Information Management Resources

Below are a wealth of online resources related to information management and information security.  I am always interested in additions.  Please comment at the bottom of the page if you’d like something added, want to report an incorrect or broken link, or have a direct link to an authorized copy of the resource.

Selected Standards & Guidelines
Regulatory Agencies

Primary Regulatory Bodies – Email Retention

Telecommunications: FCC – Title 47, Part 42
Healthcare: HIPAA (Health Insurance Portability and Accountability Act)
Defense: DOD – 5015.2 Standard
Investment Advisors: SEC Rule 204-2 (Books and Records Retention)

Information Management Organizations

International Resources

General Data Protection Regulation (GDPR)

Weblogs & ListServes

USC / Code of Federal Regulations

5 U.S.C. Chapter 5, Subchapter II – Administrative Procedure§ 552. Public information; agency rules, opinions, orders, records, and proceedings
(Freedom of Information Act, as amended)
§ 552a. Records maintained on individuals
(Privacy Act of 1974, as amended)
§ 553. Rule making
(Administrative Procedure Act)
18 U.S.C. Chapter 101 – Records and Reports
§ 2071. Concealment, removal, or mutilation generally
18 U.S.C. Chapter 121 – Stored Wire and Electronic Communications and Transactional Records Access
(Electronic Communications Privacy Act of 1986)
28 U.S.C. Chapter 115 – Evidence; Documentary
§ 1732. Record made in regular course of business; photographic copies
(Uniform Photographic Copies of Business and Public Records as Evidence Act (UPA))
31 U.S.C. Chapter 11 – The Budget and Fiscal, Budget, and Program Information
(Budget and Accounting Procedures Act of 1950)
40 U.S.C. Subtitle III – Information Technology Management
(Clinger-Cohen Act of 1996, also known as the Information Technology Management Reform Act of 1996)
44 U.S.C. Chapter 21 – National Archives and Records Administration
44 U.S.C. Chapter 29 – Records Management by the Archivist of the United States and by the Administrator of General Services
44 U.S.C. Chapter 31 – Records Management by Federal Agencies
(Federal Records Act)
44 U.S.C. Chapter 33 – Disposal of Records
(Federal Records Disposal Act)
44 U.S.C. Chapter 35 – Coordination of Federal Information Policy
(Paperwork Reduction Act of 1980, as amended; Paperwork Reduction Reauthorization Act of 1995; and Government Paperwork Elimination Act)
5 CFR Chapter III, Subchapter B – OMB Directives
Part 1320. Controlling Paperwork Burdens on the Public
36 CFR Chapter XII, Subchapter B – Records ManagementPart 1220. Federal Records; General
Part 1222. Creation and Maintenance of Federal Records
Part 1223. Managing Vital Records
Part 1224. Records Disposition Program
Part 1225. Scheduling Records
Part 1226. Implementing Disposition
Part 1227. General Records Schedule
Part 1228. Loan of Permanent and Unscheduled Records
Part 1229. Emergency Authorization to Destroy Records
Part 1230. Unlawful or Accidental removal, Defacing, Alteration, or Destruction of Records
Part 1231. Transfer of Records from the Custody of One Executive Agency to Another
Part 1232. Transfer of Records to Records Storage Facilities
Part 1233. Transfer, Use, and Disposition of Records in a NARA Federal Records Center
Part 1234. Facility Standards for Records Storage Facilities
Part 1235. Transfer of Records to the National Archives of the United States
Part 1236. Electronic Records Management
Part 1237. Audiovisual, Cartographic, and Related Records Management
Part 1238. Microform Records Management
Part 1239. Program Assistance and Inspections

Relational Database Specific Resources

Electronic Signatures
1999 UETA
Both ESIGN and UETA establish that electronic records and signatures carry the same weight and legal effect as traditional paper documents and handwritten signatures, stating: A document or signature cannot be denied legal effect or enforceability solely because it is in electronic form. The electronic signature laws retain the rule that a signature is only valid if the signer intends to sign.
Between businesses, the nature of the parties’ consent to do business electronically can be established explicitly or by implication based on the parties’ interactions. However, consumers receive special protection under ESIGN and some state UETA enactments. Electronic records may be used to deliver Required Information to consumers only if the consumer: (a) receives certain disclosures (UETA Consumer Consent Disclosures); (b) has affirmatively consented to use electronic records for the transaction; and (c) has not withdrawn such consent.
In order to qualify as an electronic signature under ESIGN and UETA, the system that is used to capture the electronic transaction must either (a) keep an associated record reflecting the process by which the signature was created or (b) make a textual or graphic statement that is added to the signed record, reflecting the fact that it was executed with an electronic signature.
UK Electronic Communication Act (2000)
European Directive 1999/93 EC on a Community Framework for Electronic Signatures
FRCP Rules
The Federal Rules of Evidence and the Uniform Rules of Evidence generally allow for electronic records and their reproductions to be admissible into evidence. This applies to electronic signatures stored in a computer or server, so that any printout or output readable by sight, shown to reflect the data accurately, is considered an original. In the case of an electronic signature, then, it is important to demonstrate to the satisfaction of the courts that: (a) the appropriate level and amount of information surrounding the signing process was retained, and (b) the system used to retain the information is itself reliable.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s