Username: Save?
Password:
Home Forum Links Search Login Register*
    News: Keep The TechnoWorldInc.com Community Clean: Read Guidelines Here.
Recent Updates
Fury v Usyk: Can Undisput...
by Saniya Abraham
[May 17, 2024, 05:02:16 PM]
Reddit shares jump after ...
by Saniya Abraham
[May 17, 2024, 05:02:16 PM]
Pornhub partners with UK ...
by Saniya Abraham
[May 17, 2024, 05:02:16 PM]
Grand Theft Auto maker fi...
by Saniya Abraham
[May 17, 2024, 05:02:16 PM]
Three-year-olds groomed o...
by Saniya Abraham
[April 24, 2024, 11:48:22 AM]
How robots are taking ove...
by Saniya Abraham
[April 24, 2024, 11:48:22 AM]
Australia PM calls Elon M...
by Saniya Abraham
[April 24, 2024, 11:48:22 AM]
US Senate passes bill tha...
by Saniya Abraham
[April 24, 2024, 11:48:22 AM]
Google to delete records ...
by Saniya Abraham
[April 03, 2024, 06:11:00 PM]
UK and US sign landmark d...
by Saniya Abraham
[April 03, 2024, 06:11:00 PM]
Will Truth Social solve T...
by Saniya Abraham
[April 03, 2024, 06:11:00 PM]
Billie Eilish and Nicki M...
by Saniya Abraham
[April 03, 2024, 06:11:00 PM]
Musk attacks 'dumb eco-te...
by Saniya Abraham
[March 06, 2024, 02:45:27 PM]
Subscriptions
Get Latest Tech Updates For Free!
Resources
   Travelikers
   Funistan
   PrettyGalz
   Techlap
   FreeThemes
   Videsta
   Glamistan
   BachatMela
   GlamGalz
   Techzug
   Vidsage
   Funzug
   WorldHostInc
   Funfani
   FilmyMama
   Uploaded.Tech
   MegaPixelShop
   Netens
   Funotic
   FreeJobsInc
   FilesPark
Participate in the fastest growing Technical Encyclopedia! This website is 100% Free. Please register or login using the login box above if you have already registered. You will need to be logged in to reply, make new topics and to access all the areas. Registration is free! Click Here To Register.
+ Techno World Inc - The Best Technical Encyclopedia Online! » Forum » THE TECHNO CLUB [ TECHNOWORLDINC.COM ] » Computer / Technical Issues » Hardware » Data Recovery
 Document and Data Management Considerations for Private Companies
Pages: [1]   Go Down
  Print  
Author Topic: Document and Data Management Considerations for Private Companies  (Read 607 times)
Daniel Franklin
TWI Hero
**********


Karma: 3
Offline Offline

Posts: 16647


View Profile Email
Document and Data Management Considerations for Private Companies
« Posted: October 03, 2007, 09:26:16 AM »



Increasingly, the need for a written, highly structured document and data management policy is becoming vital to any private company. While the recently enacted Sarbanes-Oxley (SOX) rules promulgated by the Securities and Exchange Commission require such a written policy for public companies, there are ample reasons for private companies to also adopt a written document and data management policy.

Various statutes now require most companies, whether public, non-profit or private, to securely maintain written records in regard to certain aspects of their personnel information and business operations. Under the Health Insurance Portability and Accountability Act (HIPAA), for example, companies may be sued if a security breach or other mishap results in the unauthorized disclosure of medical records. The controversial Patriot Act requires disclosure to the federal government of certain customer data and can subject the disclosing company to a lawsuit if the customer was not sufficiently advised of the possibility of such disclosure. A proposed amendment to the federal Rules of Civil Procedure would require lawyers representing parties in litigation to discuss document management systems of their clients prior to any legal proceedings. Another proposed amendment to the federal Rules of Civil Procedure would provide a safe harbor for companies that lose information but have otherwise acted in good faith, precluding any sanctions for such information loss. Certain state laws, such as the California Online Privacy Protection Act of 2003, require website disclosure of privacy policies in regard to personally identifiable information (such as name, address, credit card number, social security number, email address, etc.), which should include a statement about the security procedures in place to protect such information.

