Data security laws and their impact on your record management policy.

by on July 2, 2009 · 0 Comment POSTED IN: HR Info Center

Internal record management policy is impacted by federal and state data security guidelines

The US has what we call a sector-specific approach to privacy. In other words, your company’s record management policy depends largely on the industry you operate in. And to a lesser degree on whether you collect certain types of regulated information.

Gramm-Leach-Bliley Act, which applies to financial institutions, has detailed data security requirements for financial data component of your record management policy

The Federal Trade Commission actually views the Gramm-Leach-Bliley Act as a good model for data security in general in the US. And so, it’s good for us to know that as well.

The Fair Credit Reporting Act is probably familiar to, probably all of you I would guess. If your company obtained background checks on employees or applicants, the Fair Credit Reporting Act governs those background check reports. It also applies, of course more broadly to any company that obtains consumer credit reports such as for loans or other transactions.

We’ll discuss later on that there’s special rules about how those types of consumer reports need to be handled and disposed of.

HIPAA has very extensive data security requirements. You already know about HIPAA from the health insurance portability side on the HR side. It also has very detailed data security requirements for healthcare providers records management policy.

And it also requires them to enter into what they call Business Associate Agreements with vendors handling their data. And you may encounter Business Associate Agreements depending on your industry.

I’ve included here the Children’s Online Privacy Protection Act, COPPA has very extensive and detailed privacy and data security rules relating to the collection and use of information obtained from children online.

In other words if your website collects information from children, you’re subject to COPPA. And it’s very important to make sure that you’re up to date and in compliance because there have been a lot of enforcement actions taken under COPPA lately.

Finally here, we have a couple of federal laws that can be used to go after people to steal data. And there have been some interesting cases in the last year under the Computer Fraud and Abuse Act where employers have gone after former employees, for instance, for stealing data. So these laws surrounding records management policy come into play a lot of the times in the litigation context.

Edited remarks from the Rapid Learning Institute webinar: “Identity Theft: What HR Can Do To Protect Sensitive Employee Data” by Christine E. Lyon, Esq.

Leave a Reply


Request a Free Demo

We'd love to show you how this industry-leading training system can help you develop your team. Please fill out this quick form or give us a call at 877-792-2172 to schedule your one-on-one demo with a Rapid Learning Specialist.