Presentation is loading. Please wait.

Presentation is loading. Please wait.

Electronic Records Management: What Management Needs to Know May 2009.

Published byShauna Rodgers Modified over 8 years ago

Similar presentations

Presentation on theme: "Electronic Records Management: What Management Needs to Know May 2009."— Presentation transcript:

1 Electronic Records Management: What Management Needs to Know May 2009

2 Who would handle this scenario at your institution (and how)? A request for copies of e-mails between two individuals is requested for the past five years.

3 Who would handle this scenario at your institution (and how)? A class action lawsuit is filed against the institution for sexual harassment that goes back a number of years and impacts several departments. Add this to the scenario: During e-discovery you find that two departments involved in the lawsuit set their own differing retention policies for the records. One department destroyed the records, the other retained them but it does not provide the whole story.

4 Who would handle this scenario at your institution (and how)? A celebration of the institution’s history is being planned and a timeline is needed of…

5 Who would handle this scenario at your institution (and how)? A federal investigator requests copies of student records as part of a student financial aid investigation.

6 Be Proactive! Thinking about these scenarios before they happen is much easier than addressing them on the fly…

7 What are the issues? Information is important and must be properly cared for. Faculty and staff are responsible for protecting the information that have been entrusted to them in the course of performing their jobs.

8 What are the issues? (continued…) Some information is sensitive or confidential and requires special care when handling. Some types of data require adherence with state/federal laws.  Protocols for releasing information to others, including law enforcement agencies.  Protocols when a breach occurs.

9 What are the issues? (continued…) Retaining records for longer than required or necessary can create unnecessary risk. Destroying records or information inappropriately may cause legal issues and may put the history and/or reputation of an institution at risk.

10 Getting Started Get support Identify a champion Build a team Research what others are doing. Determine legal and contractual requirements. Develop written policies and procedures. Start with the most sensitive or valuable. Train Employees

11 Initial Desired Outcomes or Goals A set of written policies that set expectation for behavior A retention/disposition schedule for your institution and/or departments Training and/or informational materials that clarify expectations & behavior

12 Many Ways to Get Started – Pick one that works for your institution Raise awareness, then build and provide tools Build and provide tools, then raise awareness Focus on the records first

13 ADDITIONAL SUPPORTING INFORMATION

14 Why is this Important? (Management Drivers) Documents management decisions Provides historical references of transactions and events Enhances our organization’s operational efficiencies Demonstrates regulatory compliance Provides litigation support Reduction in cost for storage

15 Why is this Important? (Legal, Statutory, Regulatory, and Contractual Requirements) Sector coveredConcerns Privacy Act 1974 U.S. Government Privacy Family Educational Rights and Privacy Act (FERPA ) 1974 Education records Privacy Health Insurance Portability and Accountability Act (HIPAA) 1996 Protected health information Privacy and security rules Financial Modernization Act (Gramm- Leach-Bliley or GLB) 1999 Certain financial data Security safeguards Fair and Accurate Credit Transactions Act (FACTA) 2003 Credit records Secure disposal State Laws 2002 + Personal data (primarily SSN) Privacy, notification, secure disposal Payment Card Industry Data Security Standards (PCI-DSS) 2005 Credit card data Security standards Federal Rules of Civil Procedure – Electronically stored information rules2006 Red Flag Regulations 2007 Credit records Identity theft

16 16 The AICPA listed Electronic Data Retention Strategy as one of the top Technology initiatives for 2009. Current Issues Committee found that data administration is one of the top 10 areas of most expenditure in human or financial resources. 16 Watch for the new study on Data Management in the Fall of 2009 Timely Topic

17 Building a Team Provide leadership and commitment Establish cross functional representation  Legal Counsel  Internal Audit  Information Security  Chief Financial Officer  Student Affairs  Chief Academic Officer  Archivist or Librarian  Chief Information Officer  Human Resources Identify other stakeholders

18 Information Lifecycle… Created (or received) Managed Used  Actively  In-Active (stored)  Transformed  Permanently Archived  Disposed

19 Components of an Effective Records and Information Management Program Preservation Disposition Disaster Prevention and Recovery Disaster Prevention and Recovery Vital Record Conversion Retention Scheduling Retention Scheduling Records Classification Records Classification Files & Forms Management Files & Forms Management Records Inventory Records Inventory Records & Information Management Records & Information Management Policy & Procedures

20 Data/Records Classification (how sensitive or valuable is it?) There are laws, regulations, rules, or policies (federal, state, and institutional) that require classification of data.  Public  Non-public Factors for grouping may include:  Record type  Sensitivity  Confidentiality  Desired longevity  Desired availability

