<div class=”col-md-9 md-margin-bottom-40″>
<!–Blog Post–>
<div class=”row blog blog-medium margin-bottom-00″>
<div class=”col-md-3″>
<img class=”img-responsive margin-bottom-20″ src=”http://ewastesecurity.com/wp-content/themes/ewaste-theme/assets/images/pci.jpg” alt=””>
</div>
<div class=”col-md-9″>
<h2><a href=”#”>Privacy Laws & Data Destruction Requirements</a></h2>
<p>Privacy laws such as PCI, HIPAA, GLBA and FACTA require organizations to safeguard PCI Compliant Data Destructionpersonal, health and financial records from unauthorized access.</p>
</div>
<div class=”col-md-12 margin-bottom-20″>
<p>These privacy laws do not address how paper records or digital media should be destroyed when it comes time to disposing of computer equipment. The waterfall of legislation looks like this:</p>
<ul style=”list-style-image: url(‘http://ewastesecurity.com/wp-content/themes/ewaste-theme/assets/images/tick-ul.png’);”>
<li>Data Privacy Laws – PCI, HIPAA, GLBA, FACTA.</li>
<li>Data Destruction Laws – The FTC Disposal Rule.</li>
<li>Destruction Guidelines – the National Institute of Standards and Technology (NIST) and the Department of Defense</li>
</ul>
</div>

<div class=”col-md-3 margin-bottom-20″>
<img class=”img-responsive” src=”http://ewastesecurity.com/wp-content/themes/ewaste-theme/assets/images/aicpa.png” alt=””>
</div>
<div class=”col-md-9″>
<p>Complying with data privacy and destruction laws help reduce an organizations liability with the loss of customer information, data breaches and ID theft. One aspect of compliance that is rarely contemplated is proper proof of data destruction. If you can’t prove that you properly destroyed confidential information you are not in compliance. E-Waste Security offers certified data destruction services and provides a Certificate of Destruction for your proof.</p>
</div>

</div>
<!–End Blog Post–>

<hr class=”margin-bottom-hr”>

<div class=”row blog blog-medium margin-bottom-00″>
<div class=”col-md-3 margin-bottom-20″>
<img class=”img-responsive” src=”http://ewastesecurity.com/wp-content/themes/ewaste-theme/assets/images/hipaa-big.png” alt=””>
</div>
<div class=”col-md-9″>
<h2><a href=”#”>HIPAA – Health Insurance Portability And Accountability Act Of 1996</a></h2>
<p>HIPAA requires health care organizations to “maintain reasonable and appropriate, technical, and physical safeguards to prevent intentional or unintentional use or disclosure of proteHIPAA compliant data destructioncted health information”. HIPAA affects any organization with access to patient information such as: clinics, hospitals, pharmaceutical companies, doctors and insurance companies. HIPPA compliant data destruction.</p>
</div>
<div class=”col-md-12″>
<p>Affected businesses should implement policies and procedures related to accessing information to ensure protected health information is properly secured and not disclosed. Businesses should also maintain Business Associate Agreements with outside suppliers and keep documentation in accordance with your internal document retention policy.</p>

<p>Potential penalties and fines could be compliance review and report to $100 – $50,000 per violation and up to $25,000 – $1.5 million per year, for similar violations for noncrimial violations. Potential criminal penalties are: wrongful disclosure: $50,000 fine, 1 year in prison, or both; offense under false pretenses: $100,000 fine, 5 years in prison, or both; offense with intent to sell information: $250,000 fine, 10 years in prison, or both. See HIPAA data destruction requirements for help reducing your exposure to liability associated with data privacy.</p>
</div>
</div>

<hr class=”margin-bottom-hr”>

<div class=”row blog blog-medium margin-bottom-00″>
<div class=”col-md-3″>
<img class=”img-responsive” src=”http://ewastesecurity.com/wp-content/themes/ewaste-theme/assets/images/glb.png” alt=””>
</div>
<div class=”col-md-9″>
<h2><a href=”#”>GLBA – Gramm-Leach-Bliley Financial Services Modernization Act Of 1974</a></h2>
<p>GLBA protects consumers’ personal financial information and requires companies to give consumers privacy notices that explain the financial institutions’ information sharing practices. See how our GLB data destruction services can help you mitigate the risk of liability.
</p>
</div>
<div class=”col-md-12″>
<h2><a href=”#”>Summary of Computer Hard Drive Disposal Guidelines</a></h2>
<ul style=”list-style-image: url(‘http://ewastesecurity.com/wp-content/themes/ewaste-theme/assets/images/tick-ul.png’);”>
<li><b>Financial Privacy Rule —</b> governs the collection and disclosure of customers’ personal financial information by financial institutions. It also applies to companies, whether or not they are financial institutions, who receive such information.</li>
<li><b>Safeguards Rule —</b> requires all financial institutions to design, implement and maintain safeguards to protect customer information. Applies not only to financial institutions that collect information from their own customers, but also to financial institutions (such as credit reporting agencies) that receive customer information from other financial institutions.</li>
<li><b>Pre-texting Provisions —</b> protect consumers from individuals and companies that obtain their personal financial information under false pretenses.</li>
</ul>
<p>Financial institutions should have a security plan to protect the confidentiality and integrity of personal consumer information, disclose all privacy policies/procedures, give notification when sharing with third parties for non-financial reasons and give customers privacy notices and establish limitations of using information.</p>
</div>

