Considerations When Digitizing Records
A recent survey of over 500 records and information management (RIM) professionals revealed decision makers are intrigued by the benefits of transforming physical records into digital.[1] This is not surprising given technology’s influence on society.
With digital records, however, come several issues that RIM professionals should consider: (1) identifying documents that may be kept in electronic form; (2) specifications or conditions of electronic records; and (3) security measures that are in line with a record’s content medium. Navigating these issues can be difficult. Nonetheless, businesses must consider the implications of records digitalization.
Documents That May be Kept in Electronic Form
In the United States, the Electronic Signatures in Global and National Commerce Act created the general rule recognizing electronic signatures, contracts, and other records in or affecting interstate or foreign commerce.[2] With this general rule, there are some specific exceptions that do not recognize the digitalization of information. These include the cancellation or termination of utility services, product recalls or failures, cancellation or termination of health or life insurance benefits, and transportation or handling of hazardous materials like pesticides.[3] Determining what documents you can keep electronically is a strategic first step when transitioning to digital records.
Specifications For Digitalized Records
Ensuring specifications surrounding digitalized documents is another critical consideration when digitizing documents. For example, Hawaii requires computed tomography x-ray system licensees to retain images of spot checks in “digital form on a storage medium compatible with the computed tomography x-ray system.”[4] Another example is a federal provision requiring prescription drug licensees that maintain or transmit electronic records within closed systems to “employ procedures and controls designed to ensure the authenticity, integrity, and, when appropriate, the confidentiality of electronic records. . . .”[5] The procedures and controls required to be implemented include but are not limited to the ability to generate accurate and complete copies in physical and electronic form, as well as ensure that record changes do not obscure information that was previously recorded.[6]
Security Measure Considerations
Given the increasing number of consumer privacy laws, information security is a growing concern for businesses. For example, the CPRA amendments in California provide:
[a] business that owns, licenses, or maintains personal information about a California resident shall implement and maintain reasonable security procedures and practices appropriate to the nature of the information, to protect the personal information from unauthorized access, destruction, use, modification, or disclosure.[7]
The method used to protect information can vary depending on the medium in which the information is kept. Reasonable security measures for physical files often include lock and key or security cameras, but for electronic information include encryption and malware protection. What is reasonable may depend a lot on the type of information and the circumstances of its use, and a business should not overlook the necessary security adjustments that follow.
Conclusion
The transition from physical to digital information retention can be appealing for reasons such as a decreased administrative burden. It is essential, however, to understand the landscape of implications surrounding this transition, and this article discusses but a few. When weighing such a transition, don’t let the positives cause you to ignore these implications.
[1] Access, Access Releases Results of 2023 State of the Records & Information Management Industry Survey — Highlighting Trends on Challenges, Key Initiatives, Planned Investments, and More, (last accessed May 8, 2023) https://www.accesscorp.com/press-coverage/access-releases-results-of-2023-state-of-the-records-information-management-industry-survey-highlighting-trends-on-challenges-key-initiatives-planned-investments-and-more/.
[2] 15 USCS § 7001 (a) (2023).
[3] See 15 USCS § 7003 (a), (b) (2023).
[4] Haw. Code R. § 11-45-1 (2023).
[5] See 21 CFR 203.60 (2023); 21 CFR 11.10 (2023).
[6] Id.
[7] Cal. Civ. Code § 1798.81.5 (b) (2023)
Disclaimer: The purpose of this post is to provide general education on Information Governance topics. The statements are informational only and do not constitute legal advice. If you have specific questions regarding the application of the law to your business activities, you should seek the advice of your legal counsel.
Author: Brandon Tuley, JD, CIPP/E
Analyst / Licensed Attorney