21 Records Retention & Disposition (keeping track of it & for how long!) How long should records be maintained?  Federal and State Laws – In Minnesota “official records” cannot be disposed of unless on an approved record retention schedule. –Minnesota Official Records Act – “all officers and agencies” at all levels of government “shall make and preserve all records necessary to a full and accurate knowledge of their activities.” How should records be disposed? Record Retention Compliance

22 How long vs. How Many? Retention TimeQuantity

23 Key Definitions Information - Data that has been given value through analysis, interpretation, or compilation in a meaningful form Record - recorded information, regardless of physical form or characteristics, which serves to document the institution, functions, policies, decisions, or other activities of the institution and its faculty, staff, and students. Electronically Stored Information (ESI)-- All electronically stored information and data subject to possession, control, or custody of an institution regardless of its format and the media on which it is stored.  Data Classification - The process of assigning a level of sensitivity to data as it is being created, amended, enhanced, stored, or transmitted. Records Retention and Disposition Schedules - An approved listing of records held by an organization. It includes retention and destruction requirements. Electronic Records Management – The process by which an organization creates, classifies, controls, and authorizes access to electronic records.

Download ppt "Electronic Records Management: What Management Needs to Know May 2009."

Similar presentations

2009 Data Protection Seminar

2009 Data Protection Seminar
Red Flags Rule BAS Forum August 18, 2010. What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.

Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
Red Flag Rules: What they are? & What you need to do

Red Flag Rules: What they are? & What you need to do
Identification and Disposition of Official University Records University of Texas at Arlington Records Management.

Identification and Disposition of Official University Records University of Texas at Arlington Records Management.
Records and Information Management: An Overview. What are Records? Records - Any recorded information regardless of physical form/characteristics or storage.

Records and Information Management: An Overview. What are Records? Records - Any recorded information regardless of physical form/characteristics or storage.
Records Management for UW-Madison Employees – An Introduction UW-Madison Records Management UW-Archives & Records Management 2012 Photo courtesy of University.

Records Management for UW-Madison Employees – An Introduction UW-Madison Records Management UW-Archives & Records Management 2012 Photo courtesy of University.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Privacy Laws & Higher Education. Agenda 1.Five Privacy Laws a.FERPA b.HIPAA c.GLB d.FACTA Disposal Rule e.CAN-SPAM 2.Overview of the Laws a.What does.

Privacy Laws & Higher Education. Agenda 1.Five Privacy Laws a.FERPA b.HIPAA c.GLB d.FACTA Disposal Rule e.CAN-SPAM 2.Overview of the Laws a.What does.
Springfield Technical Community College Security Awareness Training.

Springfield Technical Community College Security Awareness Training.
IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.

IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.
Clean-up Days!.

Clean-up Days!.
Information Privacy and Compliance Training For All Brigham Young University– Idaho Employees.

Information Privacy and Compliance Training For All Brigham Young University– Idaho Employees.
Helping you protect your customers against fraud Division of Finance and Corporate Securities.

Helping you protect your customers against fraud Division of Finance and Corporate Securities.
FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (FACTA)- RED FLAG RULES University of Washington Red Flag Rules Protecting Against Identity Fraud.

FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (FACTA)- RED FLAG RULES University of Washington Red Flag Rules Protecting Against Identity Fraud.
Information Security Awareness April 13, 2003. Motivation Recent federal and state regulations and guidance Recent federal and state regulations and guidance.

Information Security Awareness April 13, Motivation Recent federal and state regulations and guidance Recent federal and state regulations and guidance.
Data Ownership Responsibilities & Procedures

Data Ownership Responsibilities & Procedures
1 GRAND VALLEY STATE UNIVERSITY FAMILY EDUCATIONAL RIGHTS & PRIVACY ACT (FERPA) TRAINING OFFICES OF THE REGISTRAR AND UNIVERSITY COUNSEL JANUARY 20, 2009.

1 GRAND VALLEY STATE UNIVERSITY FAMILY EDUCATIONAL RIGHTS & PRIVACY ACT (FERPA) TRAINING OFFICES OF THE REGISTRAR AND UNIVERSITY COUNSEL JANUARY 20, 2009.
EFFECTIVE RECORDS MANAGEMENT PROGRAM Indiana Commission on Public Records Indiana SHRAB Conference April 13, 2010 Government Records Indianapolis, IN.

EFFECTIVE RECORDS MANAGEMENT PROGRAM Indiana Commission on Public Records Indiana SHRAB Conference April 13, 2010 Government Records Indianapolis, IN.
EDiscovery and Records Management. Records Management- Historical Perspective- Paper Historically- Paper was the “Corporate Memory” – a physical entity.

EDiscovery and Records Management. Records Management- Historical Perspective- Paper Historically- Paper was the “Corporate Memory” – a physical entity.
Data Classification & Privacy Inventory Workshop

Data Classification & Privacy Inventory Workshop

Similar presentations

Ads by Google