<div class=”col-md-12″>
<h2><a href=”#”>HITECH Act – The Health Information Technology For Economic And Clinical Health Act</a></h2>
<p>The Health Information Technology for Economic and Clinical Health Act (HITECH Act) extends certain HIPAA requirements, such as the administrative, physical and technical safeguard requirements for health information, and Business Associates. HITECH requires affected businesses that are aware of a pattern of activity that constitutes a violation of HIPAA to take certain steps to cure the violation.</p>

<p>Affected businesses should develop written privacy and security policies and procedures related to handling protected health information. In the event of a security breach, affected individuals and the Federal Trade Commission should be notified without unreasonable delay and within 60 calendar days.</p>

<p>Penalties and Fines for failing to adhere to HITECH is based on a tiered-penalty structure – an organization’s level of knowledge of the violation. Potential penalties and fines consist of: if entity did not know of violation, penalties of $100-$50,000 per violation; due to reasonable cause and not willful neglect, penalties of $1,000 – $50,000 per violation; willful neglect and failure is corrected within 30 days, penalties of $10,000 – $50,000 per violation; willful neglect and failure is not corrected within 30 days, penalties of at least $50,000 per violation.</p>
</div>

<div class=”col-md-12″>
<h2><a href=”#”>FACTA – Fair And Accurate Credit Transactions Act Of 2003</a></h2>
<p>FACTA helps consumers prevent or reduce the harm from identity theft by requiring any individual or business who maintains, compiles, or possesses consumer information from consumer reports (Credit reports, credit scores, reports businesses, etc.) for a business purpose “must properly dispose of such information by taking reasonable measures to protect against unauthorized access to or use of the information in connection with its disposal”.</p>
<p>Businesses that are affected by FACTA take reasonable measures to implement and monitor compliance with policies and procedures to ensure that consumer information cannot feasibly be read or reconstructed by shredding of papers, destroying or erasing electronic media and conducting due diligence and hiring a document destruction contractor to dispose of material specifically identified as consumer report information.</p>
</div>

<div class=”col-md-12″>
<h2><a href=”#”>Red Flags Rule</a></h2>
<p>The Red Flags Rule helps consumers prevent or reduce the harm from identity theft. Under the Rule, financial institutions and certain other creditors must adopt written identity theft prevention programs to identify, detect and respond to patterns, practices or specific activities that could indicate identity theft.</p>
<p>Financial institutions and creditors affected by the Red Flags Rule should develop and maintain a written identity theft prevention program that is appropriate for your business based on its size and potential risks of identity theft. The four basic steps to designing a program to comply with the Rule are: identify relevant red flags; detect red flags; prevent and mitigate identity theft; and update your program periodically.</p>
</div>

<div class=”col-md-12″>
<h2><a href=”#”>FCRA – Fair Credit Reporting Act Of 1999</a></h2>
<p>FCRA promotes the accuracy, fairness and privacy of personal information assembled by Consumer Reporting Agencies (CRAs). This legislation requires CRAs to provide notice forms similar to those prescribed by the Federal Trade Commission.</p>
<p>Business that gather or sell credit information should provide a summary of rights under the law to consumers and a notice of responsibilities under the law to parties who obtain consumer reports or regularly furnish CRAs with consumer information. If a consumer disputes information provided, all relevant information provided by the CRA about the dispute must be investigated, reviewed, and reported to the CRA.</p>
</div>

<div class=”col-md-12″>
<h2><a href=”#”>SSAE 16 – SOC 1 and SOC 2 Audits</a></h2>
<p>Most user organizations require their service provider to undergo the Type II level examination for the greater level of assurance and reporting detail it provides. In addition, not only is it recommended, it is important to note that many companies undergoing a SOC 1 or SOC 2 audit for the first time choose to perform a readiness assessment prior to undergoing the Type I or Type II audit. Only after consultation with an experienced CPA firm specializing in SSAE 16 audits can it be determined which audit type best fits your organizational objectives. More information on SSAE 16.</p>
</div>

</div>
</div>