COMPLIANCE
Many laws have been passed to insure the security of personal information.
Identity theft has become one of the fastest growing crimes in the U.S. Recent Federal and State legislation holds businesses to higher standards of confidentiality. These laws, regulations, fines and breach notifications provide even more incentives for proper information storage and destruction procedures. Failure to comply means fines and litigation.
Congress recognized that advances in electronic technology could erode the privacy of health information. Consequently, Congress incorporated into HIPAA provisions that mandated the adoption of Federal privacy protections for individually identifiable health information.
Calls for the proper disposal of information in consumer reports and records to protect against “unauthorized access to or use of the information.”
The Gramm-Leach-Bliley Act requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data.
HITECH Act also widens the scope of privacy and security protections available under HIPAA; it increases the potential legal liability for non-compliance; and it provides for more enforcement.
The Sarbanes-Oxley Act came into force in July 2002 and introduced major changes to the regulation of corporate governance and financial practice. It is named after Senator Paul Sarbanes and Representative Michael Oxley, who were its main architects, and it set a number of non-negotiable deadlines for compliance.
Requires many businesses and organizations to implement a written identity theft prevention program designed to detect the “red flags” of identity theft in their day-to-day operations, take steps to prevent the crime, and mitigate its damage. The bottom line is that a program can help businesses spot suspicious patterns and prevent the costly consequences of identity theft.
When conducting business with Ohio consumers all licensees must make safeguarding nonpublic information a top priority. The Ohio Department of Insurance has long required licensees follow reporting and mitigation procedures when data loss does occur.
The Privacy Act of 1974, Public Law 93-579, was created in response to concerns about how the creation and use of computerized databases might impact individuals’ privacy rights. It safeguards privacy through creating four procedural and substantive rights in personal data.
FINES
There have recently been millions of dollars in fines for discarding undestroyed information.
BREACH NOTIFICATION
Laws now require your public organization to publicly disclose when information has been potentially disclosed to unauthorized individuals.
NOTE
Every data protection regulation in the United States requires that organizations train employees to protect confidential customer and employee information.
We are proud members of i-SIGMA®
i-SIGMA® is the standard-setting body advocating for best practices in secure data destruction.
i-SIGMA promotes a standard of best practices across governments and by service providers as well as product, equipment, and service suppliers globally.
