Zasio’s Research Team had a busy year in 2016. We conducted international research on records management citations for over 50 countries and domestic research at the federal level for all 50 states and D.C. This research was performed for Consulting clients and Versatile Retention (VR) software subscribers in a wide range of industries, including financial institutions, manufacturing, and pharmaceuticals.
To briefly explain our methodology, Zasio takes each individual recordkeeping or records handling requirement and groups it into a citation by similar subject matter and/or retention period/handling requirement type. For example, if a law has requirements to keep accounting records for 3 years and human resource records for 5 years, Zasio captures these in two separate citations, one for each subject and retention period. This often results in creating multiple citations per law or regulation and provides enough granularity to allow citations to be accurately linked to individual record codes that exist in client records retention schedules.
Internationally, we added over 4,000 citations and updated over 5,500. Domestically, we added over 6,500 citations and updated over 5,500. Many of the new citations were added because we captured new laws that were enacted, but a significant portion were added because we are constantly expanding our jurisdictional scope and the industries we research. In addition, we have greatly expanded the types of recordkeeping handling requirements we capture.
Historically, most of the international research we conducted has been for custom research projects for our Consulting clients. However, in 2016 we also expanded our VR subscription offerings, which previously included the US and Canada, to now include Mexico. One of our goals for 2017 is to continue to expand our subscription offerings into Australia and Europe.
Overall, one of the biggest areas of growth in recordkeeping and handling law in 2016 related to regulations about personally identifiable information (PII). The EU adopted the General Data Protection Regulation (GDPR) (Regulation 2016/679), which does not become effective for two years. However, to prepare for the new law, at least a few EU countries have started revising their PII laws. One example, France’s National Commission on Informatics and Liberty (CNIL), has amended and updated several laws in anticipation of the new EU regulation, including their requirements on biometric authorizations. It’s likely that as EU countries prepare for the new GDPR regulation we will see changes and additions to the PII recordkeeping and handling requirements.
VR clients can stay current with all of the latest changes to recordkeeping and handling laws by running searches in the Research “Advanced mode” tab and selecting “Date Updated” to limit results to a number of customizable date ranges.