Federal Privacy Regulations and Your Information Disposal Responsibilities
Did you know that document shredding and media destruction is the law? Is your business complying with federal privacy regulations? In this blog, we discuss the federal privacy laws that affect information disposal practices.
The Fair and Accurate Credit Transactions Act (FACTA)
FACTA requires financial institutions to have a written Identity Theft Prevention Program to protect consumer information. Under FACTA’s Disposal Rule, financial institutions must take “reasonable measures to protect against unauthorized access to or use of consumer information.” Failing to comply with the Disposal Rule can result in federal fines (up to $2,500 per violation) and state fines (up to $1,000 per violation), civil liability ($1,000 per employee), and class action lawsuits.
Gramm-Leach-Bliley Act (GLBA)
Like FACTA, GLBA requires financial institutions and other businesses that offer financial services and products to consumers to implement safeguards to protect their customers’ data. Companies must have written information-sharing policies and information security plans, including a strategy for data that reaches the end of its lifecycle. Whether disposing of electronic media, magnetic media, or hard copy paper records, partnering with an information destruction company that offers paper shredding and media destruction services helps your organization comply with GLBA.
The Health Insurance Portability and Accountability Act (HIPAA)
HIPAA applies to organizations that handle and transmit protected health information (PHI). Among the act’s many provisions, HIPAA’s Privacy Rule and Security Rule requires covered entities and their business associates to implement physical, administrative, and technical safeguards for PHI. HIPAA compliance is enforced by the Department of Health and Human Services’ Office of Civil Rights (OCR). Penalties for lack of compliance include monetary fines as well as possible jail time. If your business creates, stores, and handles PHI, it must dispose of that PHI in a secure manner.
Family Educational Rights and Privacy Act
FERPA is one of the nation’s oldest privacy laws. It was implemented in 1974 to prevent educational institutions from distributing student records to anyone other than parents or organizations with written permission. Student records should be destroyed as soon as they reach a final disposition date. Educational institutions that do not follow FERPA’s disposal rules may be subject to the withholding of federal funds and payments.
A scheduled shredding service offers routine destruction of expired client, patient, employee, and student information. Background-screened, professional destruction experts routinely visit your facility to collect these sensitive documents and destroy them on-site with a mobile shredding truck.
Remember, besides federal privacy laws, your organization may be required to follow local and state privacy regulations. Check with your attorney to confirm your information disposal obligations.
Underground Vaults & Storage (UV&S) offers secure document destruction services in Kentucky, Indiana, and Tennessee. To learn more about information destruction compliance or our NAID AAA Certified shredding services, please contact us by phone at 270-793-0880 or complete the form on this page.