Free Essay

Data Retention Policy

In: Computers and Technology

Submitted By Goliath
Words 2952
Pages 12
| |
|DATA RETENTION POLICY |
|Revision 2.0 |
| |
| |
| |

| |

Table of Contents

1.0 Overview: Page 3

2.0 Purpose: Page 3

3.0 Scope: Page 4

4.0 Document Covered by this Policy Page 4

5.0 Acceptable Use Policy: Page 4

6.0 Definitions: Page 4

7.0 Data Storage: Page 6

8.0 Responsibility: Page 6

9.0 Data Backed Up: Page 7

10.0 Archives: Page 7

11.0 Restoration: Page 7

12.0 Data Storage Locations: Page 7

13.0 Violations and Penalties Page 7

14.0 Acknowledgment of Data Retention Policy Page 8

Appendix – A (References) Page 9

DATA RETENTION POLICY

1. Overview:
The company is subject to data retention requirements resulting from a mix of legal, industry, business and government mandates. These data retention requirements govern the storage of the company’s information, records and data. Regulations dictate that different data types be stored for specific periods; regulations may also dictate the media storage format that must be used to store specific data types.

This policy defines the backup/retention policy for electronic data within the company. These systems are typically servers but are not necessarily limited to servers.

2. Purpose:
The companies Data Retention Policy exists to ensure all company information, records and data are retained and stored in compliance with legal, industry, business and government regulations. Data covered by this policy includes but is not limited to:

• Electronic communications • Business, client, agent and supplier correspondence • Documents • Spreadsheets • Databases • Customer records • Employee records • Supplier and partner information • Transactional data • Contracts • Sales, invoice and billing information • Accounting, banking, finance, earnings and tax data • Health care, medical and patient information • Student and educational data • Other data produced and collected in fulfilling business activities

This policy provides for data retention of all company and Department of Defense (DoD) data to comply with federal and state laws and regulations. Data will be retained in accordance with DoD STD 5015.2, and any document it references. Data retention is to ensure the continuity of business practices until authorized to dispose of or destroy data in accordance with the destruction policies and procedures. (See Appendix A)

NOTE: In the event that a court marshal, claim or administrative charge has been filed - or there exists a reasonable belief that a court marshal, claim or charge will be filed - all relevant records, including e-mails, must be preserved and safeguarded until the litigation or proceeding has terminated and the time for all appeals has expired. With rare exception, all such documents may be subject to discovery in litigation and the destruction of such records potentially subjects the DoD and the individuals who take such action to court-ordered sanctions.

3.0 Scope:
Every officer, manager, employee, contractor, temporary worker, authorized agent and volunteer is subject to the terms of the company’s Data Retention Policy. This policy applies to all equipment and data owned and operated by the company. Including any third party owned, company leased equipment.

4.0 Documents Covered by Policy
Records, documents, email and correspondence of all kinds must be managed according to the procedures outlined in this document. This policy applies to data in any form (paper or electronic) however or by whomever created that belong to the company, or were created by military personal and non-military personal, as part of their work for the DoD as part of their service to the DoD and are classified as DoD Protected or DoD Sensitive data as defined in DoD Data Classification Policy and Procedure.

5.0 Acceptable Use:
All company employees and representatives are responsible for ensuring all company data is retained and stored according to applicable local, state and federal laws, business standards and industry regulations. The following guidelines should be used to help determine the appropriate retention periods (although specific state and federal laws and business and industry regulations may require retaining data longer):

• Employee data is to be kept a minimum of three years. • Payroll data is to be kept a minimum of three years. • Medical and patient information is to be kept a minimum of six years. • Business data is to be kept a minimum of seven years; in many cases electronic communications, business correspondence and other business records are to be retained permanently. • Tax records are to be kept permanently. • Contracts are to be kept the life of their term and renewal, as well as an additional period equal to any applicable statutes of limitations governing any potential claims arising under the contracts.

