Archiving Legislation

 

Australia

 

 

Legislation

Description

Requirement

Australia

1.

The Privacy Act 1988

 

 

 

 

 

It is a law, which regulates the handling of personal information about individuals. This includes the collection, use, storage and disclosure of personal information, and access to and correction of that information.

 

Personal information must be stored securely to prevent its loss or misuse.

 

 

 

 

2.

APRA (Australian Prudential Regulation Authority)

 

 

 

 

The Australian Prudential Regulation Authority (APRA) oversees banks, credit unions, building societies, general insurance and reinsurance companies, life insurance, friendly societies and most members of the superannuation industry.

 

Retention of records required and records may be requested for inspection.

 

 

 

 

 

3.

CLERP 9 (The Corporate Law Economic Reform Program)

Corporate reporting and disclosure laws.

 

 

Documentation to be stored/archived.

 

 

 

 

Brazil

 

 

Legislation

Description

Requiremen

                         Brazil

1.

“Azeredo Act”

 

 

 

 

 

 

 

 

 

 

 

The Act defines as criminal offenses the violation of professional secrets, the invasion of any third-party information technology devices, including computers, notebooks, tablets, mobile phones, etc., whether connected to the internet or otherwise, via the circumvention of security mechanisms with the aim of destroying, altering or obtaining data or securing illegal benefits.

 

The Act creates rights for those who have their data stored, and responsibilities for those who store, process or transmit such data.

 

 

 

 

 

 

 

2.

Bill #6891/02.

 

 

 

 

Establishes standards for the protection and processing of personal data and other measures.

 

 

The bill establishes standards for those who have their data stored, and for those who store, process or transmit such data.

 

 

Canada

 

 

Legislation

Description

Requirement

Canada

1.

Investment Industry Regulatory Organization of Canada (IDA) 29.7

 

Oversees all investment dealers and trading activity on debt and equity marketplaces.

 

Retention of documentation required and inspection of records may be requested.

 

2.

Personal Information Protection and Electronic Documents Act (PIPEDA/PIPED Act)

 

Governs how Private sector organizations collect, use and disclose personal information in the course of commercial business.

 

 

The law is applied to any organization that collects personal information in the course of commercial activity.

 

3.

Courts of Justice Act

R.R.O. 1990, Regulation 194

Rules of Civil Procedure

(Rule 30 Discovery of documents)

 

Every document relevant to any matter in issue in an action that is or has been in the possession, control or power of a party to the action shall be disclosed as provided in rules 30.03 to 30.10, whether or not privilege is claimed in respect of the document.

Documentation to be stored/archived.

 

 

 

 

 

 

 

 

European Union

 

 

Legislation

Description

Requirement

European Union

1.

Euro-SOX

 

 

 

 

 

 

 

 

The Directive aims to introduce the obligation to external quality control, to ensure sound public oversight of audits and improve cooperation between the authorities in the EU.

 

 

 

 

In general, companies should maintain a complete and accurate business record for internal use and external reporting -- including archived copies of electronic documents and communications such as e-mail.

 

2.

MiFID (Markets in Financial Instruments Directive)

 

 

 

 

Is a European Union law that provides harmonized regulation for investment services across the 31 member states of the European Economic Area. The main objectives of the Directive are to increase competition and consumer protection in investment services.

 

Documentation to be stored/archived.

 

 

 

 

 

 

3.

European Union Data Protection Directive 95/46

 

 

 

 

Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.

 

The Directive creates rights for those who have their data stored, and responsibilities for those who store, process or transmit such data.

 

 

4.

European Union Directive 2006/24/EC

 

 

 

 

 

 

 

"Directive 2006/24/EC of the European Parliament on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC" was a Directive issued by the European Union and related to telecommunications data retention.

Member states will have to store citizens' telecommunications data for a minimum of 6 months and at most 24 months. Under the directive the police and security agencies will be able to request access to details such as IP address and time of use of every email, phone call and text message sent or received.

 

 

Germany

 

 

Legislation

Description

Requirement

Germany

1.

Grundsätze zum Datenzugriff und zur Prüfbarkeit digitaler Unterlagen (GDPdU)/The Principles of Data Access and Verifiability of Digital Documents.

 

The Administrative regulation, which contain rules for the storage of digital documents regarding tax audits.

 

 

 

 

An audit requires access to data and digital documentation. Documentation to be stored/archived.

 

 

 

2.

Bundesdatenschutzgesetz (BDSG)/German Federal Data Protection Act (BDSG)

 

 

The purpose of this Act is to protect individuals against infringement of their right to privacy through the handling of his personal data.

 

The Act creates rights for those who have their data stored, and responsibilities for those who store, process or transmit such data.

 

 

India

 

 

Legislation

Description

Requirement

India

1.

The Right to Information Act, 2005

 

 

 

 

 

 

 

 

 

 

An Act to provide for setting out the practical regime of right to information for citizens to secure access to information under the control of public authorities, in order to promote transparency and accountability in the working of every public authority, the constitution of a Central Information Commission and State Information Commissions and for matters connected therewith or incidental thereto.

 

It is expedient to provide for furnishing certain information to citizens who desire to have it. Documentation to be stored/archived.

