Presentation is loading. Please wait.

Presentation is loading. Please wait.

Development of your Company’s Record Information System and Disaster Preparedness The National Emergency Management Summit Thomas D. Anthony Frost Brown.

Published byJade Bell Modified over 8 years ago

Similar presentations

Presentation on theme: "Development of your Company’s Record Information System and Disaster Preparedness The National Emergency Management Summit Thomas D. Anthony Frost Brown."— Presentation transcript:

1 Development of your Company’s Record Information System and Disaster Preparedness The National Emergency Management Summit Thomas D. Anthony Frost Brown Todd LLC Attorneys at Law 201 E. Fifth Street Cincinnati, Ohio 45202 (513) 651-6191 TANTHONY@FBTLAW.COM February 4, 2008 Track 2.07

2 Principal Purposes Efficient and effective management; Good business practices; Destruction and elimination; Adherence to laws and regulations; Avoidance of fines, sanctions, obstruction of justice charges; Avoidance of spoliation of evidence; Safeguard and back-up records; Protection of individuals and their information. 2

3 Business Requirements Products or services; Dependence on product designs, blueprints, specifications, formulas; Use of plans, operational models and manuals; Use of data banks of individual information; Training and safety under OSHA, etc.; Purchasing methods and protocols; Intellectual property, sales and marketing literature; Information technology, accounting and management; Other business rules of the organization. 3

4 State Law Regulatory Agencies Banking Utilities Real Estate Tattoos Health Care Uniform Preservation of Business Records Act Data Breach Notification Acts 4

5 Federal Laws Section 6801 and 6805(b)(2) of the Gramm-Leach-Billey Act, 15 USC Section 6801; Section 552 of the Freedom of Information Act; Section 552(a) of the Privacy Act; The National Archives in Records Administration, 44 US Code Chapter 21; The Federal Records Act, 44 US Code Chapter 21; The Federal law on disposal of records, 44 US Code Chapter 23; The Internal Revenue Code; The Paper Reduction Act, 44 US Code Chapter 35; The Health Insurance Portability and Accountability Act of 1996 (HIPPA), 42 US Code 1320d-2(d)(2); The Sarbanes Oxley Act of 2002, Public Law 107-204; The Administrative Procedures Act, 5 US Code Chapter 5; The PATRIOT Act; The Environmental Protection Act. 5

6 International Laws The Safe Harbor Act which was adopted in 1998 by the European Union and also known as the European Union Data Protection Directive. The Canadian Personal Information Protection and Electronic Documents Act (PIPEDA). France: CNIL Guidelines. Ireland: Data Protection Acts of 1998 and 2003. Germany: Federal Data Protection Act. Italian: Personal Data Protection Code. Asian Pacific: Economic Conference privacy principles. 6

7 The Seven Steps 1. Form the management team. 2. Create the response team. 3. Categorize all records. 4. Identify all retention requirements. 5. Prepare the record retention policy. 6. Prepare the backup and retrieval plan. 7. Train all parties on response and their roles in it. 7

8 Formation of Management Team Legal Department Tax Staff Information Technology Senior Management Review record retention policies of other companies Create timelines, milestones, and targets Leadership “buy-in” and enforcement 8

9 The Response Team The team leader = in-house counsel Information technology Litigation support specialists Outside counsel Attorney-client privilege Outside storage vendor Communications team 9

10 The Response Quick and efficient implementation of the response plan Business copies and personal copies. All forms of media All forms of electronic equipment Educate IT personnel IT backup schedules, retention and destruction protocols, networks, e-mail servers, and the electronic mapping Back up mapping and management IT for business purposes only “Blind” copies easily revealed Halt destruction FRCP rule 16(c) and 16(h) pretrial conferences 10

11 The Response Relevance and Privilege Engage crisis communications group Use intrusion detection technology Internal notification of data security breaches Plan for data security breaches Adopt measures to contain and control breaches Formulate crisis communications content 11

12 The Response Identify law enforcement agency contacts Prepare written procedures for notification of victims Conduct assessment of scope of breach Notify affected individuals as soon as possible Deploy crisis communications plan 12

13 Notification By email Conspicuous notice on website Notice to major media outlets – 75% of population At least ¼ page ads in newspapers for 3 weeks No less than 45 days within discovery of event 13

14 Sort by Category and Format Letters Email Corporate Records Contract Business Records Written Electronic Folders 14

15 Retention Requirements 1. Statutes of Limitations 2.Business Needs 3.Historical Value 4.Legal and regulatory requirements 5.Business and industry practices 15