Company data shall be stored using the following formats:

• All company records, information and data are to be securely stored on readily accessible online media (disk-based systems that remain available at all times, such as IDE, SATA, SCSI or Fibre Channel arrays) for two years following creation. • Health care, medical and patient records must be securely archived a minimum of six years on readily accessible online media or WORM tape. • Using readily accessible online media or WORM tape, most student and education data must be securely stored a minimum of two years following the student’s enrollment; student acceptance and loan records must be securely stored a minimum of five years; official transcripts are to be securely archived permanently. • Other archived data must be securely stored on non-rewritable, non-erasable media (such as optical media, WORM tape or WORM magnetic disks) for a minimum of six years or longer (publicly traded companys and those firms that audit publicly traded companys must keep archived data on such media a minimum of seven years).

Whenever doubt arises as to the retention requirements affecting specific data, the data should be securely archived (for the first two years on readily accessible online media; after two years such data should be transferred to optical media, WORM tape or WORM magnetic disk). All company representatives are responsible for ensuring all company data is updated and maintained properly; all company representatives are responsible for keeping current all business information they access and maintain in fulfilling their job responsibilities.

No company officer, manager, employee, contractor, temporary worker, authorized agent, volunteer or other representative may delete any information, records or data in violation of local, state or federal laws or business and industry regulations. Only the company’s authorized representatives may delete company information, records and data upon the conclusion of the data’s proper and lawful lifecycle. Upon deletion, care must be taken to ensure data is adequately destroyed (as opposed to simply deleted in a manner that enables data recovery). The Information Technology department manager must approve the destruction of data on all disks, cellular telephones, personal digital assistants, computers, PCs, servers and systems, and verify that all company data have been properly destroyed, prior to discarding, donating or otherwise decommissioning company equipment.

All company information, records and data are subject to storage restrictions imposed by the Health Insurance Portability and Accounting Act of 1996 (HIPAA), the Gramm-Leach-Bliley Act of 1999, the Sarbanes-Oxley Act of 2002, and Securities and Exchange Commission rules 17a-3 and 17a-4 as well as all other data management and retention restrictions resulting from local, state, federal and international laws and business and industry regulations.

All information and data retained must be processed in accordance with the rules and regulations governing its use. Refer to the company’s separate Data Protection Policy for detailed information restricting the use of company data, which governs that, among other restrictions, under no circumstances may any company representative share, pass, provide, copy, print, duplicate, transmit, store, archive or otherwise provide the company’s information, data and records to unauthorized parties.

6.0 Definitions: 1. Backup - The saving of files onto magnetic tape or other offline mass storage media for the purpose of preventing loss of data in the event of equipment failure or destruction. 2. Archive - The saving of old or unused files onto magnetic tape or other offline mass storage media for the purpose of releasing on-line storage room. 3. Restore - The process of bringing off line storage data back from the offline media and putting it on an online storage system such as a file server. 4. Computer – Any and all electronic devices capable of, receiving, storing, transmitting, updating electronic data or documents. Including, but not limited to: a. Laptops b. Servers c. PDA (Iphone, Blackberry or Android) d. Tablets e. USB drive

5. Company – the company, Data Systems LLC.

7.0 Data Storage:
There shall be a separate or set of back up data files for each backup day including Monday, Tuesday, Wednesday, and Thursday. There shall be a separate or set of back up data files for each Friday of the month such as Friday1, Friday2, etc. Backup files will be retained for one month. Monthly backups will be retained for one year. Annual backups will be retained as prescribed in DoD 5015.2, DoD Records Management Program, June 2002.

8.0 Responsibility:
The IT department manager shall delegate a member of the IT department to perform regular backups. The delegated person shall develop a procedure for testing backups and test the ability to restore data from backups on a monthly basis.

9.0 Data Backed Up:
Data to be backed up include the following information: 1. User data stored on the hard drive. a. Each user will save all data to their network drive; it will not be backed up if not saved to the network drive. 2. System state data 3. The registry
Systems to be backed up include but are not limited to: 1. File servers 2. Mail servers 3. Production web servers 4. Production database servers 5. Domain controllers 6. Test database/web servers

10.0 Archives:
Archives are made at the end of every year in December. User account data associated with the file and mail servers are archived one month after they have left the company.

11.0 Restoration:
Users that need files restored must submit a request to the help desk. Include information about the file creation date, the name of the file, the last time it was changed, and the date and time it was deleted or destroyed.

