One of the things I love about helping all my Compliance Helper (CH) clients with their information security and privacy compliance activities is that they often ask questions that most other small and mid-size organizations also have. So, I then have a great opportunity to share advice! One of my recent conversations dealt with the challenges my mid-size client was having in trying to appropriately customize the data and records retention policy and procedure I provide through the CH service to fit his organization’s unique type of business associate service, while also meet compliance with the HIPAA retention requirements. The paraphrased questions below started our conversation after I advised that there are many types of documents that must be retained for at least 6 years to meet compliance: (more…)
Posts Tagged ‘data retention’
What You Need to Know for Retention Compliance
Wednesday, November 20th, 2013HIPAA/HITECH Etc. Retention: Does Your Reality = Your Requirements?
Tuesday, October 6th, 2009Last month I had the great pleasure of being a guest on Scott Draughon and Anyck Turgeon’s MyTechnologyLawyer.com radio show for a segment entitled, “Is encryption enough to achieve privacy?”
I was pleasantly surprised to see a large number of great follow-up questions following the show!
I covered one of them in my post, “Don’t Throw Your Privacy Out The Window; Know How Your PII Is Used” Here are a couple more of those many questions I want to answer in this post…
More Data Retention Tips And Considerations
Thursday, August 28th, 2008Here are some more data retention tips and considerations as a follow-up to my Tuesday blog post…
Do You Know Your Data Retention Requirements?
Tuesday, August 26th, 2008There have been several interesting news reports recently about data retention proposals, plans, practices and laws in the U.K.
Currently there are proposals to require emails to be retained for a full year, but critics contend that sloppy data retention practices will result in actual retention periods much longer, if the emails even ever get deleted.
This is an important point; when it comes to data retention, the requirements are rarely, if ever, followed by some organizations…
E-Discovery Decision Demonstrates Need For Effective Retention Practices: A Great Case Study For E-Discovery Training
Monday, January 7th, 2008I’m still catching up on December news…and I ran across a significant e-discovery ruling. The U.S. District Court for the Central District of California ruled December 13, 2007, that Justin Bunnell/www.TorrentSpy.com was guilty of “willful spoliation of evidence” violating the E-Discovery Rule in the suit Columbia Pictures, Inc. brought against them for copyright infringement.
Reading through the court records, it is really amazing how blatantly the defendent violated what seemed to be almost every e-discovery rule possible in this situation. They…
RAM Is Subject To E-Discovery Under Recent Ruling: Talk With Your Legal Counsel About The IT Issues
Friday, June 29th, 2007Late last year I blogged about the new E-Discovery Rule that took effect on December 1, 2006.
I wrote “The Business Leader Data Retention and E-Discovery Primer” discussing the issues, and I also wrote an article discussing the e-discovery issues for which IT must be involved, “E-Discovery Quagmires.”
A Twist Within a New State Breach Notice Law: Maryland’s Also Requires Information Security Safeguards
Monday, May 28th, 2007Here’s something that you don’t see in other states…
On May 17, Maryland Governor Martin O’Malley signed into law two identical bills, one from the House and one from the Senate, that require businesses to notify state residents if their unencrypted or unredacted personal information, whether in electronic or paper form, is breached. In addition to mandating breach notification, the new law contains data security and data destruction requirements for companies doing business in the state.
More Reason to Strengthen Information Security: New MN Law Restricts How Long Merchants Can Retain Purchase Information
Monday, May 28th, 2007To date we have at least 37 U.S. states that have enacted breach notice laws, (Maryland’s new breach notice law was signed May 17th), but these address how to react AFTER personally identifiable information (PII) has been compromised. Multiple federal-level bills proposed but none yet passed.