Legal and Regulatory Requirements

Records Management Basics: This topic is an introduction to what records management is all about, covering the principles and practices of managing records throughout their lifecycle.

Recordkeeping Requirements: This topic covers the legal and regulatory requirements for recordkeeping, including what types of records must be kept, for how long, and in what format.

Information Governance: This topic focuses on the importance of information governance in records management, including the policies, procedures, and controls needed to ensure that records are managed effectively.

Privacy and Data Protection: This topic covers the legal requirements for protecting personal and sensitive information, including data privacy laws and regulations.

Electronic Records Management (ERM): This topic covers the management of electronic records, including the use of electronic recordkeeping systems and software.

Document Retention: This topic covers the requirements for retaining different types of records, including legal, financial, and operational records, and how to set retention schedules.

Records Destruction and Disposition: This topic covers the methods and procedures for disposing of records that are no longer needed, including shredding, deleting, or erasing electronic records.

Compliance and Auditing: This topic covers the importance of compliance and auditing in records management, including the need for regular audits to ensure that records are being managed in accordance with legal and regulatory requirements.

Records Management Policy and Procedures: This topic covers the development and implementation of records management policies and procedures, including the roles and responsibilities of those involved.

Records Management Systems and Technology: This topic covers the use of records management systems and technology, including database management systems, content management systems, and electronic records management systems.

Privacy laws: These laws govern the collection, use, storage, and sharing of personal data, such as the General Data Protection Regulation (GDPR) in the EU, the California Consumer Privacy Act (CCPA) in the US, or the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada.

Freedom of Information laws: These laws require public institutions to provide access to their records upon request, such as the Freedom of Information Act (FOIA) in the US or the Access to Information Act (ATIA) in Canada.

Industry regulations: These regulations may require organizations to create, retain, and dispose of records in a specific way to ensure compliance and accountability. For example, the health sector may be subject to regulations such as HIPAA in the US or PIPEDA in Canada.

Financial regulations: These regulations may require organizations to keep records of their financial transactions and activities, such as the Sarbanes-Oxley Act (SOX) in the US or the Financial Reporting Council (FRC) regulations in the UK.

Intellectual property laws: These laws protect the ownership, use, and disclosure of proprietary information, such as patents, trademarks, and copyrights.

Labor laws: These laws regulate the treatment of employees and dictate the retention of certain employment-related records, such as the Fair Labor Standards Act (FLSA) in the US or the Employment Standards Act (ESA) in Canada.

Environmental regulations: These regulations may require organizations to keep records of their environmental impact, such as the Resource Conservation and Recovery Act (RCRA) in the US or the Canadian Environmental Protection Act (CEPA).

Electronic signature and records laws: These laws recognize and facilitate the use of electronic signatures and records in legal transactions, such as the Electronic Signatures in Global and National Commerce Act (ESIGN) in the US or the Personal Information Protection Act (PIPA) in Japan.

Record retention laws: These laws outline how long certain records should be kept before they can be destroyed or archived, such as the statute of limitations in civil cases or the retention schedules of archival institutions.

Cybersecurity laws: These laws require organizations to ensure the confidentiality, integrity, and availability of their electronic records and communications, such as the National Institute of Standards and Technology (NIST) Cybersecurity Framework in the US or the EU Cybersecurity Act.