Information Protection in the 21st Century
Implementing a Information Protection Policy (IPP) with proper disposal procedures is critical in order to safeguard your company from the liability associated with improper disposal of private information.
With SCS, you could rest assured that the instruction and service you receive is backed by the knowledge and training provided by the National Association for Information Destruction (NAID). Owner and compliance officer, David Solomon is a NAID Certified Secure Destruction Specialist (CSDS), one of less than 170 industry professionals to attain this accreditation. A list of NAID CSDS’S could be found at: http://www.naidonline.org/forms/csds/416_CSDS-List.pdf
SCS helps to protect your company by establishing a company-wide policy with procedures to ensure employees are held accountable if they do not comply with an established Information Protection Policy. If an employee’s negligence is the cause of a data breach, your company will not be held accountable if you have a properly established IPP.
Company-wide IPPs are created by SCS to comply with the follow regulations:
The Health Insurance Portability and Accountability Act (HIPAA)
- Privacy Rule – Protected Health Information (PHI) must be protected from unauthorized access.
- Security Rule – Requires all covered entities and business associates to have periodic “Risk Assessments” evaluation and mitigating data security risks.
- Health Information Technology for Economic and Clinical Health (HITECH) Act
- Designation of Accountability – The appointment of a designated employee to account for compliance requirements.
The Gramm-Leach-Bliley Act (GLB) – The Financial Services Modernization Act of 1999
- The GLB Safeguards Rule – requires financial institutions to identify and mitigate points at which non-public financial information is at risk of unauthorized access, and to establish written policies and procedures to prevent (Johnson, 2017).
The Fair and Accurate Credit Transactions Act (FACTA)
- The FACTA Red Flags Rule – the first and only national regulation requiring the destruction of consumer report information prior to its disposal (Johnson, 2017).