12.0 Data Storage Locations:
Offline files used for nightly backup shall be stored in an adjacent building in a fireproof safe. Monthly files shall be stored across town in our other facility in a fireproof safe. This policy may contain descriptions about how various systems and types of systems are backed up such as Windows or UNIX systems.

13.0 Violations and Penalties
All officers, managers, employees, contractors, temporary workers, authorized agents and volunteers are subject to the terms of the organization’s Data Retention Policy. Any violation of the Data Retention Policy must be immediately reported to the Information Technology department manager.

Violating the Data Retention Policy, or any of its tenets, could result in disciplinary action leading up to and including termination of employment and civil and/or criminal prosecution under local, state and federal laws.

Acknowledgment of Data Retention Policy
This form is used to acknowledge receipt of, and compliance with, the company’s Data Retention Policy.

Procedure
Complete the following steps:

1. Read the Data Retention Policy. 2. Sign and date in the spaces provided below. 3. Return a copy of this signed document to the Information Technology department manager.

Signature
Your signature attests that you agree to the following terms:

a) I have received and read a copy of the “Data Retention Policy” and understand and agree to the same; b) I understand and agree that I will properly retain all organization data, records and information on the appropriate media; c) I understand that all organization data remains the property of the organization; d) I understand I am not to modify, alter, or delete any data in violation of local, state and federal laws and business and industry regulations; e) I understand that I shall maintain data accuracy to the best of my ability while fulfilling my lawful job responsibilities.

______________________________________
Employee Signature

______________________________________
Employee Name

______________________________________
Employee Title

______________________________________
Date

______________________________________
Department/Location

Disclaimer: This policy is not a substitute for legal advice. If you have legal questions related to this policy, see your lawyer.
Appendix A (References)

FIPS 199: Standards for Security Categorization of Federal Information and Information Systems, February 2004

FIPS 200: Minimum Security Requirements for Federal Information and Information Systems. March 2006

NIST SP 800-37; Guide for applying the Risk Management Framework to Federal Information Systems, February 2010

NIST SP 800-53; Recommended Security Controls for Federal Information Systems and Companys, August 2009 AU-11 AUDIT RECORD RETENTION

Control: The company retains audit records for [Assignment: company-defined time period consistent with records retention policy] to provide support for after-the-fact investigations of security incidents and to meet regulatory and companyal information retention requirements.

Supplemental Guidance: The company retains audit records until it is determined that they are no longer needed for administrative, legal, audit, or other operational purposes. This includes, for example, retention and availability of audit records relative to Freedom of Information Act (FOIA) requests, subpoena, and law enforcement actions. Standard categorizations of audit records relative to such types of actions and standard response processes for each type of action are developed and disseminated. The National Archives and Records Administration (NARA) General Records Schedules (GRS) provide federal policy on record retention.

INCITS/ISO/IEC 27001-2005 (Annex A) CONTROLS A.10.10.1, A.10.10.2, A.15.1.3

SI-12 INFORMATION OUTPUT HANDLING AND RETENTION

Control: The company handles and retains both information within and output from the information system in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and operational requirements.

Supplemental Guidance: The output handling and retention requirements cover the full life cycle of the information, in some cases extending beyond the disposal of the information system. The National Archives and Records Administration provides; guidance on records retention. Related controls: MP-2, MP-4.

INCITS/ISO/IEC 27001-2005 (Annex A) CONTROLS A.10.7.3, A.15.1.3, A.15.1.4, A.15.2.1

NIST SP 800-53A; Guide for Assessing the Security Controls in Federal Information Systems, July 2008

NIST SP 800-60; Guide for Mapping Types of Information and Information Systems to Security Categories, August 2008

NIST SP 800-61; Computer Security Incident Handling Guide, March 2008

Department of Defense STD 5015.2: DoD Records Management Program, June 2002 Section C2.2.9—Systems Management Requirement has several retention requirements within the regulation requiring: - Backup of Stored Records (C2.2.9.1) - Storage of Backup Copies (C2.2.9.2) - Rebuild Capability (C2.2.9.4) - Storage Availability and Monitoring (C2.2.9.5) - External Email Management and Retention (C2.2.10.2)

Section C2.2.9. System Management Requirements. The following functions are typically provided by the operating system or by a database management system. These functions are also considered requirements to ensure the integrity and protection of companyal records. They shall be implemented as part of the overall records management system even though they may be performed externally to an RMA.

