Data Privacy Laws
Privacy laws such as PCI, HIPAA, GLBA and FACTA require organizations to safeguard personal, health and financial records from unauthorized access. However, these privacy laws do not address how paper records or digital media should be destroyed when it comes time to disposing of computer equipment.
DATA DESTRUCTION AND DATA PRIVACY LAWS
Complying with data privacy and destruction laws help reduce an organizations liability with the loss of customer information, data breaches and ID theft. One aspect of compliance that is rarely contemplated is proper proof of data destruction. If you can’t prove that you properly destroyed confidential information you are not in compliance. E-Waste Security offers certified data destruction services and provides a Certificate of Destruction for your proof.
GLBA – Gramm-Leach-Bliley Financial Services Modernization Act Of 1974
GLBA protects consumers’ personal financial information and requires companies to give consumers privacy notices that explain the financial institutions’ information sharing practices. See how our GLB data destruction services can help you mitigate the risk of liability.
FACTA – Fair And Accurate Credit Transactions Act Of 2003
FACTA helps consumers prevent or reduce the harm from identity theft by requiring any individual or business who maintains, compiles, or possesses consumer information from consumer reports (Credit reports, credit scores, reports businesses, etc.) for a business purpose “must properly dispose of such information by taking reasonable measures to protect against unauthorized access to or use of the information in connection with its disposal”.
Businesses that are affected by FACTA take reasonable measures to implement and monitor compliance with policies and procedures to ensure that consumer information cannot feasibly be read or reconstructed by shredding of papers, destroying or erasing electronic media and conducting due diligence and hiring a document destruction contractor to dispose of material specifically identified as consumer report information.
Red Flags Rule
The Red Flags Rule helps consumers prevent or reduce the harm from identity theft. Under the Rule, financial institutions and certain other creditors must adopt written identity theft prevention programs to identify, detect and respond to patterns, practices or specific activities that could indicate identity theft.
Financial institutions and creditors affected by the Red Flags Rule should develop and maintain a written identity theft prevention program that is appropriate for your business based on its size and potential risks of identity theft. The four basic steps to designing a program to comply with the Rule are: identify relevant red flags; detect red flags; prevent and mitigate identity theft; and update your program periodically.
Fair Credit Reporting Act
FCRA promotes the accuracy, fairness and privacy of personal information assembled by Consumer Reporting Agencies (CRAs). This legislation requires CRAs to provide notice forms similar to those prescribed by the Federal Trade Commission.
Business that gather or sell credit information should provide a summary of rights under the law to consumers and a notice of responsibilities under the law to parties who obtain consumer reports or regularly furnish CRAs with consumer information. If a consumer disputes information provided, all relevant information provided by the CRA about the dispute must be investigated, reviewed, and reported to the CRA.