REGULATORY COMPLIANCE
Why all organizations need an information destruction policy?
With breaches of information on the rise, proper information destruction is one of the aspects of data protection receiving the most attention from policy makers. An increasing number of laws require organizations to shred or face steep fines.
State and federal regulations require that all organization have written policies and procedures to protect personal information.
Improperly discarded personal information is one of the leading causes of privacy violations and identity theft. As a result, laws now necessitate that such information be properly destroyed when discarded. These same laws also mandate that policies and procedures for destroying discarded information be established in writing.
Contracting with an information specialist is the best way to ensure that you are meeting requirements effectively and efficiently.
What information needs to be shredded?
Gramm-Leach Bliley Act (GLB)
GLB requires a written information security policy that describes their plan to protect customer information including disposal, by shredding of files and records that contain non-public information of a financial nature for practices that include:
HIPAA with enhanced HITECH requires safeguard provisions and policies for Personal Health Information.
For practices that include:
FACTA requires information protection by any business or person that maintains or possesses consumer information for a business purpose. Red Flag Rules lays out several provisions financial institutions, creditors and other businesses must implement to detect and deter fraud.
Sarbanes-Oxley Act (SOX)
The SOX Act of 2002, Securities & Exchange Commission, affects corporate records and pending investigations. A destruction policy protects against charges that documents are destroyed to avoid liability
State and federal regulations require that all organization have written policies and procedures to protect personal information.
Improperly discarded personal information is one of the leading causes of privacy violations and identity theft. As a result, laws now necessitate that such information be properly destroyed when discarded. These same laws also mandate that policies and procedures for destroying discarded information be established in writing.
Contracting with an information specialist is the best way to ensure that you are meeting requirements effectively and efficiently.
What information needs to be shredded?
Gramm-Leach Bliley Act (GLB)
GLB requires a written information security policy that describes their plan to protect customer information including disposal, by shredding of files and records that contain non-public information of a financial nature for practices that include:
- Real estate closings
- Financial planning
- Estate planning
HIPAA with enhanced HITECH requires safeguard provisions and policies for Personal Health Information.
For practices that include:
- Medical diagnosis and care
- Prescription records
- Insurance
- Workers' compensation
- Social Security
FACTA requires information protection by any business or person that maintains or possesses consumer information for a business purpose. Red Flag Rules lays out several provisions financial institutions, creditors and other businesses must implement to detect and deter fraud.
Sarbanes-Oxley Act (SOX)
The SOX Act of 2002, Securities & Exchange Commission, affects corporate records and pending investigations. A destruction policy protects against charges that documents are destroyed to avoid liability
