Staying Ahead of Regulatory Changes: Access Experts Share Their Insights and Recommendations
Access | Information Management
Your trusted information management partner to help take your business where it needs to go
Hi!?? Welcome to Advanced Access. This week, pressing industry questions answered directly by the legal experts at Access. Gain insights and recommendations on records retention, privacy, and regulatory changes.
Stay up-to-date and never miss a valuable weekly post by subscribing today!
At a recent webinar titled "Staying Ahead of Regulatory Changes: Proactive Strategies for Effective Records Management ," Access’ Omero Ba?uelos , Senior Counsel, Brent Martindale , Senior Director of Info Gov, and Adam Koonce , Manager of Legal Research, shared their wisdom on records retention, privacy, and regulatory changes. Here's a rundown of the questions they answered.
Q: What trends have you noticed regarding regulatory changes recently and how are they impacting records management?
Omero Ba?uelos: What I'm seeing is more instruction and guidance from either the regulators or the regulations as to how long to retain a record, and oftentimes it’s for shorter periods. I’m also seeing a lot more procedural requirements on how to handle data so that you're complying with cybersecurity and privacy protection requirements.
Brent Martindale: Regulators are becoming more involved in company record practices and show readiness to impose fines for non-compliance. There was a case where a vision care provider was fined for failing to implement their stated privacy policy regarding health information disposal. They had a privacy policy stating they would get rid of health information once it was no longer needed for business purposes, and that didn't happen. Later, when there was a data breach, the New York Department of Financial Services got involved, as well as a New York attorney general.
Adam Koonce: U.S. privacy regulations are accelerating. More states are passing comprehensive data and privacy regulations. Be prepared to see more stringent rules shortly.
Access Manager of Legal Research Adam Koonce on U.S. Data Privacy Laws?
Q: What about managing retention periods for global business operations?
Brent Martindale: Make sure you're using a tool that is considering all your business operations around the globe, and that you're doing an adequate level of legal research. This helps you stay updated on global regulations about record-keeping duration. Then, it's important to use that information to inform your retention schedule.
Q: Should electronic records and paper records be destroyed on the same schedule? What are your thoughts from a legal compliance perspective?
Omero Ba?uelos: There are very few requirements that say, “This record must be maintained in digital format versus physical.” Aside from a few exceptions, just be sure to keep the record accessible.
Brent Martindale: Retention schedules should be agnostic of the record format. However, there are a few exceptions where maintaining the original copy of a record is necessary, like IP or real estate contracts.
Access Experts on Best Practices for Electronic Retention and Legal Compliance
领英推荐
Q: How do you manage to comply with regulations that were conceptualized without electronic records in mind?
Adam Koonce: A team member of mine once came across a piece of legislation that said something had to be stored in visible cathode ray tube (CRT), those old vacuum tube TVs. Being able to produce it on a CRT system was part of the main requirements we encountered. I just thought that was comical!
Omero Ba?uelos: Some regulations are indeed outdated, but "reasonableness" becomes the objective standard in case law, where compliance is judged based on what a similar company would do.
Q: Can you explain how the concept of "reasonable" is considered or evaluated in a court of law or during regulatory audits concerning compliance and information retention?
Brent Martindale: Regulators and courts are starting to provide guidance on what is considered reasonable, or more specifically, what reasonable is not. For example, the Federal Trade Commission recently interpreted the health breach notification rule to disallow indefinite retention of covered information in the health field. Privacy guidelines advise not keeping records longer than necessary or beyond what's required for business operations. While attorneys often find various justifications for record retention, I think regulators and courts are going to start weighing in more frequently to help us understand what reasonable is.
Q: What are the consequences of keeping a record past its’ retention?
Omero Ba?uelos: Violating retention policies can undermine credibility and lead to evidence spoliation. When you get challenged by a government agency that's auditing your company or in litigation, and you’re inconsistent in following your retention schedule, then it's hard to defend your practices.
Brent Martindale: The possibility of a data breach and subsequent fines, as well as extra litigation costs.
Access Senior Director of Info Gov Brent Martindale on the Risks of Keeping a Record Beyond Retention Period?
Q: Adam, based on your research, what are your future predictions for regulatory changes that will impact records management?
Adam Koonce: As far as future predictions go, it's difficult to anticipate what countries are going to do or what new legislation's going to come up. Right now, autonomous vehicles, AI, and privacy are hot-button issues, ripe for new legislation. There’s the potential to see a lot of new legislation in the next 10 years, but I think at this point, only the bigger, more developed legal jurisdictions are looking at AI and passing AI legislation.
Q: How can companies proactively stay ahead of regulatory changes?
Omero Ba?uelos: It really helps to talk to colleagues — share best practices, war stories, and ask questions. I think that's a great way to get in front of things because chances are others are facing or have already faced the same issues you are. They likely have some solutions or shortcuts for you to try.
Brent Martindale: Implement a system to stay informed about amendments and new laws. If you don't have software like Virgo? ?to help you become apprised of new laws and amendments, then find another way to stay updated. As Omero mentioned, become part of a community, or read up on new regulations frequently.
Adam Koonce: If a system like Virgo is not in your budget, identify who your regulators are and find yourself on their web page as often as possible — once a week, once a month, whatever it might be. Consistently get yourself up to speed on what's changing.
For additional insights from Omero, Brent, and Adam, watch the recording of Staying Ahead of Regulatory Changes: Proactive Strategies for Effective Records Management today.
To see Virgo in action, a cloud-based legal solution that informs your privacy and retention policies by providing continuously updated legal research in 220+ jurisdictions around the world, request a 30-minute consultation and demo .