Section C2.2.9.1. Backup of Stored Records. The RMA system shall provide the capability to automatically create backup or redundant copies of the records and their metdata. See references (z), (ag) and (am).

Section C2.2.9.2. Storage of Backup Copies. The method used to back up RMA database files shall provide copies of the records and their metadata that can be stored off-line and at separate location(s) to safeguard against loss due to system failure, operator error, natural disaster, or willful destruction. See 36 CFR 1234.30 (reference (at)).

Section C2.2.9.3. Recovery/Rollback Capability. Following any system failure, the backup and recovery procedures provided by the system shall: Section C2.2.9.3.1. Ensure data integrity by providing the capability to compile updates (records, metadata, and any other information required to access the records) to RMAs.

Section C2.2.9.3.2. Ensure these updates are reflected in RMA files, and ensuring that any partial updates to RMA files are separately identified. Also, any user whose updates are incompletely recovered, shall, upon next use of the application, be notified that a recovery has been attempted. RMAs shall also provide the option to continue processing using all in-progress data not reflected in RMA files. See references (z) and (am).

Section C2.2.9.4. Rebuild Capability. The system shall provide the capability to rebuild from any backup copy, using the backup copy and all subsequent system audit trails. See reference (z).

Section C2.2.9.5. Storage Availability and Monitoring. The system shall provide for the monitoring of available storage space. The storage statistics shall provide a detailed accounting of the amount of storage consumed by RMA processes, data, and records. The system shall notify individuals of the need for corrective action in the event of critically low storage space. See reference (z).

Section C2.2.9.6. Safeguarding. The RMA, in conjunction with its operating environment, shall have the capability to activate a keyboard lockout feature and a screen-blanking feature. See reference (c).

National Archives and Records Administration:

NARA Code of Federal Regulations – 36 CFR Part 1222 -- Creation and Maintenance of Federal Records, http://www.archives.gov/about/regulations/part-1222.html

National Archives and Records Administration provides guidance on records retention, http://www.archives.gov/records-mgmt/initiatives/flexible-scheduling.html

NARA Code of Federal Regulations – CFR 36 Part 1224 -- Records Disposition Programs, http://www.archives.gov/about/regulations/part-1224.html

NARA Code of Federal Regulations – 36 CFR Part 1236 -- Electronic Records Management, http://www.archives.gov/about/regulations/part-1236.html

Similar Documents

Free Essay

Human Resources Management

...correct administration on Payroll and HR systems To think about the impact that the member of staff’s departure will have on departmental operations and plan accordingly Important physical documents and files are identified and handed over to a nominated individual. Ensure data stored electronically is weeded and retained if appropriate. This includes arrangement for email and the member of staff’s IT account Ensure any University property assigned to the member of staff is recovered Documents IT Account – (Data Storage & Email) Property 1. Admin Procedures & Forms 1.1 If the member of staff is leaving the university, upon receipt of written notice, a PERS025 Termination form must be completed and passed to the Dean/Head of School/Service before being forwarded to the Personnel Department. 1.2 If available, the original PERS039 form created when the member of staff commenced employment should be obtained from the member of staff’s file or a new (revised 2009) form created. The PERS039 form should be used to record the recovery of property and actions relating to access to data (see below). The form is returned to the staff file upon completion and should be held in accordance with data retention policy. 1.3 The remaining leave entitlement for the current leave year should be worked out and arrangements be made for staff to take outstanding annual leave or for leave taken in excess of...

