Compliance Law and Document Destruction: What Businesses Need to Know
Almost everyone knows someone who has been a victim of identity theft or consumer fraud or have been a victim themselves. My own father has struggled for years for a data breach that has caused him time, money and headaches. He knows just how it happened. His health insurance card was copied, then the copy was set aside for later shredding using a basic office shredder.
Unfortunately, the shredding never occurred. His personal information was compromised and his identify stolen. Breaches are preventable. The best service you can provide your customers, who are entrusting you with your professionalism and protection, is to guarantee the highest level of security when it comes to handling sensitive data. It is your obligation, under the law, to protect your customers, clients or patients from identity theft and consumer data breaches. People, like my father, do not deserve the hassle and cost of dealing with the repercussions of a businesses’ inadequate data destruction policies. Do not look for protection under the law if your business does not properly protect and dispose of proprietary information. The penalties are steep and the impact to your business can be devastating. The first step to ensuring compliance, is to understand your entity’s obligations.
Compliance Law: 3 Key Laws Summarized
FACTA (Fair and Accurate Credit Transaction Act)
The FACTA Final Disposal Rule (Fair and Accurate Credit Transaction Act) is a federal law enacted to reduce the risk and occurrences of consumer identity theft and fraud caused by the improper disposal of personally identifiable information. The Federal Trade Commission (FTC) has specifically listed lenders, landlords and property managers, insurers, government agencies, auto dealers and mortgage brokers as businesses/industries who are required to follow the FACTA Disposal Rule, but it applies to a much broader group. Any organization, business, agency or individual who handles confidential consumer information is required to follow the FACTA Disposal Rule. The law requires that every person/business “must properly dispose of such information by taking reasonable measures”, which have been defined as “burning, pulverizing or shredding of papers containing consumer information”.
HIPAA (The Health Insurance Portability and Accountability Act of 1996)
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a broad law enacted by Congress to protect the privacy of personal health information for all Americans. “Covered entities” which include all health care providers, health care plans and health care clearinghouses, as well as related business associates, must provide and monitor data safeguards to ensure the protection and privacy of healthcare information and unauthorized disclosure of any individually identifiable information. Data breaches, even if accidental, are subject to fines from $100 to $50,000 per occurrence up to $1.5 million annually. Covered entities must take reasonable and appropriate measures to comply with HIPAA regulations to protect the privacy of individual’s health information which includes proper disposal of confidential documents.
GLBA (The Gramm-Leach-Bliley Act)
The Gramm-Leach-Bliley Act (GLBA), also known as the Financial Modernization Act of 1999, is a federal law enacted to set rules and guidelines regarding how financial institutions handle private information of individuals. Two sections of GLBA include: The Financial Privacy Rule, which regulates the collection and disclosure of private financial information; The Safeguards Rule, which states that financial institutions must implement security programs to protect consumer information. Companies that offer consumers financial products or services like loans, financial or investment advice, or insurance are subject to GLBA.
Which Law Impacts Your Business?
Each business or organization has specific compliance regulations they are required to follow. It is important to be aware of what laws affect your business and have policies and procedures in place to meet those standards. Proper destruction of personally identifiable information and confidential consumer information is the best way to prevent a data breach. Creating a relationship with a local, onsite shredding company to shred all discarded consumer information is the best way to ensure compliance with all confidentiality laws and regulations and can provide your business with a paper trail of compliance. Look for a company who is a member of the National Association for Information Destruction (NAID) which binds that company to uphold the highest professional and ethical standards in the shredding industry.
Questions? Elevated Shredding Can Help
Jen Green is President and CEO of Elevated Shredding, a document and data destruction company and paper/E recycler; and Strides 2 Thrive, an agency providing job training and employment opportunities for people with disabilities. To inquire about our services, call (928) 522-9226 or email jen@elevatedshredding.com.
Comments