Document Management, Who Cares?

In an era of identity theft and increased national security measures, good records management is critical.  As the laws regulating proper record storage grow stricter, the chances of a business or organization being hit with a government request for information--or worse, a costly lawsuit-- also increase.  Failure to produce data you haven't properly retained could be very costly.  As a result, more and more of today’s business, medical, and legal professionals are paying close attention to proper records retention.  Here’s why:

  1. Uncle Sam Says So
    U.S. companies are subject to dozens of federal, state and local regulations requiring records to be retained for periods of one year to indefinitely. The USA Patriot Act gives the federal government broad authority to obtain many types of personal data and designates retention periods for each. The Health Insurance Portability and Accountability Act (HIPPA) privacy rules limit access to individuals' protected health information and describe how long medical records must be retained. Also, the Sarbanes-Oxley Act demands that public accountants retain certain corporate audit records and work papers for five years after an audit is completed. It also calls for fines or imprisonment for individuals who knowingly change or destroy company records.

  2. Costly Penalties
    Penalties for noncompliance can be enormous. In 2006, Morgan Stanley agreed to a $15 million fine to settle charges that it failed to provide tens of thousands of e-mails requested during SEC investigations. Even scarier, Morgan Stanley client Ron Perelman had previously won a $1.45 billion judgment against the firm for its failure to turn over requested e-mails to the court.

  3. Information that Should be Safeguarded
    All businesses hold confidential data, from customer lists, price lists, and sales statistics, drafts of bids and correspondence, and even memos that should be kept and destroyed properly. These documents contain information about business activity which would interest any competitor. Every business is also entrusted with information that must be kept private. Employees and customers have the legal right to have this data protected.

    Without the proper safeguards, information typically ends up in the dumpster where it is readily, and legally, available to anybody. Any establishment that discards private and proprietary data without the benefit of destruction exposes itself to the risk of criminal and civil prosecution.

  4. Stored Records Should be Destroyed Regularly
    The length that business records are stored should be determined by an internal retention schedule that takes into consideration their value to the business and the governing legal requirements.

    From a risk management perspective, the only acceptable method of discarding stored records is to destroy them by a method that ensures that the information is obliterated.

  5. Don’t Forget About Your Daily Trash
    Without a program to control it, the daily trash of every business contains information that could be harmful. This information is especially useful to competitors because it contains the details of current activities. Discarded daily records include phone messages, memos and misprinted forms, drafts of bids and drafts of correspondence.

    All businesses suffer potential exposure due to the need to discard these incidental business records. The only means of minimizing this exposure is to make sure such information is securely collected and destroyed.

  6. Who Takes Out the Trash
    It has been established, time and again, that employees are the most likely to realize the value of certain information to competitors. And, lower wage employees often have the economic incentive to capitalize on their access to it. The only acceptable alternatives are to have the materials destroyed under the supervision of upper management or by a carefully selected, high security service.

  7. Document Protection is Important to Everyone
    In a survey conducted by the 2006 National Association of Information Destruction Conference Board, top executives from 300 companies ranked the security of company records as one of the top five critical issues facing business. When asked which issues required immediate attention and policy development, the security of company records ranked second only to employee health screening.

As one can see, it is vitally important to keep abreast of changes in the area of record management. Regulations, requirements and penalties are evolving rapidly.  Doing it the right and legal way is critical.

 

Jim Scott is the President of Records Management Solutions, a Martinsburg based document storage and destruction company.  Jim is an active member of the National Association for Information Destruction. Mr. Scott can be reached by e-mail at jims@rmsstorage.com 

 
Site Design By | MultiMedia Marketing Home About RMS Document Storage Document Destruction Data Solutions News & Information Articles, FAQ's, & Regulations Jobs At RMS Contact RMS RMS Privacy Policy RMS Site Map