Quote:
|
Originally Posted by After Shock Media
I would really need to double check, I am near positive I saw that listed in one interpretation. Not to mention in the event you get a raid what is the likely hood they will sit there while you download the required files or worse yet what it your isp goes down, or the company site is offline for whatever reason.
Also I am pretty sure most online solutions would not meet the qualifications of whom can be a record keeper, same with an offsite attorney etc.
Then what shall you do place an ip number as the address of your custodian of records? It states you must have a physical address open during reasonable business hours.
Again this is all from memory right now and I aint no attorney. I just play it super fucking safe with my records.
|
Quote:
|
Originally Posted by Tam2257ok
Based on our attorney's interpretation of the law, online services which do NOT store local copies in a usable form (ours does) do not comply with the law. It explicitly states that agents have to be able to seize the records, and that the records be stored at the physical business location.
Our service is designed to allow your software to download the records into your local database for exactly this reason, and you get the benefits of both worlds - easy information transfers, and a local copy for legal compliance.
|
Thanks to both for the clarification. We currently use an in-house Access database but are switching to an in-house PHP/MySQL database which will also have appropriate portions web-accessible to our affiliates using our materials for promotion (the ones who choose not to use our hosted galleries, etc.) in compliance with 4472.
I understand that we can't use a third party to store records offsite. My concern was whether or not the records must physically be *stored* on the office/custodian's premises, or whether they must be *accessible* from there. Our solution (which we developed in-house) does allow a copy of the records to be kept on a local machine (which will be dedicated for that use and no other, in compliance with the regs), but the idea was to keep the primary copy offsite for backup/data security/disaster recovery reasons. Obvilously, an up-to-date copy would have to be maintained locally in case the ISP goes down while the inspection is happening, but other than that, I would think that storing the records offsite would be OK as long as an on-site copy is available.
Also, does anyone know if the law allows *seizure* of the records (which to me means removing them from the office) as opposed to *copying* of the records? I was of the impression they were permitted to copy them but I didn't see anything about seizure (except, of course, if they have evidence of a felony in the records or a search warrant.)
Thanks in advance for any clarification/info.