UK legislation
stay abreast of best compliance practices with Safeserve
Data Protection Act 1998
- Specifies that personal
information held electronically must be secured, only transferred
appropriately, and kept for a limited period of time.
- E-commerce and financial sectors are also affected. To follow best
practice, firms in these sectors should encrypt personal data and credit
card details both in transit and when they are stored.
- The Law Society is currently drawing up data protection guidelines
for law firms.
Companies Act 1985
- Requires companies to keep records sufficient to show and explain corporate transactions,
public companies for six years and private for three. Internal correspondence, which includes email, comes under these requirements.
Financial Services Authority
- For regulated financial institutions, mandates that members must retain all pertinent client records
– paper and electronic – for a period of 10 years with some documents to be kept
indefinitely.
Basel II
-
The Basel II Accord, which is compulsory and must be adopted world-wide,
stipulates that banks set in place new procedures for measuring and
mitigating against credit and operational risk. The onus is on banks to
rigorously assess both forms of risk and to build an action plan to
reduce exposure to it. Email security and retention are important
aspects of compliance.