 

 

 

 

 

 

 

 

2.

Indian Companies Act, 2013

 

 

 

 

The Act makes comprehensive provisions to govern all listed and unlisted companies in the country.

 

 

 

The Act proposed E-Governance for various company processes like maintenance and inspection of documents in electronic form.

 

 

Japan

 

 

Legislation

Description

Requirement

Japan

1.

Financial Instruments and Exchange Law (J-SOX)

 

 

The Law requires management to provide an assessment of its internal control over its financial reporting and obtain an auditor’s opinion on management's assessment.

 

Documentation to be stored/archived for internal auditing purposes.

 

 

 

2.

JPIPA (Japanese Personal Information Protection Act)

 

 

 

 

 

 

The Act aims to "protect the rights and interests of individuals while taking consideration of the usefulness of personal information, in view of a remarkable increase in the use of personal information due to development of the advanced information and communications society"

 

The Act creates rights for those who have their data stored, and responsibilities for those who store, process or transmit such data.

 

 

 

 

 

 

 

New Zealand

 

 

Legislation

Description

Requirement

New Zealand

1.

Public Records Act 2005

 

 

 

E-mail messages and their attachments, like other corporate records, are subject to the Public Records Act 2005.

 

Electronic records to be stored or archived.

 

 

 

2.

Privacy Act (1993)

 

 

 

 

 

 

 

The Privacy Act protects citizens from invasion of personal privacy by other individuals or businesses. Everyone needs to comply with the Act - from individuals to clubs, large and small businesses, and government departments and agencies.

 

The Act creates rights for those who have their data stored, and responsibilities for those who store, process or transmit such data.

 

 

 

3.

Companies Act 1993

 

This Act provides for the retention and the form of records.

 

Records to be stored/archived for 7 years.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Russia

 

 

Legislation

Description

Requirement

Russia

1.

Articles 23 and 24 of the Russian Constitution

 

 

 

Establish the right to privacy for each individual.

 

 

 

 

It creates rights for those who have their data stored, and responsibilities for those who store, process or transmit such data.

 

2.

Data Protection Act No. 152 FZ, 27 July 2006 (DPA) & Information, Information Technologies & Information Protection Act No. 149 FZ, 27 July 2006

Establishes basic rules as to information in general and its protection.

 

 

 

 

 

 

 

Data controllers must take appropriate technical and organizational measures against unauthorized or unlawful processing and against accidental loss, changing, blocking or destruction of, or damage to, personal data.

 

 

 

Singapore

 

 

Legislation

Description

Requirement

Singapore

1.

Singapore Companies Act

 

 

 

 

 

 

 

 

 

 

 

 

The Singapore Companies Act:

  • Provides for the formation (and ultimately termination) of companies
  • Confers on companies some special features (for example, limited liability)
  • Regulates the relationships between participants in companies
  • Facilitates dealings between companies and outsiders

 

Retention of documentation required and inspection of records may be requested at any time.

 

 

 

 

 

 

 

 

 

 

 

 

South Africa

 

 

Legislation

Description

Requirement

South Africa

1.

Constitution of the Republic of South Africa

 

 

 

Guarantees the right to privacy.

 

 

 

 

 

It creates rights for those who have their data stored, and responsibilities for those who store, process or transmit such data.

 

2.

Protection of Personal Information Bill (PPI Bill)

 

 

 

 

 

 

 

 

 

 

 

 

Safeguards personal information by imposing stringent obligations on persons holding and processing personal information.

 

 

 

 

 

 

 

 

 

 

 

 

Under the Bill, a responsible party must secure the integrity of the personal information in its possession or under its control by taking appropriate, reasonable technical and organizational measures to prevent:

  • loss of, damage to, or unauthorized destruction of personal information; and
  • unlawful access to, or processing of, personal information.

 

 

Switzerland
 

 

Legislation

Description

Requirement

Switzerland

1.

Schweizerische Obligationenrecht/(SCO) Swiss Code of Obligations

 

The law regulates the contractual legal relationships between entities.

 

 

 

Documentation to be stored/archived.

 

 

 

 

2.

The Federal Act on Data Protection (FADP)

 

 

 

 

 

 

 

 

 

 

 

The purpose of the FADP is to protect the privacy, interests and fundamental rights of data subjects. Furthermore, it has as its central goal

  • The maintenance of good data file practice; and
  • The facilitation of international data exchange by providing a comparable level of protection.

 

The file controller has the responsibility of ensuring the security of the data and is required to prohibit unauthorized access. Under the FADP, the Federal Council has the flexibility to issue detailed regulations on security procedures not only in the public, but also in the private sector.

 

3.

Basil Accords

The Basel Accords is a set of recommendations for regulations in the banking industry.

Banking Supervision requires documentation to be stored/archived.

 

 

 

United Kingdom

 

 

Legislation

Description

Legislative Requirement

United Kingdom

1.

British Standards Institution (BSI)

 

 

 

 

BSI Group is the world’s largest certification body

 

 

 

 

Audits and provides certification to companies worldwide who implement management systems standards.

 

2.

