Shred-it Helps Businesses Stay Informed About Information Security Laws As The U.S. Reflects on Law Day, Make Sure You Know the Current Information Security Laws Impacting Your Business
NEW YORK, May 1, 2013 /PRNewswire/ -- While many businesses are focused on the "new risk" – cybersecurity – remaining vigilant on all information security issues is imperative to the security of your business. Shred-it, a world-leading information security company providing document and data destruction services, is helping businesses to get smart about the current U.S. information security laws.
"We've seen Congress turn their attention to matters of cybersecurity in recent months but, businesses need to remain proactive in managing their overall information security." said Mike Skidmore, Privacy & Security Officer, Shred-it. "Businesses have to be aware of all risks, how to mitigate them and what is required of them by law, while staying up-to-date on new legislation like the Cybersecurity Act of 2013."
Notable laws that businesses should know and be fully compliant with include:
- Fair and Accurate Credit Transactions Act (FACTA): FACTA amended the existing Fair Credit Reporting Act providing consumers, companies, consumer reporting agencies and regulators with new tools to expand consumer access to credit, enhance the accuracy of consumer financial information, and help fight identity theft. In 2005, the destruction rule was added to the Act to protect against risks from improper disposal of a consumer report or any record derived from one.
- Gramm-Leach-Bliley Act: Financial institutions must explain their information-sharing policies and ensure that sensitive data is safeguarded.
- Safeguards Rule: Also known as the Standards for Safeguarding Customer Information, the Safeguards Rule applies to all who are subject to review by the Federal Trade Commission. Each business must have an information security program and designated employee manager in place to ensure the security and confidentiality of customer data, protect against any anticipated threats to the integrity of the data, including unauthorized access.
- The HIPAA Privacy Rule: Sets the standards for protected health information, regulates the disclosure of information and sets safeguards to ensure the protection of health data. Web-based companies do not necessarily fall under HIPAA. To further protect health data, the FTC implemented the Health Breach Notification Rule. The rule requires vendor of personal health records (PHRs), PHR-related entities and their third-party service providers to notify the affected persons, the FTC and, occasionally, the media in the event that data has been compromised.
- Identity Theft Rules: Part of the Fair Credit Reporting Act, the Identity Theft Rules require financial institutions and creditors to do their due diligence to have preventative measures in place to negate risk, monitor for signs of identity theft and notify appropriate parties of red flags or breaches.
- The Red Flag Rules specifically requires businesses to have a written Identity Theft Prevention Policy.
Shred-it's 2nd annual Information Security Tracker, conducted in partnership with Ipsos Reid, found that 55% of C-suite respondents are in favor of a new data privacy law in the U.S. that would require stricter compliance, Congress is working towards new legislation in the cybersecurity space. Due diligence with respect to current laws will help businesses to adapt to new legislation quickly and efficiently as it is enacted.
To ensure you're protected under today's laws, Shred-it offers the following tips to help both small and large businesses safeguard their confidential business information:
- Analyze possible security gaps in one's organization and work with security experts to assess existing security systems.
- Implement ongoing risk analysis processes and create a policy specifically designed to limiting exposure to fraud and data breaches.
- Regularly train employees in proper document management and encourage their adoption of security best practices.
- Utilize special locked consoles to house sensitive materials that are waiting to be properly shredded.
- Implement a "shred-all" policy so that all unneeded documents are fully destroyed on a regular basis.
- Don't overlook hard drives on computers or photocopiers; physical hard drive destruction is proven to be the only 100% secure way to destroy data from hard drives permanently.
- Have up-to-date and effective computer network protection, including anti-virus software and a firewall.
For more information on the laws impacting your business, visit the Electronic Code of Federal Regulations or the Shred-it Resource Centre Legislation Section at http://resource.shredit.com/LegislativeFactSheets.
Shred-it is a world-leading information security company providing information destruction services that ensure the security and integrity of our clients' private information. The company operates 140 service locations in 16 countries worldwide, servicing more than 150,000 global, national and local businesses, including the world's top intelligence and security agencies, more than 500 police forces, 1,500 hospitals, 8,500 bank branches and 1,200 universities and colleges. For more information, please visit www.shredit.com.