Ask any records manager, legal counsel, or IT person working for a special district what keeps them up at night, and they'll tell you two things: cyber security and compliance. For this article, part two in a series, we'll explore compliance.
ECM, Compliance, and Special Districts
Any water agency, transportation district, or K-12 system faces numerous regulations and mandates. Add to this burden the need to protect PII (personally identifiable information) such as credit card information or driver's license number.
As an example, special districts that don't comply with security and privacy mandates risk fines and other consequences. If a school district violates FERPA, it could lose federal funding and be sued. HIPAA violations lead to thousands of dollars worth of fines. Overall, the potential cost of non-compliance is not worth the risk.
Even when adequate controls exist, there's the paper problem, where a small error may equal a severe violation. What if an employee uses a marker to redact sensitive information but misses that the text is visible from the other side of the document. Or sensitive documents could easily be left on the network printer for anyone in the office to read.
Agencies can find themselves in a no-win situation. They must protect private information and simultaneously operate with transparency. A true paradox. We know that government agencies must use retention schedules set by law. If the records are paper-based, they'll require physical storage and eventual purging when they reach final disposition. Public agencies must also respond to FOIA requests, which have time limits and can be an added hardship.
Assuredly, a special district will need to produce records for an audit or a discovery request. One subpoena can turn an office upside down—setting off a frantic search through file storage rooms, off-site storage, emails, and business systems for the requested material. These disruptive events alone have convinced a special district's leadership that it's time to invest in Laserfiche.
Here are just a few ways that Laserfiche assists organizations in meeting their compliance requirements:
Redactions can be performed automatically upon document capture. Digitized documents are far easier to redact permanently than paper. Redactions can also be white so that the requester is unaware of missing information. Retaining copies of redacted documents serve as proof that PII was not disclosed.
Information can easily be captured from an electronic document as metadata, making the record 'findable." This supports providing fulfillment of information requests in a timely fashion.
Laserfiche provides layers of security and permissions, ensuring that any given document — or particular details within a document — can be viewed only by authorized individuals.
According to specific retention policies, retention schedules can be automated with Laserfiche for retaining public documents and purging them when they are no longer needed.
Laserfiche supports collaboration and manages workflow for document review and approval, ensuring that they comply with applicable regulations as documents are created.
Audit trails provide documentation for CAPAS and other regulatory processes.
If you are interested in learning more, don't hesitate to contact us. Please stay tuned for the next article in the series.