Full Compliance With Current Legislation
Any business or institution has an inherent obligation to protect the private information under their control both ethically and legally. Maintaining full legal compliance with privacy legislation is crucial in taking a proactive defense against the increasing prevalent risks of identity theft and corporate espionage.
Staying Up-To-Date With Recent Changes
Federal and state legislation is subject to continual change and amendment that can cause fluctuations in corporate liability from year to year. Currently, all businesses and institutions are now liable for the protection of private information from the time that it is collected until the time it is properly destroyed. This now requires every company, from small home businesses to established Fortune 500 conglomerates, to take full responsibility of the protection and disposal of sensitive and confidential information.
Securely Disposing of Sensitive Documents
The disposal process is the key factor in assessing whether or not a business is compliant with the firm’s corresponding privacy legislation laws. The FACTA Disposal Rule of 2005 requires that “reasonable measures” must be taken during the disposal process to eliminate “unauthorized access to or use of the information”. The ‘reasonable measures’ within this legislation dictate that documents must be “shredded, pulverized or burned so that the documents… cannot be read or reconstructed."
Legislation Varies According to Industry
It is imperative that businesses understand the unique privacy legislation that may only apply to their specific industry or sector. Legislation such as the Economic Espionage Act (EEA) and Identity Theft Penalty Enhancement Act (ITPE) applies to the vast majority of organizations, while further legislation sets additional regulations for key industries – such as HIPAA for the health care industry and GLBA for the financial sector.
Legislation Varies According to State
Any business or institution has an inherent obligation to protect the private information under their control both ethically and legally. Maintaining full legal compliance with privacy legislation is crucial in taking a proactive defense against the increasing prevalent risks of identity theft and corporate espionage.
The Importance of Legal Compliance
Failing to maintain legislative compliance can put any business at risk of serious fines and penalties that can negatively affect the firm’s operations. Establish a secure, convenient, cost-effective, and sustainable method of document destruction with an industry leader like PaperPurge.com's comprehensive shredding services to ensure long-term legal compliance and superior privacy and security for employees and customers alike.
What is HIPAA?
Signed into federal law in 1996, HIPAA was created to combat fraud and abuse in the health insurance industry. The Act stipulates that all United States health care organizations must “maintain reasonable and appropriate, technical, and physical safeguards to prevent intentional or unintentional use or disclosure of protected health information.”
HIPAA protection attaches to all information relating “to the past, present, or future physical or mental health or condition of an individual, or the past, present, or future payment for the provision of healthcare.” Materials that would contain such protected information include patient histories, logs, notes, forms, billing and insurance information, and any other records containing personal information in the possession of healthcare providers.
Browse our collection of professional website themes, or download a unique widget or graphic to compliment your existing design. Need help getting started? We’re here the whole way.
Who is affected by HIPAA?
Regardless of size, all healthcare providers in the United States must have documented policies defining reasonable measures that are being taken to protect personal health information and ensure the organization is protecting against unauthorized access to personal information.
This includes all organizations or individuals who retain and/or collect health-related information, such as: hospitals, medical centers, insurance companies, billing centers, collection agencies, doctors, dentists, chiropractors, psychiatrists, psychologists and any other institutions or individuals responsible for personal health-related information.
Trust PaperPurge.com for Regulatory Compliance
By purging outdated files or placing a locked security consoles in your office, PaperPurge.com will maintain and ensure your document disposal program that meets HIPAA shredding requirements. Our highly trained and certified security professionals efficiently shred all documents right on your premises. We give you the option to watch the shredding process, and you will be provided with a Certificate of Destruction that records each shred.
What is HITECH?
Effective September 23, 2009, Health and Human Services (HSS) implemented the Health Information Technology for Economic and Clinical Health (HITECH) Act requiring covered entities under the Health Insurance Portability and Accountability Act (HIPAA) and their Business Associates to provide notification in the case of breaches of “unsecured Protected Health Information”(PHI). Guidelines specifying the methods that render PHI unusable, unreadable or indecipherable for relief from the breach notification requirement are also in the Act.
