Are You Up to Date on Compliance?
Two Idioms about Compliance
- “Use it or lose it.” You may have heard this phrase used in a variety of situations. It’s the concept that, whatever the skill or practice you use, you need to keep it at peak strength by actively practicing or reviewing that ability, otherwise it starts to atrophy.
- “Get up to speed.” This phrase is an extension of the last and refers to having all the latest information about that skill or practice. The world is constantly changing, and it is vital to remain current on new additions or changes.
The purpose and value of providing staff training on a regular basis is to keep compliance laws and practices fresh and active in everyone’s minds so they can keep your company compliant.
Here is a quick review of some of the laws that may affect your business with regard to handling and disposing of private information. Are your staff adhering to these regulations?
- Education: The Family Educational Rights and Privacy Act (FERPA) protects the privacy of student and parent records.
- Computer: The Computer Fraud and Abuse Act (CFAA) protects how digital documents must be handled and disposed of.
- Health: The Health Insurance Portability and Accountability Act (HIPAA) regulates personal health information (PHI).
- Financial: The Sarbanes-Oxley Act (SOX) mandates practices in financial record keeping. The Gramm-Leach-Bliley Act (GLBA) governs how financial institutions share and protect customer private information.
- Consumer: The Fair and Accurate Credit Transactions Act (FACTA) protects consumers against identity theft and the misuse of credit reports.
In addition to these federal laws, check your state privacy laws.
Critical Compliance Considerations
- Retention Periods: Are your documents kept to the end of their legal retention period, and are you working with a secure shredding company to properly destroy those documents at the end of their lifecycle? Different types of documents will have different retention periods, and destroying them too early or too late can create a world of legal and financial hardships for your company, so it is worthwhile to implement a system that alerts you when these dates occur.
- Proof of Compliance: Once you have ensured that your processes and staff are keeping your business compliant, it’s time to make certain that you have proof of it. One of the most crucial pieces of evidence of compliance is a Certificate of Destruction noting what was destroyed, how it was destroyed, and the date and time destruction occurred. Do you have record of all private information that has been destroyed?
Because information theft and related fraud is continually evolving, privacy laws do, too. This means that your business must also stay up to speed on the latest federal and state compliance laws and updates to those laws. Identify a leader in your company that is responsible for ensuring that your business trains staff to implement compliance standards with each update to data privacy laws, then conduct regular, internal audits to ensure you are as compliant as you think you are.
Outsourcing document destruction to a reputable shredding company will help your company remain compliant with data privacy laws, no matter how much they evolve.
Wiggins Shredding is your locally-owned, secure shredding company, proudly serving Pennsylvania and the Tri-State area of Maryland, Delaware, and New Jersey. We are always up to speed on data privacy laws. For compliant paper shredding, call us at 610-692-TEAR(8327) or complete the form on this page. One of our friendly experts is standing by to assist you.