Shield your enterprise from Legal Liability from your data part 2

In the first blog, we reviewed E-mail/calendars, Data at rest, and Retaining Workflow and role records. Today we’ll cover mandated privacy protected and named regulatory roles.

4) Privacy protecting roles, Named Regulatory roles

Regulatory requirements require specific roles and contacts. If people have signed regulatory or contractual commitments, are the contacts monitored and records kept? For example (out of context), HIPPA rules state, "Security Personnel. A covered entity must designate a security official who is responsible for developing and implementing its security policies and procedures" Don't know about this-- check with legal or compliance right away!

A lot of enterprises have to fill out Site Identification Form (EPA Form 8700-12). What contact information is listed, and is it still valid? If you use, handle, or touch almost any industrial or lab materials -- you are probably affected by this!

In short, enterprises will lose people—assign people to make sure data, keys/metadata, and required records aren’t lost.

HIPPA: https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html

EPA: https://www.epa.gov/hwgenerators/how-hazardous-waste-generators-transporters-and-treatment-storage-and-disposal

Microsoft exchange: https://docs.microsoft.com/en-us/exchange/policy-and-compliance/in-place-archiving/manage-archives?view=exchserver-2019

https://docs.microsoft.com/en-us/office365/servicedescriptions/exchange-online-service-description/message-policy-and-compliance#office-365-message-encryption