What does HITECH require? A covered entity must notify each individual whose unsecured PHI has been believed to have been accessed, acquired, used or disclosed as a result of a breach. Should a reach involve more than 500 residents of a state, the covered entity must notify HSS and the media.
Business Associates (third-party administrators or service providers) requiring access to unsecure PHI are also required to notify covered entities of breaches that occur while in their possession. Additionally, the Act stipulates that encryption of electronic PHI and physical destruction of paper PHI are the only two methodologies allowed in order for covered entities to be relieved of the breach notification requirement.
Why does HITECH matter? Fines for non-compliance are expected to significantly increase over time. State Attorney Generals, the Federal Trade Commission and Health and Human Services all have mandates to prosecute with increased scrutiny. Putting PHI in the hands of shredding providers does not absolve covered entities from paying for costly and time consuming breach notifications. Covered entities are not absolved until PHI is physically destroyed.
What is GLBA? Also known as the Financial Services Modernization Act, the Gramm-Leach-Bliley Act (GLBA) was enacted in 1999 to protect private consumer information held by financial institutions. The GLBA requires banks to develop privacy notices and to provide customers with the option of prohibiting the sharing of their confidential information with non-affiliated third parties. On July 1, 2001, the Act was amended, requiring financial organizations to have a comprehensive, written information security program in place.
Who is affected by GLBA? The GLBA applies to virtually every business in the United States engaged in the “financial services” industry: institutions that provide financial products and services to consumers. This applies to all national banks and federal branches of foreign banks that are required to follow US banking regulations.
According to the Act, financial institutions are required to implement a comprehensive, written information security program that includes proper administrative, technical and physical safeguards, the nature of which are dependent upon the size and complexity of the organization. This requirement extends to any subsidiaries of the parent financial organization. The program must be designed to protect consumers’ non-public, personally-identifiable information by ensuring security and confidentiality of data, by preventing potential risks and threats to data, and by protecting against unauthorized access to or use of consumers’ private information.
When using service providers such as an outsourced document destruction company, financial institutions have a duty to safeguard their customers’ information while it is in the possession of the outsourced company. To adhere to this, the financial organization must use due diligence in selecting, managing and monitoring the service
Trust PaperPurge for Regulatory Compliance By purging outdated files or placing a locked security consoles in your office, PaperPurge.com will maintain and ensure your document disposal program that meets GLBA shredding requirements. Our highly trained and certified security professionals efficiently shred all documents right on your premises. We give you the option to watch the shredding process, and you will be provided with a Certificate of Destruction that records each shred.
What is FACTA? Signed into law on December 4, 2003, the Fair and Accurate Credit Transactions Act (FACTA) is federal legislation aimed at the prevention and penalization of consumer fraud and identity theft. Administered by the Federal Trade Commission (FTC), the FACTA Disposal Rule has been in effect since June 1, 2005. The Disposal Rule puts in place requirements for proper document disposal and destruction, and recognizes the problems that can and do arise when private information is disposed of in an irresponsible manner.
Who is affected by FACTA FACTA applies to virtually all persons and businesses in the United States, mandating that “any person who maintains or otherwise possesses consumer information, or any compilation of consumer information, for a business purpose must properly dispose of such information by taking reasonable measures to protect against unauthorized access to or use of the information in connection with its disposal.”
To comply with the FACTA Disposal Rule, businesses and individuals must take “reasonable measures” to ensure such information does not fall into the wrong hands. Reasonable measures include the “burning, pulverizing, or shredding” of paper documents, such as the contracting of a third-party engaged in the document destruction business to dispose of confidential information in a manner consistent with the Act.
Failure to abide by FACTA may result in stiff penalties. Victims are entitled to actual damages sustained due to in-compliance; they may also seek statutory damages, and, in some cases, file class-action suits. Federal and state authorities are also empowered to bring legal enforcement actions against businesses that violate the Act.