Data Protection Act 1998 (DPA)

 

 

 

 

The DPA defines UK law on the processing of data on identifiable living people.

 

 

 

The Act creates rights for those who have their data stored, and responsibilities for those who store, process or transmit such data.

 

3.

Freedom of Information Act 2000

 

 

 

 

 

 

 

 

 

 

 

The Act creates a public "right of access" to information held by public authorities.

 

 

 

 

 

 

 

 

 

 

 

 

The Act creates a statutory right for access to information in relation to bodies that exercise functions of a public nature.

Three different kinds of bodies are covered under the act:

  • Public Authorities,
  • Publicly owned companies and
  • Designated bodies performing public functions.

 

 

USA

 

 

Legislation

Description

Legislative Requirement

USA

1

FDA

Title 21 CFR Part 11

 

 

 

 

 

 

 

 

 

 

 

Part 11 defines the criteria under which electronic records and electronic signatures are considered to be trustworthy, reliable and equivalent to paper records.

 

 

 

 

 

 

 

Part 11 requires FDA-regulated industries to implement controls, including audits, system validations, audit trails, electronic signatures, and documentation for software and systems involved in processing electronic data that are required to be maintained by the FDA predicate rules or used to demonstrate compliance to a predicate rule.

 

2

Federal Rules of Civil Procedure (FRCP)

 

The FRCP governs civil procedure in United States district (federal) courts.

 

Electronically stored information may be requested.

 

 

3

Freedom of Information Act (FOIA)

 

 

 

 

Is a federal freedom of information law that allows for the full or partial disclosure of previously unreleased information and documents controlled by the United States government.

 

Electronically stored information.

 

 

 

 

 

 

4

Gramm–Leach–Bliley Act (GLB)/ Financial Services Modernization Act of 1999

 

 

 

The Safeguards Rule applies not only to financial institutions that collect information from their own customers, but also to financial institutions that receive customer information from other financial institutions.

 

GLB compliance is mandatory. Whether a financial institution discloses nonpublic information or not, there must be a policy in place to protect the information from foreseeable threats in security and data integrity.

 

5

Hedge Fund Transparency Act

 

 

 

 

 

 

 

 

 

Is a bill aimed at providing

Federal securities regulators with greater access to and control over a broad range of private Investment funds.

 

 

 

 

 

 

Investment companies with assets, or assets under management, of at least $50 million must:

1. Maintain such books and records as the Securities Exchange Commission (SEC) may require; and

2. Cooperate with any request for information or examination by the SEC.

 

6

The Health Insurance Portability and Accountability Act of 1996 (HIPAA)

 

 

 

 

 

 

Title II of HIPAA, known as the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers.

 

 

 

The administrative simplification provisions address the security and privacy of health data.

The standards are meant to improve the efficiency and effectiveness of the nation's health care system by encouraging the widespread use of electronic data interchange in the U.S. health care system.

 

7

The Investment Advisers Act of 1940

 

 

 

The IAA was passed in order to monitor those who, for a fee, advise people, pension funds, and institutions on investment matters.

 

The IAA mandated that all persons and firms receiving compensation for serving as investment advisers must register with the SEC. See point 5.

 

8

Broker-Dealer Email & IM Archiving Compliance NASD Rule & NYSE Rule 440

 

 

 

 

 

This SEC Rule specifies requirements for how members of the National Association of Securities Dealers (NASD) must control customer account information.

 

 

 

 

The rules states: "Each member shall make and preserve books, accounts, records, memoranda, and correspondence in conformity with all applicable laws, rules, regulations, and statements of policy promulgated thereunder and with the Rules of this Association and as prescribed by SEC Rule 17a-3.

9

Sarbanes–Oxley Act of 2002 (SOX)

 

 

Top management must individually certify the accuracy of financial information.

 

Electronically stored information may be requested.

 

 

10

California S.B. 1386

 

 

 

 

 

 

 

This is a California law regulating the privacy of personal information.

 

 

 

 

 

 

 

It requires an agency, person or business that conducts business in California and owns or licenses computerized 'personal information' to disclose any breach of security (to any resident whose unencrypted data is believed to have been disclosed).

 

 

11

SEC Rule 17a-4

 

 

 

 

 

It is part of the US Securities Exchange Act that outlines requirements for data retention, indexing, and accessibility for companies that deal in the trade or brokering of financial securities such as stocks, bonds, and futures.

 

Records of numerous types of transactions must be retained and indexed on indelible media with immediate accessibility for a period of six months, and with non-immediate access for a period of at least two years.

 

12

The USA PATRIOT Act

 

 

 

 

 

 

 

 

 

 

 

The title of the act is a ten-letter acronym (USA PATRIOT) that stands for Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001.

 

 

 

 

 

 

PATRIOT Sunsets Extension Act of 2011, a four-year extension of three key provisions in the USA PATRIOT Act:

  • roving wiretaps,
  • searches of business records (the "library records provision"), and
  • conducting surveillance of "lone wolves"—individuals suspected of terrorist-related activities not linked to terrorist groups.

 

 

© 2005 - 2024 ProProfs

Found this information useful? Visit mailarchiva.com to learn more about MailArchiva.

-