RECMGMT-L Archives

Records Management

RECMGMT-L@LISTSERV.IGGURU.US
Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Friday Pondering 11-16-2012
From:
Larry Medina <[log in to unmask]>
Reply To:
Records Management Program <[log in to unmask]>
Date:
Fri, 16 Nov 2012 09:07:12 -0800
Content-Type:
text/plain
Parts/Attachments:
text/plain (88 lines) 
As always when it comes to these issues, where someone asks about legal
issues, I always try to wait until John Montana has weighed in before
responding =)  Besides, I hadn't had an opportunity to allow my kawfee to
soak in yet...

This is truly an "it depends" series of questions.

Does anyone know how many laws there are in the US that affect retention?

John's estimate is likely the best number you'd ever see, if anyone was
inclined to count em all up.  I don't recall the publication Gary
mentioned, but I know when I was a member of the ARMA UIAC we performed an
exhaustive search to determine all of the regulations impacting records
retention that existed governing records for utilities... electric and gas,
transmission and distribution, and a group of our members even met with the
FERC to try and get some reading on the question of 'what trumps what'.
This list was kept current for at least a decade, but then it fell by the
wayside.

Are they fairly uniform across states?

The operative word here is 'fairly'. There are some that are, but in
certain states where they put a premium on determining how many angels can
fit on the head of a pin, like CA (my state) they regulate the bejesus out
of everything, there are requirements that may necessitate the retention of
records beyond Federal requirements for things like exposure to substances
potentially harmful to one's health. CA Prop 65 rules are an example of
that.

Where all of this becomes an issue though is if you operate in multiple
states or say if you have a pipeline or electric transmission line that
crosses state lines (intrastate) or may bring power/natural gas from Canada
or Mexico into the US.  In those instances, the records related to the
facilities/assets impacted by this are subject to the longest retention of
any of the involved locations.  Similarly, if you employ staff that works
in multiple states and you maintain their records in one of those states,
you have to determine if you want to apply the longest required retention
to ALL records, or sort them by state and apply the retention requirement
of the individual states.

The other case I'm aware that impacts protection of records, but not
necessarily retention, is the CA law regarding data protection and
breaches. If data is exposed that involves any citizen from CA in ANY
STATE, then the CA regulations apply to how you handle the notifications.
http://goo.gl/z7MPp

1798.81.5.  (a) It is the intent of the Legislature to ensure that
personal information about California residents is protected. To that
end, the purpose of this section is to encourage businesses that own
or license personal information about Californians to provide
reasonable security for that information. For the purpose of this
section, the phrase "owns or licenses" is intended to include, but is
not limited to, personal information that a business retains as part
of the business' internal customer account or for the purpose of
using that information in transactions with the person to whom the
information relates.
   (b) A business that owns or licenses personal information about a
California resident shall implement and maintain reasonable security
procedures and practices appropriate to the nature of the
information, to protect the personal information from unauthorized
access, destruction, use, modification, or disclosure.
   (c) A business that discloses personal information about a
California resident pursuant to a contract with a non-affiliated third
party shall require by contract that the third party implement and
maintain reasonable security procedures and practices appropriate to
the nature of the information, to protect the personal information
from unauthorized access, destruction, use, modification, or
disclosure.


Does federal always trump state or does state trump federal?

As I said, it depends. There's no set rule aside from whatever the longest
retention is, that's what you're bound by.

Larry
[log in to unmask]

-- 
*Lawrence J. Medina
Danville, CA
RIM Professional since 1972*

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]

ATOM RSS1 RSS2