Trust PaperPurge for Regulatory Compliance By purging outdated files or placing a locked security consoles in your office, PaperPurge.com will maintain and ensure your document disposal program that meets FACTA shredding requirements. Our highly trained and certified security professionals efficiently shred all documents right on your premises. We give you the option to watch the shredding process, and you will be provided with a Certificate of Destruction that records each shred.
Under FACTA, consumer information is defined as personal identifying materials which extend beyond just a person’s name, including:
- a social security number
- a driver’s license number
- a phone number or e-mail address, or a physical address.
What is FERPA & who does it affect? The Family Educational Rights and Privacy Act (FERPA) (20 USC §1232g, 34 CFR Part 99) is a federal law that protects the privacy of student education records. FERPA applies to all U.S. educational agencies and institutions that receive funding under any program administered by the U.S. Department of Education.
What does FERPA have to do with document destruction? FERPA regulates access to and disclosure of student education records. It gives students and parents the right to inspect and review the students’ education records maintained at the institution, and request corrections if they believe the records are inaccurate or misleading.
Another important FERPA obligation is that the educational institution must obtain a signed and dated written consent from a parent or student before personally identifiable information is disclosed, unless certain limited exceptions apply. The educational institution must keep a record of each disclosure of personally identifiable information from student records.
These obligations are set out in 34 CFR §99.30 through §99.39. Improper disposal of student records may constitute an unauthorized disclosure under FERPA.
Trust PaperPurge.com for Regulatory Compliance By purging outdated files or placing a locked security consoles in your office, PaperPurge.com will maintain and ensure your document disposal program that meets FERPA shredding requirements. Our highly trained and certified security professionals efficiently shred all documents right on your premises. We give you the option to watch the shredding process, and you will be provided with a Certificate of Destruction that records each shred.
What is the Red Flags Rule? The new ‘Red Flags’ rule will help fight identity theft. What is the definition of an identity thief? The answer is someone who uses people’s identity information to open new accounts and misuse existing accounts, creating havoc for consumers and businesses. The Federal Trade Commission (FTC), the federal bank regulatory agencies, and the National Credit Union Administration (NCUA) have issued regulations (the Red Flags Rule)requiring financial institutions and creditors to develop and implement written identity theft prevention programs, as part of the Fair and Accurate Credit Transactions Act (FACTA) of 2003.
Who must comply?
Under the Red Flags Rule, financial institutions and creditors must develop a written program that identifies and detects the relevant warning signs of identity theft. The program must also describe appropriate responses that would prevent and mitigate the crime and detail a plan to update the program.
The Red Flags Rule provide all financial institutions and creditors the opportunity to design and implement a program that is appropriate to their size and complexity, as well as the nature of their operations.
As federal and state legislation tighten and affect not only financial and credit businesses across America, it is imperative that all organizations conduct due diligence and take appropriate measures to ensure end-of-life-cycle documentation is properly destroyed and recycled.
Financial Institutions: State or national bank, a state or federal savings & loan association, a mutual savings bank, a state or federal credit union, or any other entity that holds a “transaction account” belonging to a customer.
Creditors: Any entity that regularly extends, renews, or continues credit, any entity that regularly arranges for the extension, renewal, or continuation of credit; or any assignee of an original creditor who is involved in the decision to extend, renew, or continue credit.
Trust PaperPurge for Regulatory Compliance By purging outdated files or placing a locked security consoles in your office, PaperPurge.com will maintain and ensure your document disposal program that meets RED FLAG shredding requirements. Our highly trained and certified security professionals efficiently shred all documents right on your premises. We give you the option to watch the shredding process, and you will be provided with a Certificate of Destruction that records each shred.
Call : 817-919-4334
SERVICE/QUOTE
REQUEST SERVICE/QUOTE
