 Data Privacy Laws Often very granular Affect a wide variety of personal data about anyone Severely restrict use of that data Severely limit where that data can be stored or sent May have burdensome requirements about managing, using and manipulating the data Very strictly enforced 8

9 Practical Issues EU data privacy laws do not permit transfer of personal data to places without similar levels of protection The U.S. does not have a similar level of protection – but there is a safe harbor rule What about multi-national server farms? DO NOT assume it’s automatically okay to have European data in the U.S. 9

10 European Privacy Rights – A Contrast U.S. – it’s not private unless a law says it’s private E.U. – It’s private unless authorized by law or permission U.S. – Haphazard enforcement of privacy rights, generally you enforce them personally with litigation E.U. – Very aggressive enforcement by many government agencies 10

11 Data Privacy This may lead to surprising results, e.g., email discovery: You may have to get permission from an employee to produce email 11

12 Data Privacy – A VERY Fluid Landscape Over the past 20 years – a proliferation of local data privacy regimes Country-by-country Province-by-province Companies struggling to comply 2015 – re-write of EU data privacy rules to harmonize and simplify them A recognition that the situation has become untenable 12

13 E-Records -- Three General Situations to Deal With Permissive law few conditions on e-commerce Restrictive law many restrictions on e-commerce No law Uncertainty – is e-commerce legal, are transactions enforceable? 13

14 The Overarching Problem U.S.-centric systems may not comply with requirements in foreign jurisdictions Within the US, there may still be inconsistent requirements Foreign requirements may be burdensome in the U.S. Differing levels of granularity for different records in different countries create severe problems 14

15 The Landscape Most of Europe: No global e-records law – electronic records only in particular situations Images may require authentication and digital signatures Particular formats or technical details may be specified in law Records not kept in conformance to law may not be admissible in legal proceedings 15

16 The Rest of the World By default, the law prefers: paper records hard copy wet signatures Many countries have laws on the books requiring: paper records wet signatures Unless an e-commerce law explicitly authorizes it, a technology or process may not be legal 16

17 An Example Kuwait has no e-commerce or e-records law, but – It’s a major, first world financial center Electronic transactions are common, but: Are effectively unenforceable – courts routinely deny admissibility to e-records Lost lawsuits are a cost of doing business 17

18 Another Example Imaged accounting invoices Legal in Switzerland, but: Each image must have a digital signature attesting to accuracy and authenticity No signature, no admissibility in tax audits Digital signature service bureaus are a cost of doing business 18

19 Quasi-Legal Issues An auditor or judge may want paper regardless of the law You may be stuck regardless of the merits You can’t afford to be on their bad side A lawsuit would take years, and might be futile 19

20 Location Restrictions Tax and accounting records may have to be kept in the country of origin If stored electronically, the server or media may have to be physically located in the country 20

21 Maximum Retention Periods Increasingly personal data is governed by maximum retention periods Keeping records longer is a violation of law Retention periods may pose a challenge in tension with legally required minimum periods Maximum retention may only affect part of a record 21

22 Practical Issues ERP and EDM systems – e.g., SAP, Peoplesoft Maximum periods are often granular, often very short ERP and EDM systems make purging difficult, buckets very big How do you make such a system compliant? 22

23 Vague or Absent Laws Laws may have grave consequences, but give little or no records guidance – e.g., Sarbanes-Oxley Some countries may have no developed regulatory regime in an area There is a complete absence of regulatory requirements But there will be civil liability And there may be very long statutes of limitation 23

24 Developing Regulatory Regimes Countries that formerly had no records laws in an area develop a regime rapidly HR OSH Environmental 24

25 Multinational Regulatory Regimes European Union Mercosur ASEAN CARICOM Increasing, these replace or supplement national law 25

26 The Odd Case of Russia Master national retention schedule All records, business and personal The Russian State Archives can require: Permission prior to records destruction Assessment of expired business records Accession of them to state archives All at your expense Many, many permanent or very long retention periods What’s the Upshot of All of This? 26

27 What’s the Upshot of All of This? Big Buckets are about uniformity and consistency Big buckets assume that the rules are the same everywhere, or at least can be harmonized In a large scale environment, that harmonization becomes a challenge 27

28 Inevitable Consequences of Big Buckets Long – sometimes very long - retention periods Longest legal requirement Longest risk management consideration Longest business requirement Longest fudge factor Very conservative event-based rules e.g., how long could your longest contract be active before the retention period runs? 28

29 What do Do? Stay Tuned for Part 2 29

30 Questions ? 30

Download ppt "Should Your Bucket Have Holes in It? Part 1 – Things That Shoot Holes in Buckets John Montaña Montaña & Associates 1."

