• Join our Communities!

  • Twitter Updates

    Error: Twitter did not respond. Please wait a few minutes and refresh this page.

  • Disclaimer:

    The information in this weblog is provided "AS IS" with no warranties, and confers no rights. The opinions and interests expressed on this employee blog are the employees' own and don't necessarily represent EMC's positions, strategies or views. Inappropriate comments will be deleted at the authors discretion.

US House of Reps Introduces Legislation Requiring Companies to Perform Disposition

Principal Product Marketing Manager, Information Governance

Whenever my Product Manager or I speak at an event, we always ask attendees if they have disposition policies in place.  Happily, many of them do.  Then we ask them if they actually perform that disposition.  This usually leads to nervous chuckles or rolling of eyes by frustrated records managers. While we know we are supposed to dispose of content, many organizations are nervous to actually do so.

Keeping this in mind, I happened upon an article in NextGov that I believe underlines just how crucial it is to have active retention and disposition policies.  The article focuses on draft legislation in the US House of Representatives designed to protect consumer information. It quotes the draft legislation as requiring companies to “protect consumers by requiring reasonable security policies and procedures to protect data containing personal information, and to provide for nationwide notice in the event of a security breach.”  The article goes on to state that the bill would require companies to perform disposition of old or unnecessary data.  Additionally, companies would have to notify the government within 48 hours of discovering a breach that wasn’t an accident.

I imagine a cadre of records managers cheering over this – finally a reason to clean up the data!  I also imagine there will be a lot of discussion around a definition of old or unnecessary data.  At any rate, I cannot say it often enough – you have to clean up your data and have active, effective governance policies in place now because as we move to the cloud, it’s only going to get more complicated.  The journey to the cloud is happening, but like a lot of air travel these days, you want to bring as little baggage – or in this case, unnecessary content – as necessary.  We’re probably only just beginning to see security and privacy legislation that will affect organizations more broadly – in addition to industry-specific regulations that are already proliferating.

Do you have disposition policies in place?  Do you perform disposition?  How would this legislation affect your policies and procedures?  Would this type of legislation help or complicate your efforts to implement governance?

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: