COMPLIANCE

SHRED DISPOSAL

_____________________________

Handing your sensitive information off to someone else to take care of is no small matter. By law every government office, business or healthcare facility must protect the private information of the people who utilize their services. Those who don’t will be subjected to huge fines and penalties.

FACTA Final Disposal: All consumer information is required to be destroyed before being discarded.

HIPAA: The HIPAA Security Rule established national standards to protect individual’s EPHI that is maintained by a covered entity.
The Security Rule requires appropriate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of EPHI.

Federal Rule 26: Rule 26 of the Federal Rules of Civil Procedure states that by not adhering to a routine document destruction program a company exhibits suspicious disposal practices that could be negatively construed in the event of litigation or audit. Destroying older documents on a set schedule limits your legal risks.

GLB: the Gramm-Leach-Bliley (GLB) Act requires that financial institutions ensure the security and confidentiality of their customers’ non-public personal information including personally identifiable data such as Social Security numbers, passwords or access codes for bank accounts, cards, ATM cards, financial assets, consumer credit reports, financial account numbers, and other similar information. The harm caused by identity theft has led the federal government to create mandates such as this in order to prevent even the negligent disclosure of sensitive personal information.

SEC: The Securities and Exchange Commission (SEC) Regulation S-P was created to bring businesses regulated by the SEC into compliance with the GLB Act. This act applies to broker-dealers, funds, registered advisors, those who deal with variable annuity or variable life insurance, and any other entities dealing in Securities.

Sarbanes Oxley Act: The Sarbanes Oxley Act (2002) was passed to implement changes in federal securities regulation, corporate governance, and the regulation of auditors. It expanded federal white-collar laws criminalizing the destruction of certain corporate communications and documents.

Economic Espionage Act: Economic Espionage Act makes the theft or misappropriation of trade secrets a criminal offense and is the first federal law that purports to both broadly define and severely punish such misappropriation and theft.

Federal Privacy Act: The 1974 Federal Privacy Act was established to ensure that government agencies protect the privacy of individuals and businesses with regard to information held by them and to hold these agencies liable if any information is released without authorization.

FERPA: the Family Educational Rights and Privacy Act (FERPA) is a federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an application of the Department of Education. FERPA gives parents certain rights with respect to their children’s education records. These rights transfer to the student when he or she reaches the age of 18 or attends a school beyond the high school level.

NIST: National Institute of Standards and Technology provides guidelines for media sanitization and drive destruction.

DoD: Department of Defense provides requirements for drive destruction and magnetic wiping.

FCRA: Fair Credit Reporting Act provides requirements for securing and protecting the personal information of lender customers.

NISP: National Industrial Security Program provides baseline requirements for the protection and securing of military and government data.

HITECH: Health Information Technology for Economic and Clinic Health Act is designed to properly enforce HIPAA with new penalties for concepts like willful neglect and improperly protecting patient data.