In the United States for example, five prominent sets of laws and regulations are currently presenting a records management challenge to organizations. This section provides a brief overview of each set, as outlined in the following list:
Sarbanes-Oxley Act This act applies to publicly traded companies and requires that they put in place extensive policies and procedures to control their financial information and prevent fraud. It also requires that executives certify the validity of company financial statements and that independent auditors verify the financial controls put in place.
Gramm-Leach-Bliley Act (Financial Institution Privacy Protection Act of 2003) This act sets up requirements for companies holding private personal financial information and dictates their responsibility to secure these records and, once the records are no longer needed, to permanently destroy them.
Healthcare Insurance Portability and Accountability Act of 1996 (HIPAA) This act requires that organizations that have access to personal health information adopt security policies to safeguard the confidentiality of the data. Organizations must also monitor and control access to the data and maintain an audit trail that is available to regulators.
National Association of Securities Dealers 3010 & 3110 (NASD 3010 & 3110) This set of regulations specifies that member firms must implement processes to retain all correspondence involving registered representatives, broker-dealers, and professional securities traders.
Department of Defense Rule 5015.2-STD This rule defines the requirements for U.S. military branches to follow systematic processes for recording official documents and files.