Do You Know Which Privacy Legislation Affects Your Business?
Business must comply with federal, state, and local privacy legislation in regard to their handling of personally identifiable information in the United States. This means that protecting and appropriately handling this material is not only important for maintaining the trust and safety of clients and employees, it’s also required to avoid fines and other damages from the government.
There is a host of privacy legislation for different industries.
The Sarbanes-Oxley Act and the Gramm-Leach-Bliley Act both govern how business in the financial sector handle confidential information. Simply put, together these acts protest investors and the public by regulating corporate disclosures and protect the privacy of consumer information held by financial institutions and service provides. However, both pieces of legislation are complex: you should make sure your business understands the implications of these acts if you are in the financial sector. This is an essential step to make sure you are handling all PII correctly.
HIPAA (The Health Insurance Portability and Accountability Act) may be the most well-known privacy legislation in the United States. It provides privacy standards for protected health information. Additionally, The Health Information Technology for Economic and Clinical Health (HITECH) also protects the privacy of paper and electronic protected health information.
The General Data Protection Regulations come into effect in 2018, and while the legislation is from the European Union, it will impact companies worldwide. If you’re in the hospitality industry, you should make sure you understand this legislation.
Two main pieces of legislation in the United States impact the retail sector: The Fair and Accurate Credit Transactions Act (FACTA) and the Federal Trade Commission Act. The former regulates business that possess consumer information, and the latter protects consumers in regard to offline and online privacy and data security policies.
Of course, HR plays a very significant role in protecting personally identifiable information. HIPPA and FACTA govern privacy of consumer information by employers.
No matter what industry you’re in, it’s important to understand the research and understand the relevant legislation as it relates to your business.
- Understand your legal obligations.
- Conduct comprehensive risk assessments.
- Create and implement a security plan.
- Create and implement a detailed document management process in accordance with the relevant legislation. This process should cover all steps from creation to disposal/destruction.
- Have a Chief Information Security Officer to oversee security. This may not need to be an entirely new role, but an important responsibility one of your staff takes on.
- Educate employees on the handling of confidential information.
- Create and implement secure work processes.
- Monitor partners’ document security protocols.
- Work with TrueShred.
Protect Your Business with TrueShred
Again, making sure you handle confidential information appropriately is necessary not just for client/employee trust and safety, it’s also necessary to stay compliant with the legislation for your sector. Disposal and destruction of personal information is an essential part of this. If you’re looking for professionals who can handle your secure document destruction needs in the DMV area, contact TrueShred to find out what we have to offer. We perform shredding services in the Northern Virginia, Maryland, and Washington, DC area.
”TrueShred was prompt, efficient, clean and extremely professional. I plan to continue to use your service and will highly recommend TrueShred to other businesses.”READ MORE