Similar presentations

IT: Communication and Impacts

IT: Communication and Impacts
International forum on eNotarization and eApostilles The impact of e-technology on notarial acts: legal and technical possibilities and limits -relevance.

International forum on eNotarization and eApostilles The impact of e-technology on notarial acts: legal and technical possibilities and limits -relevance.
Chapter 17 Completing the Audit Engagement McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.

Chapter 17 Completing the Audit Engagement McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
E-Commerce and ODR Conference Seoul September 2012 John D. Gregory.

E-Commerce and ODR Conference Seoul September 2012 John D. Gregory.
GMP Document and Record Retention

GMP Document and Record Retention
INDIANA UNIVERSITY OFFICE OF THE VICE PRESIDENT AND GENERAL COUNSEL Indiana Access to Public Records Act (APRA) Training.

INDIANA UNIVERSITY OFFICE OF THE VICE PRESIDENT AND GENERAL COUNSEL Indiana Access to Public Records Act (APRA) Training.
Completing the Audit Engagement

Completing the Audit Engagement
MINNESOTA GOVERNMENT DATA PRACTICES ACT How the law affects University employees and recordkeeping Susan McKinney Records & Information Management.

MINNESOTA GOVERNMENT DATA PRACTICES ACT How the law affects University employees and recordkeeping Susan McKinney Records & Information Management.
Coping with Electronic Records Setting Standards for Private Sector E-records Retention.

Coping with Electronic Records Setting Standards for Private Sector E-records Retention.
Developing a Records & Information Retention & Disposition Program:

Developing a Records & Information Retention & Disposition Program:
University of Illinois Archives Slide 1 Issues in Electronic Record Keeping Presentation to Electronic Records Working Group Chris Prom, Assistant University.

University of Illinois Archives Slide 1 Issues in Electronic Record Keeping Presentation to Electronic Records Working Group Chris Prom, Assistant University.
Chapter 17 Completing the Engagement McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved.

Chapter 17 Completing the Engagement McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved.
Copyright © 2004 by Prentice-Hall. All rights reserved. PowerPoint Slides to Accompany BUSINESS LAW E-Commerce and Digital Law International Law and Ethics.

Copyright © 2004 by Prentice-Hall. All rights reserved. PowerPoint Slides to Accompany BUSINESS LAW E-Commerce and Digital Law International Law and Ethics.
The E-Signatures Act and eConsent Karin Fuog Nelnet Policy Services November 6, 2006.

The E-Signatures Act and eConsent Karin Fuog Nelnet Policy Services November 6, 2006.
What Will My Records Retention Schedule Look Like ?

What Will My Records Retention Schedule Look Like ?
Arizona State Library, Archives and Public Records

Arizona State Library, Archives and Public Records
Building and Refreshing Retention Schedules John Montaña 1.

Building and Refreshing Retention Schedules John Montaña 1.
ELECTRONIC SIGNATURES in Law and Practice John D. Gregory October 5, 2009.

ELECTRONIC SIGNATURES in Law and Practice John D. Gregory October 5, 2009.
Public Records Management Advanced Real Property Seminar September 15, 2010 Presented by: Tom Vincent, NCDCR Local Records Management Analyst.

Public Records Management Advanced Real Property Seminar September 15, 2010 Presented by: Tom Vincent, NCDCR Local Records Management Analyst.
1Copyright 2009. Jordan Lawrence. All rights reserved. Annual In-House Symposium Practical Steps to Minimize Privacy Risks: Understanding The Intersection.

1Copyright Jordan Lawrence. All rights reserved. Annual In-House Symposium Practical Steps to Minimize Privacy Risks: Understanding The Intersection.

Similar presentations

Ads by Google