A host of industries have passed regulations that make getting information in order the law; non-compliance is not an option as companies risk stiff fines, and executives face the threat of personal liability.
In order for companies to stay in compliance
with all of the recent industry-specific regulations, they need to make sure
that their document management strategies are in order. The following is a list
of some of the most recent regulations and how they will impact your company’s
document management strategy. This is just a summary, however; if you are
worried that your company is not in compliance, at the very least you should
look into each regulation more closely using the links provided. Non-compliance
is a serious issue and could result in legal action against your company.
According to Forrester Research, in December 2002, the SEC fined five Wall
Street brokerages $8.25 million for improperly storing e-mail
communications.
21 CFR
part 11
Adopted
in 1997 for the healthcare and pharmaceutical industries, this law defines the
recommendations for managing audit trails, access control and electronic records
retrieval. On February 20, 2003, the FDA released a new draft--Draft Guidance
for Industry; Part 11, Electronic Records; Electronic Signatures - Scope and
Application—which changes the requirements for electronic records. It also
withdraws many previous guidance documents on maintenance of records, e-copies
of records, timestamps and validation.
For
more information:
http://www.21cfrpart11.com/
http://www.fda.gov/ora/compliance_ref/part11/
http://www.fda.gov/cber/gdlns/prt11elect.pdf
Gramm-Leach-Bliley Act
Passed in 1999, this act requires financial services companies to
implement safeguards for customers’ current and legacy information. In essence,
the act makes it illegal for a financial institution to share customers’
“nonpublic personal information” with third parties unless the company first
discloses its privacy policy to consumers and allows them to opt-out of that
disclosure.
For
more information:
http://www.senate.gov/~banking/conf/
http://www.ftc.gov/privacy/glbact/
HIPPA
This 1996 regulation provides national standards for the healthcare
industry, in order to ensure consistency that makes it easier to process
electronic claims. The law also enforces the security and privacy of personal
health information.
For
more information:
http://www.hep-c-alert.org/links/hippa.html
http://www.hhs.gov/news/press/2002pres/hipaa.html
Government Paperwork Elimination
Act
Passed in 1998, this act requires federal agencies to
accept electronic information and transactions. It also requires that they
maintain electronic records. This work must be completed by October 21,
2003.
For
more information:
http://www.whitehouse.gov/omb/fedreg/gpea2.html
http://www.archives.gov/records_management/policy_and_guidance/
electronic_signature_technology.html
Sarbanes-Oxley Act
Adopted in 2002 for all public companies following the accounting
debacles sparked by Enron, this act requires that all public companies keep
audit papers for five years. It also makes altering, destroying or concealing
relevant documents punishable by up to 20 years in prison and a
fine.
For
more information:
http://www.sarbanes-oxley.com/
http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=107_cong_bills&docid=f:h3763enr.txt.pdf
http://www.sec.gov/news/press/2002-128.htm
Document Management 
