Tracking new regulations and compliance rulings from federal and state government can be dizzying—they include FRCP, HIPAA, GLB, and more. But now more than ever, the government expects all businesses to comply, not just large corporations.
Today, every company is responsible for its data and for securing its customers’ information, no matter how much it costs to do so. In today’s litigious business world, the possibility of being dragged into a lawsuit is very real, and if that happens, you will likely need to make your information available to the process. And woe to the company that cannot comply with basic regulations, because a judge will not accept that you thought those requirements applied only to the big companies.
A good example is a recent investigation involving Freddie Mac. A small agency working with Freddie Mac was pulled into the investigation, and the agency had to complete a request by the government for an electronic discovery search. The agency assumed the cost would be minor, but it did not have an automated approach to managing its data in place. The inaccessibility of the data required an army of attorneys and staff to perform a hands-on physical review. The cost came to $6 million. When the agency sought relief, it was turned down by an appeals court. It should have known better.
So here are some first steps to avoid future problems:
1. Know what the regulations are. Start with the main federal and state Web sites at www.business.gov. After you are already fairly clear on the regulations, then (and only then) take advantage of the huge number of online communities (LinkedIn and Yahoo have active sites) that discuss the regulations;
2. Make sure that those who interface with your IT system know exactly what information is stored, and where;
3. Use the right technology to classify and separate the most valuable business information, and secure that data properly;
4. Segregate older, infrequently accessed material to less expensive storage facilities;
5. Clean your data house by actively identifying and destroying documents whose age exceeds document retention policies.
Follow a few simple guidelines, and you can save yourself a major headache in the future—not to mention a lot of money.
Vice President of Marketing