Corporate Compliance regulations vary by industry, but they are crucial in developing your company’s risk management policy. One of the biggest risks of exposure for your company is through poor data destruction polices. Simply destroying IT assets or throwing them out with the trash is not an option, particularly if your organization deals with sensitive data. 

Read on as we review common regulatory standards that dictate how your organization should develop a data destruction policy that meets or exceeds these measures. 

HIPAA

HIPAA, or the Health Insurance Portability & Accountability Act, is the US privacy law that protects the medical information of patients against fraud and theft by third parties that are not permitted to access it. The text of the law states, “Failing to implement reasonable safeguards to protect PHI in connection with disposal could result in impermissible disclosures of PHI” [45 CFR 164.310(d)(2)(i) and (ii)]. By incorrectly destroying this sensitive data, you would be in breach of HIPAA. The law does not designate a particular disposal method, however by partnering with a certified Data Destruction specialist like Arrow Scrap, you will be ensuring your compliance with the law and protecting your patients’ sensitive medical information.

PCI

The Payment Card Industry Data Security Standard is an information security standard for organizations that handle branded credit cards from the major card schemes. The standards regulate the use of consumer information and requires that the information be destroyed when it is no longer required for business or legal purposes. Destruction of this information, whether it be in hard copy or stored in electronic media, must be irreversible and make the data irretrievable. Suitable methods of destruction include software wiping, physical disc shredding, & degaussing. 

SOX

 The Sarbanes-Oxley Act of 2002 is a federal law that dictates the standards that the board of directors of any domestic public company must follow in order to properly handle financial information and financial reporting. The law requires a public company create a commission within the company to develop and enforce internal control policies. By complying with SOX, a company ensures that all financial information & reporting that relates to the organization is secure – while it is stored & even when it is disposed of. 

FACTA

The Fair and Accurate Credit Transactions Act establishes consumer protections that a variety of organizations in the financial services sector must follow. Among those companies that must follow FACTA are Lenders, Insurers, Employers, Landlords, Government agencies, Mortgage Brokers, Automobile Dealers, Attorneys, Private Investigators, Debt Collectors and more. If your company falls in this list and/or deals with consumer information, then your company must be in compliance with the data security measures dictated by FACTA. 

FACTA specifies the following methods of disposal: burning, pulverization, or shredding of papers, destruction of electronic files such that the files cannot be read or reconstruction, & the due diligence of hiring a document destruction contractor that will ensure the company is in compliance with the rules. 

GLB

The Gramm–Leach–Bliley Act establishes the consumer privacy laws that financial institutions must follow. Major components of the law include the Financial Privacy Rule & Safeguards Rule, these rules in tandem include developing a written information security plan that your company must abide by when storing and destroying consumer information. By contracting with a company like Arrow Scrap, we can ensure your compliance with the GLB Act by properly disposing your sensitive consumer information and providing a complete chain of custody audit that the law requires for compliance. 

Failure to comply with your industry’s governing standards can mean you are exposing your clients, customers, and patients most sensitive information. It can also mean strict penalties & fines for your company or organization. By partnering with Arrow Scrap, you can save yourself the hassle of a costly data breach. 

Click here to learn more about our ITAD services.