Store your business’ essential documents securely offsite to save space and ensure compliance.
Protect your business’s digital media in a secure, climate-controlled vault.
Preserve the safety and integrity of biological samples, pathology slides, and critical medical materials with secure, climate-controlled storage.
Optimize storage for pallets and bulk items with secure, scalable solutions ideal for growing businesses.
Secure your essential records like wills, evidence, trusts, and legal documents in our vault.
Easily manage and track your inventory online with Corodata’s secure and user-friendly Client Portal.
Need storage boxes? Order Corodata’s durable, secure boxes online in just a few clicks. Keep your records organized and protected.
Access your physical documents digitally with Corodata’s Scan on Demand service. Deliver secure, on-request scans directly to your device.
Digitize large quantities of documents efficiently with Corodata’s High Volume Scanning. Ensure quick, secure, and accurate conversion to digital files.
Securely access your digital and scanned documents anytime from your desktop, tablet, or phone with CoroVault.
Keep your business compliant and secure with our NAID-certified paper shredding services.
Securely dispose of IT assets with secure data destruction and responsible recycling.
Prevent data breaches with certified hard drive destruction, fully wiping data and ensuring compliance.
Host a shred event to provide secure shredding services to your community at a central location with our mobile shred truck.
We offer a range of secure, locked shred bins and consoles designed to safely store confidential documents and files. Explore our available options today!
Stay informed with the latest records management tips, industry news, and expert insights.
Unlock free exclusive ebooks, templates, and checklists to streamline your business operations.
Access free on-demand webinars to master Corodata’s client portal.
This guide reveals exactly which business records to keep and for how long.
Safeguard your business operations and speed up recovery during a crisis by completing this disaster recovery plan.
Easily maintain HIPAA compliance with our comprehensive checklist.
Since 1948, we have delivered secure records management solutions to help businesses confidently protect and manage their information.
Compliance with records management laws and policies is crucial for businesses and records managers in preventing data breaches. Unauthorized access to a company’s consumer data can cause reputational damage and decreased revenue.
To encourage compliance, relevant government authorities impose strict penalties for noncompliance, including hefty fines, civil lawsuits, and in some cases, criminal charges.
This article explores more than 20 essential data laws and policies that every records manager should understand, relevant international data laws and the best practices for records management compliance.
These laws regulate the collection, management, and storage of personal data. Some are specific to particular industries or geographical locations.
One of the strongest data protection laws worldwide, the GDPR regulates how companies collect and process online consumer information belonging to residents of the European Union. The law applies to anyone within and outside of the EU who targets EU consumers, whether through products and services or monitoring of online behavior.
Examples of GDPR policies include notifying visitors that their data is being collected, asking for consent, and alerting data subjects in case of a breach. Penalties for violating these regulations are based on a company’s revenue and may also include compensation in case of damages.
The CCPA provides various data rights to people who live in California, including the rights to know how their information is used and to request for deletion of their personal data from company databases. These laws apply to for-profit businesses that operate in the state or collect information from one or more California residents. Companies that violate CCPA regulations could face a fine of up to $2,663 for accidental violations and $7,988 for intentional violations.
Highly sensitive medical records can be used to harm the owner if they fall into the wrong hands. HIPAA upholds the privacy of a patient’s protected health information, such as name, Social Security number, health history, and biometrics through various provisions.
The privacy rule prohibits covered entities from disclosing an individual’s medical records, while the security rule ensures the protection of electronic health data. The enforcement rule sets the guidelines for investigating violations, conducting hearings, and setting penalties.
Enacted in 1974 as federal law, FERPA protects student education records by mandating access and restricting disclosure of personally identifiable information without proper consent. All education institutions that receive government funding must grant parents or eligible students free access to their records and allow hearings to challenge and amend misleading or inaccurate data.
Records retention and management laws establish recordkeeping, storage, and disposal practices for companies.
Passed in 2002 after a series of high-profile financial scandals, the SOX Act protects investors from fraud by establishing reporting and recordkeeping practices, ensuring transparent audits, and enforcing criminal penalties for violations. Key provisions in this law include requiring senior officers to sign off quarterly financial reports, establishing internal controls to ensure accurate reporting, and setting criminal penalties of up to 25 years in prison for violating securities laws.
The GLBA is a federal law that governs how financial institutions gather, store, and share their customers’ nonpublic personal information, such as name, date of birth, and biometrics. Under the Privacy Rule of the GLBA, institutions must offer written notices to customers explaining their privacy policy practices, including an opt-out option if they don’t want their information shared with third parties. Furthermore, the Safeguards Rule requires regular evaluation and address of risks to customer records.