Words: 2051 - Pages: 9

Premium Essay

Data Protection

...W A T S O N H A L L UK data retention requirements information data retention and disposal Watson Hall Ltd London 020 7183 3710 Edinburgh 0131 510 2001 info@watsonhall.com www.watsonhall.com Each type of data within an organisation should be identified and classified. Once this has been completed and during periodic reviews, it is necessary to define the retention and disposal policy. Business data records should be assessed for the statutory and legal requirements, business and accountability requirements and the risks associated with keeping or disposing of the data records. A records management system or schedule of data retention criteria can be used to document the data records, the requirements and the security controls needed for their identification, storage, protection, retrieval, retention and disposal. There are a large number of statutes, case law and regulations defining how long some data must be kept for before it is destroyed — some of which are outlined on the following pages. A few requirements such as records of wages apply to almost all sectors, but we have listed some specific requirements for the communications, financial and governmental sectors. Other sectors have equally important requirements. The exact minimum retention period varies with the specific data type, and the starting date is often context related e.g. period from an event like an accident, retirement or the advertisement of a product. This document is based on the previous work...

Words: 1676 - Pages: 7

Free Essay

Premier College Document Retention Policy

...PREMIER COLLEGE DOCUMENT RETENTION POLICY January 20, 2016 POLICY STATEMENT POLICY STATEMENT Premier College has developed a document Retention Policy to protect and preserve all critical documents as required by state and federal laws. The College is responsible for retaining paper and electronic documents in a safe and secure environment to ensure the basic values of accuracy, confidentiality, security, and proper archiving as well as proper document destruction once documents have served their purpose. This Policy is also for the purpose of aiding employees of the organization understanding their obligations in retaining electronic documents including e-mail, Web files, sound and movie files, PDF, TIFF, TXT files and documents, Calendars, Computer usage logs, Internet usage logs, Databases, and all Microsoft Office or other formatted file. This policy is written with considerations for compliance with federal mandates and acts including The Sarbanes-Oxley Act, Health Insurance Portability and Accountability Act (HIPPA), The Fair Credit and Accurate Transaction Act (FACTA), Gramm-Leach-Bliley (GLB) and other federal, state and local mandates. EFFECTIVE DATE This Policy is effective as of January 20, 2016, (the “Effective Date”) and applies to all documents created after the Effective Date. However, to the extent possible, the Policy will be applied to all documents regardless of creation date. LEGAL HOLD A legal hold suspends all document destruction...

Words: 5340 - Pages: 22

Free Essay

Document Retention Policy

...Premier Collage | Document Retention Policy | Litigation Hold Notice | | | 8/26/2113 | Table of Contents 1.0 POLICY STATEMENT ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐---‐‐‐‐‐‐‐‐‐‐‐‐‐‐ 4 2.0 PURPOSE ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ 4 3.0 APPLICABILITY ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐--‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ 5 4.0 DEFINITIONS ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ 5 1. Official Records Retention and Disposition Schedules ------------------------------------------------------------- 5 2. File Breaking ------------------------------------------------------------------------------------------------------------------- 5 3. Litigation Hold -----------------------------------------------------------------------------------------------------------------6 4. File Integrity ------------------------------------------------------------------------------------------------------------------- 6 5. File Maintenance ------------------------------------------------------------------------------------------------------------- 6 6. Personally Identifiable Information ------------------------------------------------------------------------------------- 6 7. Confidential Information ----------------------------------...

Words: 4408 - Pages: 18

Free Essay

Information Management

...------------------------------------------------- Information Lifecycle Management From Wikipedia, the free encyclopedia | This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed. (January 2008) | Information Lifecycle Management (sometimes abbreviated ILM) refers to a wide-ranging set of strategies for administering storage systems on computing devices. ILM is the practice of applying certain policies to effective information management. This practice has been used by Records and Information Management (RIM) Professionals for over three decades and had its basis in the management of information in paper or other physical forms (microfilm, negatives, photographs, audio or video recordings and other assets). ILM includes every phase of a "record" from its beginning to its end. And while it is generally applied to information that rises to the classic definition of a record (Records management), it applies to any and all informational assets. During its existence, information can become a record by being identified as documenting a business transaction or as satisfying a business need. In this sense ILM has been part of the overall approach of ECM Enterprise content management. However, in a more general perspective the term "business" must be taken in a broad sense, and not forcibly tied to direct commercial or enterprise contexts. While most records...