16 Prepare the Policy Policy must be “reasonable” To be reviewed by a hostile third party Express desire to satisfy business and legal requirements Specify rational for each retention period Federal, international and state retention requirements Consider and plan for possible disaster scenarios Be conservative Identify all official records Identify official authority Reasonably comprehensive Avoid selective destruction Create back up plans Communicate back up plans to employees Develop comprehensive communication plan 16

17 Spoliation of Evidence Never destroy records involved in litigation Spoliation worse than damaging documents Fines, penalties and more… 17

18 Publishing, Training and Oversight Distribute policy to all company personnel Train on meaning, purpose, and operation Practice disaster simulations Practice dealing with all forms of media All must comply Periodically audit and revise Senior management engagement and approval 18

19 Documentation Approvals of proper executives General counsel, CIO, director of taxation, vice president or president Policies, procedures, audits, revisions Engage outside storage vendors Operational implementation 19

20 Document Destruction Have clear plans and processes Keep notes of what was destroyed, when, and by whom Avoid appearance of selective destruction No individual discretion Impose litigation “Holds” Create and follow business rules 20 Cinlibary 1805334

Download ppt "Development of your Company’s Record Information System and Disaster Preparedness The National Emergency Management Summit Thomas D. Anthony Frost Brown."

Similar presentations

and Electronic Records Retention: IT Requirements Paul Dworak Office of Compliance 565-4906.

and Electronic Records Retention: IT Requirements Paul Dworak Office of Compliance
Introduction to Records Management Policy

Introduction to Records Management Policy
Red Flags Rule BAS Forum August 18, 2010. What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.

Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
Identification and Disposition of Official University Records University of Texas at Arlington Records Management.

Identification and Disposition of Official University Records University of Texas at Arlington Records Management.
Records Management for UW-Madison Employees – An Introduction UW-Madison Records Management UW-Archives & Records Management 2012 Photo courtesy of University.

Records Management for UW-Madison Employees – An Introduction UW-Madison Records Management UW-Archives & Records Management 2012 Photo courtesy of University.
Steps to Compliance: Managing Business Associates PRESENTED BY.

Steps to Compliance: Managing Business Associates PRESENTED BY.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.

IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.
Clean-up Days!.

Clean-up Days!.
© 2014 Nelson Brown Hamilton & Krekstein LLC. All Rights Reserved PRIVACY & DATA SECURITY: A LEGAL FRAMEWORK MOLLY LANG, PARTNER, NELSON BROWN & CO.

© 2014 Nelson Brown Hamilton & Krekstein LLC. All Rights Reserved PRIVACY & DATA SECURITY: A LEGAL FRAMEWORK MOLLY LANG, PARTNER, NELSON BROWN & CO.
Ethical Issues in Data Security Breach Cases www.ScottandScottllp.com Presented by Robert J. Scott Scott & Scott, LLP 800-596-6176.

Ethical Issues in Data Security Breach Cases Presented by Robert J. Scott Scott & Scott, LLP
Www.frostbrowntodd.com Ethical Issues in the Electronic Age Ethical Issues in the Electronic Age Frost Brown Todd LLC Seminar May 24, 2007 Frost Brown.

Ethical Issues in the Electronic Age Ethical Issues in the Electronic Age Frost Brown Todd LLC Seminar May 24, 2007 Frost Brown.
E-Discovery LIMITS ON E-DISCOVERY. No New Preservation Rule When does duty to preserve attach? Reasonably anticipated litigation. Audio sanctions.

E-Discovery LIMITS ON E-DISCOVERY. No New Preservation Rule When does duty to preserve attach? Reasonably anticipated litigation. Audio sanctions.
W W W. D I N S L A W. C O M E-Discovery and Document Retention Patrick W. Michael, Esq. Dinsmore & Shohl LLP 101 South Fifth Street Louisville, KY 40202.

W W W. D I N S L A W. C O M E-Discovery and Document Retention Patrick W. Michael, Esq. Dinsmore & Shohl LLP 101 South Fifth Street Louisville, KY
Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006 Sara Juster, JD Vice President/Corporate Compliance Officer Nebraska.

Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006 Sara Juster, JD Vice President/Corporate Compliance Officer Nebraska.
1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,

1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,
EDiscovery and Records Management. Records Management- Historical Perspective- Paper Historically- Paper was the “Corporate Memory” – a physical entity.

EDiscovery and Records Management. Records Management- Historical Perspective- Paper Historically- Paper was the “Corporate Memory” – a physical entity.
Developing a Records & Information Retention & Disposition Program:

Developing a Records & Information Retention & Disposition Program:
Session V Records Management Process Development

Session V Records Management Process Development

Similar presentations

Ads by Google