At Secure Records Solutions, we know that staying abreast of federal and state privacy regulations can be a daunting task for any business. A multitude of laws govern how your company handles and disposes of sensitive information. The team at Secure Records Solutions knows that privacy laws are complex and challenging to stay on top of, so we created a simple guide to help you understand how such laws affect secure media disposal.
HIPAA/HITECH
Navigating the Health Insurance Portability and Accountability Act (HIPAA) demands healthcare providers and their partners to institute physical, administrative, and technological measures to safeguard protected health information (PHI). A critical amendment to this act came in 2009 via the Health Information Technology for Economic and Clinical Health (HITECH) Act. It stipulates that mishandled documents and data qualify as security breaches. In cases where medical data is improperly discarded, leading to a breach of Personally Identifiable Information (PII), the Department of Health and Human Services (DHS) Office of Civil Rights (OCR) has the authority to impose fines.
In the event of an OCR audit, having documented evidence of your shredding practices can prove invaluable. Opt for a media disposal service like Secure Records Solutions, and ensure that your receive a Certificate of Destruction each time your materials are disposed of. This certificate, indicating the exact time and date of destruction, can serve as evidence of your due diligence.
FACTA
The Fair and Accurate Credit Transactions Act (FACTA) mandates that financial institutions shield Personally Identifiable Information (PII). The Disposal Rule within FACTA directly influences how financial establishments handle the disposal of documents and data. The rule asserts that “any individual retaining or possessing consumer information for business purposes must properly dispose of such information by taking reasonable steps to prevent unauthorized access or use of the information during its disposal.”
Failure to comply with FACTA can result in civil liabilities and potential state and federal penalties. Instances affecting a large number of consumers might even lead to class-action lawsuits against non-compliant organizations. The Federal Trade Commission (FTC) recommends diligent practices, including “implementing and overseeing adherence to policies and procedures that necessitate the destruction or erasure of electronic media containing consumer information to prevent practical reading or reconstruction.”
FERPA
Enacted in 1972, the Family Educational Rights and Privacy Act (FERPA) affords parents access to their children’s educational records. It also imposes restrictions on educational institutions regarding the distribution of student records to unauthorized parties. A breach of student information can trigger actions such as the withholding of federal funds and payments. Consequently, educational institutions must ensure the secure disposal of student records. For organizations that gather confidential student data, a reliable media disposal service can guarantee secure disposal.
GLBA
The Gramm-Leach-Bliley Act (GLBA) necessitates financial entities to craft and uphold a written information security strategy for safeguarding consumer information. The act comprises three key sections:
- The Financial Privacy Rule
- The Safeguards Rule
- Pretexting Provisions
The Financial Privacy Rule dictates information collection and disclosure practices. The Safeguards Rule mandates the establishment of a viable security program. Additionally, the Pretexting Provisions prohibit accessing private data without full disclosure. Absent a comprehensive media disposal strategy, your organization could face civil penalties of up to $100,000 for each GLBA provision violation.
For further insights into optimal media disposal practices and ensuring your compliance with both federal and state privacy laws, don’t hesitate to contact Secure Records Solutions.
LEAVE A COMMENT