Do You Know the Data Privacy Laws Affecting Your Business?
Call Us Today For Your Shredding Estimate
The amount of digital data created every day is staggering. Much of the information that is created contains private and personal information. That information may belong to your clients, employees, or business partners. If any of those documents contain private information, it must be properly destroyed at the end of its lifespan. State and federal laws have been enacted to protect individuals against identity theft and the abuse of private information. It’s vital that your company stays current and compliant with all of these laws.
Data destruction is the process of properly destroying paper and digital information to protect the data it holds. Digital destruction includes any kind of device or medium that can store information.
Data Privacy Laws
- The Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996 to protect medical records. HIPAA data destruction requirements include:
- Paper records must be shredded, pulverized, burned, or pulped to the point where patient information is rendered unreadable and cannot be reconstructed.
- Labeled prescription bottles must be stored in opaque bags until properly destroyed.
- Electronic information must be cleared using overwriting software or magnetic methods.
- The Computer Fraud and Abuse Act (CFAA) of 1984 has been updated six times due to changes in data collection and technology. The law prohibits accessing a computer without authorization and included penalties for hackers.
- The Gramm-Leach-Bliley Act (GLBA) of 1999 mandates that financial institutions like banks, mortgage lenders and credit unions explain their information-sharing policies to consumers and protect their sensitive information. The Federal Trade Commission governs the strict data disposal regulations.
- The Sarbanes Oxley Act (SOX) of 2002 was enacted in response to corporate financial scandals and is designed to protect investors from corporate fraud.
- The Fair and Accurate Credit Transaction Act (FACTA) of 2003 amended the Fair Credit Reporting Act. FACTA protects consumers from identity theft and stipulates that all businesses must protect customer data.
- The Family Educational Rights and Privacy Act (FERPA) of 1974 requires educational institutions to protects students’ information.
- Pennsylvania’s Breach of Personal Information Notification Act of 2006 requires all Pennsylvania businesses that store confidential consumer data to notify individuals when a security breach occurs.
- Maryland’s Personal Information Protection Act of 2008 contains provisions for notifying consumers in the event of a data breach and for reasonable security measures to protect consumers’ personal information.
- Delaware’s Personal Data Privacy Act, passed in June 2023, gives Delaware residents certain rights over their personal data and requires organizations to take action to protect the personal data they control or process.
- New Jersey does not currently have a data privacy law in place, but the Disclosure and Accountability Transparency Act (A505), has been in committee since 2022.
Wiggins Shredding provides paper shredding and e-destruction to businesses and residents of Pennsylvania and Tri-State Maryland, Delaware, and New Jersey. Our trained and background-screened technicians destroy your data in compliance with all data destruction laws. We will provide you with a Certificate of Destruction for your records to prove your adherence to data privacy laws. To have your paper or electronic data securely destroyed, call us at 610-692-TEAR (8327) or complete the form on this page.