Words: 1273 - Pages: 6

Free Essay

A Reaserch Study on Accountancy Program Retention Policy and Survival Rate of Students in the Philippines

...Transcript of Copy of EFFECTIVENESS OF RETENTION POLICY AMONG ACCOUNTANCY STUDENTS 1. There are no common problems among accountancy students on why they fail their accounting subjects. 2. Retention policy of an accountancy student is very important in order for them to become a Certified Public Accountant. HYPOTHESES INTRODUCTION 1. What are the common problems why accountancy students fail to pass their accounting subjects? 2. What are the advantages and disadvantages of having a retention policy? 3. What retention preparedness program is being used to help accounting students pass their major subjects? Statement of the Problem For student to strive harder to be able to know whether they are fit in the program or not. For accounting instructors to know on what are the students’ perspective on having a retention policy. For Administrators to have an idea on creating a program in the preparation/preparedness for retention policy to all accountancy students. SIGNIFICANCE OF THE STUDY These are some schools who also implement the Retention Policy among Accountancy Students: Review Related Literature The descriptive normative method of research was used with the questionnaire-checklist. Descriptive research, according to James P. Key of Oklahoma State University, obtains information concerning the current status of the phenomena to describe “what exists” with respect to variables or conditions in a situation which involves range from the survey which describes...

Words: 1441 - Pages: 6

Free Essay

Sec 402 Wk 7 Case Study 2 Developing the Forensics

...SEC 402 WK 7 CASE STUDY 2 DEVELOPING THE FORENSICS To purchase this visit here: http://www.activitymode.com/product/sec-402-wk-7-case-study-2-developing-the-forensics/ Contact us at: SUPPORT@ACTIVITYMODE.COM SEC 402 WK 7 CASE STUDY 2 DEVELOPING THE FORENSICS SEC 402 WK 7 Case Study 2 - Developing the Forensics, Continuity, Incident Management, and Security Training Write a five to seven (5-7) page paper in which you: 1. Consider that Data Security and Policy Assurance methods are important to the overall success of IT and Corporate data security. a. Determine how defined roles of technology, people, and processes are necessary to ensure resource allocation for business continuity. b. Explain how computer security policies and data retention policies help maintain user expectations of levels of business continuity that could be achieved. c. Determine how acceptable use policies, remote access policies, and email policies could help minimize any anti-forensics efforts. Give an example with your response. 2. Suggest at least two (2) models that could be used to ensure business continuity and ensure the integrity of corporate forensic efforts. Describe how these could be implemented. 3. Explain the essentials of defining a digital forensics process and provide two (2) examples on how a forensic recovery and analysis plan could assist in improving the Recovery Time Objective (RTO) as described in the first article. 4. Provide a step-by-step process that could...

Words: 1406 - Pages: 6

Free Essay

Hr Policies and Hr Prospectives

...Retention of HR and other related records The legal position There is a substantial and complex amount of EU and UK legislation which has an impact upon the retention of HR and other related records. Examples of legislation dealing with particular categories of records are provided in the boxes below. Other important statutes, statutory instruments, EU Directives, and further provisions and proposals include the following: Acts      Limitation Act 1980 Data Protection Act 1998 Freedom of Information Act 2000 The Regulation of Investigatory Powers Act 2000 Anti-Terrorism, Crime and Security Act 2001 Statutory instruments    Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2003/2426) The Regulation of Investigatory Powers (Acquisition and Disclosure of Communications Data: Code of Practice) Order 2007 (SI 2007/2197) The Data Retention (EC Directive) Regulations 2009 (SI 2009/859) Directives   Data Protection Directive 95/46/EC Privacy and electronic communications Directive 2002/58/EC Further special provisions may arise affecting the retention of or access to data, for example:    In the context of the criminal law, the Anti Terrorism, Crime and Security Act 2001 Part 11 provides a lengthy code of practice for voluntary retention of communications data. To provide security services with a reliable log of mobile and fixed phone calls, telecommunication companies must keep telephone call logs for one year. Internet...

