Privacy Regulations and Your Business
Are you familiar with the privacy regulations that affect your business? Does your company have a compliant information destruction strategy? In this blog, we summarize several federal laws and how to comply with them.
The Health Insurance Portability and Accountability Act (HIPAA)
HIPAA affects any organization storing, handling, and/or transmitting protected health information (PHI). The Department of Health and Human Services’ Office of Civil Rights (OCR) monitors and enforces HIPAA compliance. Non-compliance penalties include monetary fines and possible jail time for corporate officers. Partner with a shredding and destruction company that offers HIPAA physician compliance training to make sure your information disposal policies align with HIPAA requirements.
The Fair and Accurate Credit Transactions Act (FACTA)
FACTA is designed to mitigate and prevent consumer identity theft, requiring financial institutions and creditors to have a written Identity Theft Prevention Program. The law’s Disposal Rule requires businesses to take “reasonable measures to protect against unauthorized access to or use of consumer information.” Partnering with a mobile shredding company protects your documents from the moment employees place them in secure collection containers until your shredding provider destroys them on-site at your business. You receive a Certificate of Destruction so your business can prove it has taken “reasonable measures” to destroy consumer information.
Gramm-Leach-Bliley Act (GLBA)
GLBA mandates that financial institutions and other businesses that offer financial services and products to consumers must have safeguards to protect their customers’ data. Under GLBA, companies must have written information-sharing policies and information security plans, including a strategy for data that reaches the end of its lifecycle. Whether disposing of electronic media, magnetic media, or hard copy paper records, partner with an information destruction company that offers paper shredding and media destruction services.
Family Educational Rights and Privacy Act (FERPA)
Educational institutions and schools collect vast amounts of student information. FERPA protects the privacy of education records. It prevents educational institutions from distributing student records to anyone other than parents or organizations with written permission. Student records should be destroyed as soon as they reach a final disposition date. Educational institutions that do not heed disposal rules may be subject to the withholding of federal funds and payments. A scheduled shredding service offers routine destruction of expired student records. Background-screened, professional destruction experts routinely visit your school for mobile on-site shredding.
For more privacy law compliance tips, please contact us by phone or complete the form on this page.
Land Shark Shredding offers shredding and destruction services throughout Kentucky and in Tennessee, Illinois and Indiana.