Haystack Associates, Inc.

Legal Requirements

Keeping up with new and changing Federal, State, and international requirements for privacy and security, retention, and disposal of information is more than a full-time job.  Recent provisions in the Health Care Reform Act, Dodd-Frank Act, Credit Card Act, EU Privacy Directive can impact your retention decisions and create compliance requirements for your company in addition to the requirements from each state or country in which you have offices, employ staff, or conduct business.

Haystack's regulatory requirements services include:

Retention Regulations:  International, US Federal and legal statutes from all 50 States that directly and indirectly impact your retention decisions for business records.

Clients to the service can identify their records by using our standard taxonomy of business records compiled for many industries including investment, securities, biotech, pharmaceutical, health care, aerospace, retail, manufacturing and many others, or provide their own classifications/lists of records.  Attorney reviewed legal requirements are provided for each type of record for the jurisdictions that you need providing a documented basis for your retention decisions.  Our extensive research includes:  US, Canada, Mexico, Brazil, EU, UK, France, Brussels, Germany, Netherlands, Sweden, Denmark, Japan, China, South Korea, Taiwan, Malaysia, Singapore, Australia, New Zealand, with more being added every day.

Privacy and Security Regulations:  US Federal, State, Canadian, and EU regulations as well as PCI requirements for corporate privacy and security programs, and secure storage and disposal of information that contains personally identifiable information about clients, patients, employees, or customers.

Clients to the service can view the full text of requirements for privacy and security of business records for a single jurisdiction or receive requirements from multiple jurisdictions and view by topic such as Definition of PII, Encryption Requirements, Breach Notification Requirements, Training Requirements, Compliance Audits etc.

Clients can use the service one time or subscribe on an annual basis and receive notification when changes occur.