Words: 1158 - Pages: 5

Free Essay

Cipd Fact Sheet -Retention of Hr Records

...Retention of HR records Revised July 2015   What are HR records? HR records include a wide range of data relating to individuals working in an organisation, for example, pay or absence levels, hours worked and trade union agreements. This information may be stored in a variety of media such as paper files and, increasingly, on computer databases. It is important for all organisations to maintain effective systems for storing HR data, both to ensure compliance with all relevant legislation (for example in respect of the minimum wage or working time regulations) as well to support sound personnel administration and broader HR strategy. Our factsheet on human capital has more details of how employee information can help identify the sort of HR or management interventions which will drive business performance. However, as detailed below, in the UK a complex regulatory regime governs the length of time for which HR records should be stored. The legal position Legislation There is a substantial and complex amount of legislation  in the EU and UK that has an impact upon the retention of personnel and other related records in those regions. Examples of legislation dealing with particular categories of records are provided in the boxes below. Access, storage, format and destruction The Data Protection Act 1998 (DPA) applies to most personnel records, whether held in paper, microform, or computerised format. Under the DPA data must not be kept any longer than is necessary for...

Words: 2032 - Pages: 9

Premium Essay

Employee Engagement Case Study

...rise to the need of a paradigm shift in the policies catering to the human resource management. This also has had an influence and bearing on the psyche of the employees, their motivational levels and their subsequent loyalty. Employee retention is benefits both the stakeholders in employee and employer as well. It basically refers to all the policies and procedures which enable the employees to develop a feeling of loyalty for the organization wherein they find themselves sticking to the organization for a larger span of time. Hence, best practices industry wide should be used for the employee retention considering the need and importance for the survival of the organization. Various studies have been carried out on the subject matter of employee retention and it has been found that employee retention is driven by several key variables which need to be adequately tweaked in order to achieve a better scenario in coming...

Words: 2251 - Pages: 10

Premium Essay

Dell Case Analysis

...GRADE RETENTION IN HIGH STAKES AND LOW STAKES TESTING YEARS A Thesis Submitted to the Graduate Faculty of the Louisiana State University and Agricultural and Mechanical College In partial fulfillment of the requirements for the degree of Master of Arts In The Department of Psychology by Anna Elizabeth Ball B.S. Texas A&M University, 2002 August, 2007 Acknowledgments I would like to thank Dr. George H. Noell for all of assistance, support and guidance in the preparation of this document. I would also like to thank Dr. Frank Gresham and Dr. Kristin Gansle who served as my committee members and also helped with my study design and document preparation. Finally, I would like to thank all who assisted with the construction and management of the database used for this study. ii Table of Contents Acknowledgments……………………………………………………………… ii List of Tables...…………………………………………………………………....iv Abstract…………………………………………………………………………. v Introduction……………………………………………………………………... .1 Grade Retention Literature Review..............………………………….......1 High Stakes Testing Literature Review….………………………………5 Rationale and Purpose of Current Study……………………………........9 Methods...................…………………………………………………………… 10 Database Construction…………………………………………………. 10 Procedure.....................………………………………………………… .11 Results……....................………………………………………………………...13 Grade 4…………………………………………………………………..13 Grade 5…………………………………………………………………..18 Grade 6…………………………………………………………………..23 Grade 7…………………………………………………………………...

Words: 4529 - Pages: 19

Premium Essay

Fgsgdw

...Manila, Baguio, Cagayan de Oro, Cebu, Davao, Iloilo and Legazpi. In order to meet this demand, universities and colleges must create a program that would meet the standards and retention in the BSA program. Admission to the BSA program should be restricted to students who can demonstrate a high probability of success in the study of accounting through satisfactory academic performance, a qualifying examination, an interview, and/or other appropriate means. The school is given the privilege to require standard admission requirements to the program as reflected in its manual of regulations for students (CHED, 2007). The Accountancy program is presently known for its tough retention policy which becomes a challenge to prospective students. A retention policy is a set of guidelines in which a certain school follows a minimum grade for accountancy students in order for them to advance in the next level. Today, retention policy is a common practice in most colleges/ universities. With the increasing pressure to meet the minimum proficiency level, students who are developmentally unprepared to handle the curriculum requirements may simply require an extra year for their ability level to match the expected standards or just shift to another course. With this in mind, the study aims to propose an improved retention program to School of Accountancy and Management. Background of the Study Bachelor of Science in Accountancy is a quite difficult course. Many students end up in to other courses...

