Staying Afloat in a Sea of Privacy Protection Laws

It may seem like your business is swimming in a sea of privacy protection regulations. A host of federal laws require that you safeguard all personally identifiable information:

  • The Health Insurance Portability and Accountability Act (HIPAA)
  • The Fair and Accurate Credit Transaction Act (FACTA)
  • The Sarbanes-Oxley Act (SOX)
  • The Gramm-Leach-Bliley Act (GLB)

Depending on your industry, several or all of these regulations may apply to your business. Here are three important tips for helping your company stay on top of all the regulations.

1. Upgrade document security
ld always know exactly where your records containing personally identifiable information are located, who is using them, and for what purpose.

Unfortunately, many businesses don’t appropriately limit access to their sensitive information. As a result, confidential files are often stored in areas easily accessible to most staff, including individuals who don’t have proper authorization, such as:

  • Cleaning and maintenance personnel
  • Customers and other visitors
  • Non-administrative employees

A records management service can help your business upgrade the security of its paper records by offering professional oversight, management and retention of your information. Your documents are stored off-site in a commercial records center, which affords enhanced information protection from theft, fires, floods and natural disasters. State-of-art records management technology tracks all file activity and gives you the ability to:

  • Look up inventory information automatically through the internet
  • Index file and box information
  • Request pick-up and delivery services

Document access levels can be assigned to individual users in your organization for added security.

2. Destroy it if you don’t need it

Privacy protection laws apply to both retention and disposal of personal information. If your company doesn’t have a written information destruction policy, it could open your company up to various fines from the Federal Trade Commission (FTC) and other regulatory enforcement agencies.

When you use the shredding services of a National Association for Information Destruction (NAID) AAA certified provider, your documents and data are destroyed promptly, securely and in compliance with privacy protection laws by offering:

  • Scheduled shredding
  • One-time shredding
  • Hard drive and magnetic media shredding

A Certificate of Destruction, which is provided after shredding is complete, further reduces potential liability risks for your business by providing proof of date, time and method of destruction.

A qualified shredding and destruction partner can also offer professional expertise for drafting a comprehensive destruction policy for your company.

3. Use off-site data protection

Privacy protection laws require the active protection of data. Stiff fines and penalties are levied on companies that fail to use proper security measures to safeguard their digital media.

Professional data protection services offer an array of complimentary solutions for protecting backup assets and other media containing personal information. For example, media vaulting enables data to be securely stored off-site. A media vault protects your data with:

  • Environmental control sensors
  • Waterless fire suppression systems
  • Video surveillance
  • Fire detection
  • Barcode tracking technology

Media vaulting is combined with a media rotation service to enable backup tapes to be quickly transferred off-site for protection. For companies with limited IT resources and staff, the right data protection partner can also offer a cloud backup service that allows sensitive data to be automatically sent off-site, and restored remotely.

When you upgrade the security of documents, destroy paperwork when it has reached the end of its useful life and use off-site data protection services, you’ll help your business stay compliant with privacy protection laws.

Richards & Richards offers practical and reliable solutions and provides information management and data protection services for businesses throughout Nashville. For more information, please contact us by phone or complete the form on this page.

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Request An Immediate Shredding Quote

  • This field is for validation purposes and should be left unchanged.

Newsletter Signup

  • This field is for validation purposes and should be left unchanged.