The eData Guide to GDPR: New York’s SHIELD Act Defines Records Management as a Reasonable Safeguard

Another example of why you should use GDPR as the basis for your document management policies:…

[…] The physical safeguards required by the SHIELD Act include document management requirements similar to those found in Europe’s General Data Protection Regulation (GDPR). Those safeguards include:

  1. assessing risk of information storage and disposal;
  2. detecting, preventing, and responding to intrusions;
  3. protecting against unauthorized access to or use of private information after the collection, transportation, or disposal of information; and
  4. disposing of private information within a “reasonable amount of time” after it is no longer needed for businesses purposes by “erasing electronic media so that the information cannot be read or reconstructed.”

There is no definition under the SHIELD Act regarding what will be considered a “reasonable amount of time” to hold data after it is no longer needed. However, one can assume that, at a minimum, businesses that are subject to this section of the SHIELD Act should have updated document retention schedules and policies in place, and should be able to demonstrate that they are actively followed. […]

Read the original article here