Confidential data can be exposed at any point during the information lifecycle. Unsecure storage, lax chain of custody procedures, and theft commonly lead to data breaches. But in many instances, it’s the final disposition of private data that proves to be the most problematic for businesses. As a result, several federal laws specifically address provisions for ensuring proper disposal of private information. One or all may have an impact on your business.
The Gramm-Leach-Bliley Act (GLB)
GLB was enacted in 1999 to protect the personally identifiable information (PII) used by financial institutions. According to GLB, businesses must designate an information security coordinator and undergo routine risk assessments to determine the threat to PII. If your business provides the following services, it’s wise to assess how PII is currently being disposed of within your organization:
- Mortgage Lending
- Financial Advice
- Tax Preparation
- Dept Collection
- Real Estate Settlement
The Health Insurance Portability and Accountability Act (HIPAA)
You’re probably most familiar with this law—enacted in 1996—because of a disclosure you signed when visiting a doctor. HIPAA contains privacy and security rules for ensuring the protection of personal health information (PHI). Your business does not have to provide medical services in order to be impacted by HIPAA. Within the law are provisions that also hold business associates of HIPAA-covered entities liable for any breaches of PHI. Therefore, your company is subject to HIPAA regulations if it provides the following services and/or products to a healthcare provider:
- claims processing
- software or hardware support
- legal services
- accounting or administrative support
While HIPAA does not specify rules regarding the disposal of PHI, if confidential data is exposed due to improper disposal, your business may be subject to fines levied by the Department of Health and Human Services’ Office of Civil Rights.
The Fair and Accurate Credit Transactions Act (FACTA)
Like GLB, FACTA also deals with the protection of personally identifiable information used by consumers. Passed in 2003, it specifically deals with the protection of PII found in consumer reports. Of all the federal regulations regarding data disposal, FACTA affects the broadest swath of businesses:
- car dealers
- financial institutions
- debt collectors
Essentially, any business collecting consumer information for verification purposes is impacted by FACTA. As such, FACTA requires businesses to destroy physical and electronic data to an unreadable state.
How can my business stay compliant with data disposal laws?
Unfortunately, most in-house solutions for disposing of business data fall short. Either data is improperly disposed of—or ignored altogether. In contrast, a professional shredding and destruction service provides verifiable methods for ensuring the expedient and secure disposal of confidential material. The right shredding and destruction partner can offer a turnkey solution for helping your business meet regulatory disposal standards. Examples of services that may be offered include:
- one-time purge services
- scheduled shredding
- onsite mobile shredding
- hard drive destruction
Archives Management Centers provides comprehensive shredding and destruction solutions to businesses throughout Palm Beach, Martin, St. Lucie, Indian River and Okeechobee counties. To find out more, please contact us by phone or fill in the form on this page.Share