Keeping it Straight – Dispose and Destroy Rules: How They Work in Your Organization

By in

With all the new rulings (and alarming fines…) that are firing across the internet, are you lost over how the rules apply to your entity? As a AAA-NAID – certified member for 15 years, we help our clients stay compliant with our shredding, records storage and scanning and our ship n destroy service. To keep it all straight, we’ve listed a few of the rulings pertinent to the financial, medical and legal realms:

All Busineses:

FACTAFair and Accurate Credit Transactions Act – requires businesses to properly dispose of and destroy sensitive consumer data.   The new rule provides examples of how to comply including “contracting with a third party to properly dispose of consumer information and monitoring their performance.” It applies to people, and both large and small organizations that use consumer reports.

Red Flag Rule – is an amendment to FACTA that states that every organization “that holds any consumer account, or other account for which there is a reasonably foreseeable risk of identity theft” to develop what it calls “reasonable policies and procedures for detecting, preventing, and mitigating identity theft.” While all current data protection laws require organizations to have written data protection policies and procedures, the Red Flag Rule is specifically created to emphasize the importance regulators put on them.

Vermont Act 162 – This includes a Security Breach Notice Act which requires any data collector to notify the consumer when there has been a security breach.  This includes any state agency, university, corporation, limited liability company, financial institution, retail operator, or other entity that handles, collects, disseminates, or otherwise deals with nonpublic information. The Social Security Number Protection Act prohibits certain business use of Social Security Numbers (SSNs), including intentionally communicating or making an SSN available to the public; intentionally printing an SSN on any card required for access services; requiring an individual to transmit an SSN over the internet unless the internet connection is secure; printing an SSN on any materials that are mailed to an individual unless required by law; and selling, leasing, lending, trading, or otherwise intentionally disclosing an individual’s SSN to a third party without consent. Under the Document Safe Destruction Act, a business shall take all reasonable steps to destroy or arrange for the destruction of a customer’s records when those records contain personal information which is no longer to be retained by the business.

Financial:

GLB ActGramm-Leach-Bliley Act – includes provisions to protect consumers’ personal financial information.  These apply to “financial institutions,” which include not only banks, securities firms, and insurance companies, but also companies providing many other types of financial products and services like lending, brokering, preparing individual tax returns, providing financial advice or credit counseling, real estate settlement, collecting consumer debts.   Requires the destroying or erasing data when disposing of computers, disks, CDs, magnetic tapes, hard drives, laptops, PDAs, cell phones, or any other electronic media or hardware containing customer information. 

Medical: HIPPAHealth Insurance Portability and Accountability Act – This law includes provisions designed to save money for health care business by encouraging transactions, but it also required new safeguards to protect the security and confidentiality of that information.

Sarbanes Oxley – The purpose was to enhance corporate responsibility, financial disclosures and combat corporate and accounting fraud.  It does not apply to privately held companies.

NAID National Association for Information Destruction – applies to those who in the industry of destroying information.  SecurShred has been a AAA certified member for 15 years and we’re happy to help you ensure your documents, hard-drives and smart devices do not pose a security threat to your organization and give peace of mind to your customer base. Right now, we’re offering FREE Laptop/Desktop Recycling. Receive your NAID certified hard-drive destruction only $10.00 HERE