Compliance and Secure Document Destruction
If your business manages personal data or records, compliance is a key component in the success of your information management systems. A top priority for all information managers is compliance, which includes all stages of information management from data collection until final destruction.
Compliance rules will continue to adapt to the way that we live, work, and exchange information in our day-to-day lives. That means a key part of information management success is knowing and understanding up-to-date privacy and information laws and compliance requirements in your industry segment. Here are a few notes and resources to help you stay current.
With the increase of digital information, the number of annual data breaches is higher than ever. Combat information security risks with these tips.
Data Privacy Laws
In the United States, there is not one comprehensive federal law that regulates data security. Instead, there are many laws and regulations that, together, govern data privacy. Here are some of the most common:
The Federal Trade Commission Act
The Federal Trade Commission Act (FTC Act) has broad jurisdiction to prevent unfair or deceptive trade practices. The FTC enforces privacy laws, enforces consumer protection, and issues regulations.
The Health Insurance Portability and Accounting Act (HIPAA) governs the collection of health information. The HIPAA Privacy Rule protects individuals’ medical records and other personal information pertaining to health care. The U.S. Department of Health and Human Services’ Office for Civil Rights is responsible for enforcing privacy and security rules of HIPAA.
Gramm Leach Bliley Act
The Gramm Leach Bliley Act (GLBA) requires banks and financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. Learn if your business is considered a “financial institution” under the Rule here. If so, make sure you are taking the necessary steps to comply.
Secure Document Destruction
No matter what field your business operates in, it is important that the personal information you collect is properly stored and destroyed. Make sure that your document destruction process ensures the security of any personal information.
Hard Copy Record Destruction
Keeping your records organized and documenting your secure records destruction is essential.
Any personal information that is collected is at risk to hackers. Common information that can be used for identity theft includes patient name, date of birth, SSN, financial account numbers, insurance information, and more. Make sure this, and all personal information, is securely destroyed.
Start with a destruction log and a detailed record of the chain of custody. Destruction logs should be kept permanently as proof of best practice in your records management processes, and to help protect your organization in the event of a breach or any mishandling in the chain of custody. The chain of custody is a record of any time someone touches, looks at, or stores a document.
Digital Information Destruction
Old and out-of-date digital devices can still store sensitive information, even when those files are deleted. When you delete files, the system deletes the file path pointing towards the data. Until operating systems actually write new data over the allocated “free space”, those files and the information included still exist. This residual data poses large risks, both personally and professionally.
Use one of these hard drive destruction options to protect personally identifiable information: formatting, degaussing, or destruction.
As a business managing proprietary information, one of the biggest steps you can take to safeguard data and records is to educate the people who are interacting with it daily: your employees. Not only do employees need to know what your information security policies are, they also need to know why those policies are in place. Share data and information about the rise in data breaches and what is at risk for your organization if a breach occurs. Learn more on how to educate your employees on information management policies.
NAID Certified Destruction
Augusta Data Storage maintains NAID-AAA Certification for both mobile and plant-based document destruction, as well as mobile and plant-based hard drive destruction services. Learn more about our certified secure shredding!
How Augusta Data Storage Can Help
Augusta Data Storage is trained and certified to help with information compliance and secure data destruction. Contact us today or click below to learn more about the services we offer.