In line with transparency and democracy, the FOIA grants the right to request access to nearly all federal agency records, except a few categories of protected information. FOIA also requires agencies to publish certain types of information and frequently asked questions online.
The FRA is a document retention law that outlines the management of government records in their life cycle from creation to disposal. Among other things, it requires federal agencies to create standards and procedures for effective and efficient records management. It also champions the preservation of important legal, historical, and financial federal records, which people can request access to through the FOIA.
Certain record management laws apply to record managers working in specific industries.
The PCI Standards Security Council created PCI DSS regulations in 2006 to ensure the secure processing of cardholders’ data and to prevent card fraud. Any business that stores, transmits, or processes card payments must be PCI compliant to prevent data breaches and avoid hefty fines. PCI DSS is based on six major requirements that revolve around data protection, the establishment of secure payment networks, and the creation of security policies.
To fight financial crimes such as money laundering and tax evasion, the BSA & AML laws require financial institutions to keep a paper trail of transactions and identifiable information of the persons involved. Key requirements for financial institutions include retaining records for transactions, declaring cash transactions exceeding a daily aggregate amount of $10,000 to the Internal Revenue Services, and reporting other suspicious financial activity.
Take advantage our Records Retention Guidelines to know exactly what you need to have and for how long.
ISO 15489 is a global standard created by the International Organization of Standardization (ISO) in 2001 to establish the principles and concepts of records management. It recognizes records as an integral informational asset and evidence for supporting business activity.
The standard also outlines the characteristics of a good record, which are usability, authenticity, integrity, and reliability. Record managers, regardless of their industry or location, must be knowledgeable about ISO 15489 requirements to ensure effective records management across departments.
NARA is the United States’ official records manager for federal records. NARA’s code of guidelines supports federal agencies in documenting essential transactions, procedures, and policies as part of their records. The guidelines also outline standards for federal records retention schedules and disposal of temporary records.
Employment and human resource records management laws protect employee well-being at the workplace regarding issues such as wages, hiring practices, and safety.
These rules govern the access, use, and legal validity of electronic records as online transactions become a norm.
Data retention and disposal laws determine what data to keep and what to destroy while ensuring secure disposal methods that prevent unauthorized data access.
The FACTA Disposal rule requires businesses and individuals who process personal information in consumer reports and records to find appropriate ways to dispose of the data. This typically means using disposal methods where the information isn’t exposed to unauthorized persons.
Some of the popular methods of destroying such information include shredding, incinerating records, and erasing or wiping out the data. Having proper disposal rules upholds customer trust and creates a strong brand image while enhancing operational efficiency.
Records managers can comply with the FACTA Disposal Rule by developing and implementing a disposal policy, training employees involved in the process, and using a certified electronic records disposal provider.
The HITECH Act is a federal law enacted as part of the 2009 American Recovery and Reinvestment Act. It encouraged the adoption of electronic health records (EHR) by providing monetary incentives to companies that demonstrated meaningful use of EHR. HITECH shares its goals with the US healthcare system’s regulations, which include patient engagement, upholding the security and privacy of health records, and increased care coordination.
The legislation also strengthened HIPAA’s security and privacy rules and introduced harsher penalties for HIPAA violations to encourage compliance.
Before the CCPA, California had enacted a data security breach reporting law that requires businesses to notify consumers in case of data access by unauthorized persons. Other states also have various records management and data privacy regulations to protect their information.
Arizona’s data breach law requires organizations to send a notification to affected customers or users within 45 days of the breach and to the attorney general if the incident impacts more than 100 individuals. Virginia was the second state after California to pass a data protection law, the Virginia Consumer Data Protection Act (VCDP), which safeguards sensitive data and imposes records management on the businesses managing the data.
Other countries have their versions of records management and data privacy laws within their geographical area. Examples include:
Record managers and business owners can implement the following strategies to ensure compliance with the data laws and policies they’re subject to:
Make sure you stay compliant through the whole process and ensure your electronic documents are safe.
Records management laws fall under various categories depending on their implementation and data guidelines. Some establish standards for gathering and storing data, while others lay out proper retention and disposal methods.
Records managers must understand these laws to avoid penalties for violations. Be sure to always speak to professional legal help to ensure your business is compliant.
Download the Records Management Compliance Checklist and start creating a compliant records program for your organization today.