Content-Transfer-Encoding: |
8bit |
Sender: |
|
Subject: |
|
From: |
|
Date: |
Wed, 21 Feb 2007 17:40:13 -0500 |
Content-Type: |
text/plain; charset="us-ascii" |
MIME-Version: |
1.0 |
Reply-To: |
|
Parts/Attachments: |
|
|
Sharon, The risks associated with not complying with the new procedure
are the same risks the company was exposed to before the new procedure
was put into place - not retaining the right info for the right amt of
time, not being able to find/use the info when necessary, not properly
protecting PII, etc.
Perhaps you're really asking, "Will the fact that there is now a
*directive* add another layer of compliance-related risk?"? If that's
really the question, then my answer is "maybe" (please note that I did
NOT say 'it depends'!). How is a "directive" defined in your
organization? Is it synonymous with Policy (with a capital P)? Is it
optional, mandatory, or my favorite ... loosely mandatory? Your general
counsel should be the one to advise you on this type of non-compliance
risk based on your specific organization.
Any of our esteemed lawyer-types care to share their thoughts?
Julie
Julie J. Colgan
Director of Records Management
Nexsen Pruet, LLC
[log in to unmask]
803-253-8270
List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
|
|
|