Prudence also dictates that written records be maintained in the event of employee claims or litigation involving the company. Companies should also be vigilant in documenting incidents involving any inappropriate or improper behavior by an employee. Emails and instant messages are now often crucial in determining court cases. Employee emails are generally considered to be the property of the employer, and the company’s HR policy and employee manual must clearly state so. Accordingly, employers should ensure that copies of all employee emails and instant messages are retained in the event of any employee-related litigation. For the same reason, in addition to maintaining copies of executed contracts and written correspondence, companies should retain copies of all emails and electronic document interchange (EDI) transactions with vendors and customers in the event of any litigation with such third parties. Companies should develop disaster recovery plans and test the recovery of all important data and information. Electronic imaging of physical documents should become standard.

In order to ensure that such procedures are in place and followed, company management must create an infrastructure that will be responsible for the implementation and monitoring of such procedures. This must come from the top down in the organization. The Board of Directors or a committee of the Board should review internal controls and written processes designed to ensure the retention and security of all company records and information and avoid misuse or unauthorized disclosure of such records and information. The Board or such committee should consult closely with members of the company’s information technology (IT) or finance department and others responsible for company files and records in order to ensure compliance with a clearly defined operations policy for the storage, maintenance, protection and destruction of company records and information. There are numerous sources of guidance for company management and IT or finance departments in this regard. These include the Committee of Sponsoring Organizations (COSO), an independent auditing industry group that has received implicit endorsement from the Securities and Exchange Commission. In addition, the Sedona Principles is a set of best practices for e-discovery and the Control Objectives for Information and Related Technology (COBIT) detailing the IT or finance department’s role in information and security controls is recommended reading for private companies, even though it is directed at public companies in the post-SOX era.

Company management must also ensure that the IT or finance department has the necessary resources to properly maintain and safeguard electronic records. Extensive storage capabilities and related software are required for document management, data backup, and email and instant message archiving, as such records must be maintained for an extended period of time. Under SOX, for example, records are required to be stored for seven years and must be non-erasable and non-rewritable. Hundreds of outsource storage companies have emerged to assist companies with their e-document management and data storage needs. It is vital that such software and services include fast and reliable document and data search capabilities as well.

Paper records should be organized logically to facilitate their retrieval at a later date. Ideally, the contents of the files should be logged electronically using database software specifically designed for this purpose (the XML standard has gone a long way in standardizing how to identify data). Companies should also ensure that off-site records can be remotely searched.

Access to company records should be closely controlled and restricted to a limited number of individuals. Just as electronic records have audit trails of who has access and when the data was accessed, paper records should not be open and available for anyone to simply walk in and review them, or alter them.

Finally, a document destruction policy should be included as part of the written document and data management policy. Time periods for purges of electronic data and paper records should be established and followed explicitly. As a general rule, it is not recommended that data or records be destroyed until at least seven years has elapsed since the initial archive or storage of such data or records. However, the appropriate time limit depends on many factors, including the nature of the data or records, relevant statutes of limitation and governmental requirements. Company management should therefore consult with legal counsel and a document management professional before establishing a document destruction policy.

Kent Clayton is a partner and co-chair of the Business Practice Group at Berger Kahn, a full service business law firm with offices in Orange County, Los Angeles, San Diego and the San Francisco Bay area. Michael Siersema is Managing Partner and CEO of Phoenix2000 Group LLC, a technology leadership and advisory services company with offices in Huntington Beach, California, West Lake Village, California and Washington, D.C.

Article Source: http://EzineArticles.com/?expert=Michael_Siersema
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Copyright © 2006-2023 TechnoWorldInc.com. All Rights Reserved. Privacy Policy | Disclaimer
Powered by SMF 1.1.4 | SMF © 2006-2007, Simple Machines LLC
Seo4Smf v0.2 © Webmaster's Talks
Page created in 0.09 seconds with 25 queries.