Words: 2102 - Pages: 9

Premium Essay

Hrm Practice

...(HRM) PRACTICES ON EMPLOYEES RETENTION (A CASE STUDY OF EDUCATION AND BANKING SECTOR IN BAHAWALPUR) Muhammad Azhar Sheikh 1 Wusat-ul-Qamar 2 Fariha Iqbal 3 ____________________________________________________________ __________ Abstract: This research has been conducted to study the impact of HRM practices (career development opportunities, supervisor support, working environment, rewards and work-life policies) on employee retention in The Islamia University of Bahawalpur as well as the banks in Bahawalpur. The data collected through questionnaire from 101 respondents. The results show the positive relationship of above mentioned HRM practices with employee retention. Conclusions as well as directions for future research are discussed. INTRODUCTION EMPLOYEE RETENTION: During the last decade, the personnel/HRM field has shifted from a micro focus on individual HRM practices to a debate on how HRM as a more holistic management approach may contribute to the competitive advantage of the organizations. Three different perspectives have been used in recent researches on the relationship between HRM practices and organizational performance, organizational retention and organizational strategies. (Bjorkman and Pavlovskaya: 2000) A number of studies have found that managing turnover is a challenge for organizations, as different organizations using different approaches to retain employees (American Management Association, 2001).Employee retention is also likely to be important...

Words: 3338 - Pages: 14

Premium Essay

Hit Info

...Bend Hospital Policy and Procedures SUBJECT: Retention of Health Information DEPARTMENT/SERVICE: Health Information Management APPROVED BY: Virginia Welch, RHIA HIM Director MEDICAL STAFF COMMITTEE James Harkness, MD CHIEF FINANCIAL OFFICER Richard Louis, MBA CHIEF EXECUTIVE OFFICER Hudson Taveggia, MBA POLICY NO. HIM 19.44 EFFECTIVE DATE: 04/2011 REVIEWED/REVISED: 4/01; 4/05; 4/08; 4/09; 4/10 PURPOSE To establish guidelines for the retention, storage, and destruction of health information that meet the requirements of federal and state laws and regulations. POLICY Health information will be retained, stored, and destroyed in paper copy or electronic media format according to state and federal guidelines and Willow Bend Hospital retention guidelines. PROCEDURE: I. Maintenance of Health Information a) Health information (for definition, refer to Policy 19.50: Legal Medical Record) within the medical record is considered a hybrid record, consisting of both paper and electronic documentation. All paper medical records are converted to an electronic format within 24 hours of patient discharge. b) Electronic portions of the medical record are fed via computer output to laser disc into the electronic health information repository system, Apex Patient Folder (APF), without manual intervention. All electronic documents from all sources should be integrated into the permanent repository system, Apex Patient Folder. II. Retention Guidelines a)...

Words: 736 - Pages: 3

Premium Essay

Ddddd

...Central Punjab, Lahore Proceedings of 2nd International Conference on Business Management (ISBN: 978-969-9368-06-6) Effect Of Dividends On Stock Prices 2 Abstract In Pakistan corporate sector is adversely facing competition due to economic downturn in the world and making efforts to survive in a competitive and uncertain economic environment. This study will help to improve dividend decisions of corporate sector through proper implementation of their dividend policies. This paper is an attempt to explain the effect of dividend announcements on stock prices of chemical and pharmaceutical industry of Pakistan. A sample of twenty five companies listed at KSE-100 Index is taken from the period of 2001to 2010. Results of this study is based on Fixed and Random Effect Model which is applied on Panel data to explain the relationship between dividends and stock prices after controlling the variables like Earnings per Share, Retention Ratio and Return on Equity. Results indicate that Cash Dividend, Retention Ratio and Return on Equity has significant positive relation with stock market prices and significantly explains the variations in the stock prices of chemical and pharmaceutical sector of Pakistan while Earnings per Share and Stock Dividends have negative insignificant relation with stock prices. This paper further shows that Dividend Irrelevance Theory is not applicable in case chemical and pharmaceutical industry of Pakistan. Keywords: Cash or Stock Dividends, Stock...

Words: 6183 - Pages: 25