A Refresher on the Privacy Laws Affecting Your Business

Laws are notoriously complex and ever-changing, so it’s understandable if you can’t keep up with the privacy protection laws that affect your business. But ignoring them is not an option, so here’s a quick refresher course to help you stay abreast of the privacy protection laws affecting your business.

Sarbanes-Oxley Act (SOX)

SOX was enacted in 2002 in order to strengthen corporate accountability and eliminate financial fraud within publicly traded companies. Auditing controls must be put in place to safeguard the accuracy of financial information. Failure to comply with this regulation may result in monetary fines, delisting from the stock exchange, or even the imprisonment of corporate officers. Small businesses with limited internal resources have especially felt the burden of the SOX requirements designed to ensure financial records are reliable. Fortunately, with the help of a reliable, outsourced records and information management service, SOX compliance becomes easier and more cost-effective for small businesses.

Gramm-Leach-Bliley Act (GLBA)

This law protects consumer privacy by requiring financial institutions and government agencies to protect financial data from unauthorized access. Under the act’s Financial Privacy Rule, consumers must be provided with a privacy notice that explains the following:

• How information is collected
• Where that information is shared
• How the information is used
• How it’s protected

If your business provides financial services, it must maintain a written policy that outlines how consumer records are stored, controlled, accessed, and disposed of.

The Fair and Accurate Credit Transaction Act (FACTA)

 FACTA also impacts businesses providing financial services. The Act’s Disposal Rule requires the proper disposal of information to protect against “unauthorized access to or use of the information.” In short, organizations must make sure documents containing consumer data are destroyed promptly and securely.

A National Association for Information Destruction (NAID) AAA Certified shredding and destruction service can help you comply with the FACTA Disposal Rule by using a secure chain of custody to destroy your documents beyond recognition. The destruction process documented with a Certificate of Destruction.

The Health Insurance Portability and Accountability Act (HIPAA)

HIPAA specifically affects healthcare organizations, their subcontractors, and any entity that handles protected health information (PHI). The law contains a Privacy Rule and Security Rule, both of which require covered entities to restrict access to and maintain the confidentiality of PHI. The US Department of Health and Human Services’ Office for Civil Rights (OCR) oversees enforcement of HIPAA, levying fines against organizations that fail to comply with its privacy breach protection requirements.

Depending on your industry and where your business operates, there may be additional federal, state and local privacy laws that affect your organization. Consult with your attorney to determine your company’s compliance obligations.

Richards & Richards helps Nashville’s business community stay compliant with privacy protection laws and regulations. For more information, please contact us by phone or complete the form on this page