Compliance / Security

Securely disposing of your customer’s information is the law.

Education is the first line of defense against fraud, identity theft, and regulatory compliance. It is important that you follow these guidelines as non-adherence may result in heavy fines and incarceration. How does regulatory compliance affect your business?

Fair and Accurate Credit Transactions Act

The federal government requires businesses and individuals to dispose of sensitive information derived from consumer reports. Examples of businesses affected by this rule include banks, car dealers, lenders, debt collectors, insurance offices, consumer reporting companies, employers, property owners, government agencies, mortgage brokers, attorneys, private investigators, and individuals who pull consumer reports on prospective home employees, such as nannies or contractors.

The Gramm-Leach-Bliley Act

Title V of the Privacy Rule requires institutions to safeguard the security and confidentiality of customer non-public information (account numbers social security numbers, etc). Since November 12, 1999 financial institutions involved with lending, exchanging, transferring, investing, safeguarding money or securities are required to protect their customers’ information through secure disposal. You are considered a financial institution if you engage in check cashing, wire transfer services, or sell money orders, if you broker loans, service loans, collect debts, or provide real estate settlement services. You are accountable under Title V if your organization provides credit counselors, financial planners, tax preparers, accountants, and investment advising.

The Family Educational Rights and Privacy Act

A Federal law protecting the privacy of student education records. The law applies to schools receiving funds under applicable programs of the U.S. Department of Education. Any record that contains personally identifiable information (social security numbers, student ID, transcripts, and grades) is an educational record under FERPA. The law clearly states that schools must choose a suitable method of destruction when disposing records. shred credit applications

Health Insurance Portability and Accountability Act of 1996 (HIPAA, Title II)

This act required the Department of Health and Human Services (HHS) to establish national standards for the security of health care information. The final rule specifies a series of administrative, technical, and physical security procedures for covered entities to use to assure the confidentiality of protected health information. According to HIPAA, discarded sensitive information shall be shredded on a daily basis or stored in a locked container for subsequent shredding.

The Sarbanes-Oxley Act of 2002

Also known as the Public Company Accounting Reform and Investor Protection Act of 2002 and commonly called SOX or Sarbox; passed in response to a number of major corporate and accounting scandals (Enron, Tyco International, Peregrine Systems, and WorldCom). These scandals resulted in a decline of public trust in accounting and reporting practices of publicly traded companies. Because of the Act, the storage time of documents has increased dramatically and many companies have turned to electronic storage. It is imperative that scanned documents be shred and not discarded into the trash.