Organizations including small businesses, large corporations, and hospitals store sensitive information from customers on paper and digital media. If stolen, a great deal damage may be done to customers including the potential for identity theft. Organizations themselves could become victims of espionage and have proprietary information released to competitors. Consequently, organizations, both big and small, have legal and ethical responsibilities to protect privacy in compliance with state and federal laws.
Keeping up With Changes
The federal and state governments make changes to privacy laws every year. Thus, a business’s obligations and resulting liabilities could also change. Current privacy laws dictate that all organizations including businesses are responsible for protecting information from the time they obtain the information from customers to the time of disposal. Consequently, all companies, ranging from individually run small businesses to large conglomerates have legal responsibilities to protect personal and confidential information.
Proper Disposal
An important aspect to stay in compliance with privacy laws includes having a secure process to dispose of sensitive information. Per FACTA, a federal law designed to protect financial information, institutions must take “reasonable measures” while undergoing disposal to ensure no other entity gains “unauthorized access” to the information. Applied to paper records, the “reasonable measures” in the law refer to shredding, burning, or pulverizing documents so they “cannot be read”.
Industry Specific Legislation
Privacy laws can also vary per industry. In addition to federal laws such as the Privacy Act of 1974, laws such as HIPAA and FACTA deal with specific industries. HIPAA deals with patient health records as applied to hospitals and other health organizations. On the other hand, laws like FACTA or GLBA have specific privacy provisions for the financial industry. Thus, it is important for businesses to know and follow laws specific to their industry.
State Law Variations
Besides federal and industry specific laws, states have their own laws regarding personal private data. For example, California is one of the few states that recognizes privacy as a right and requires website owners and marketers to post and comply with privacy policies. The state also has laws that require reports to be filed with the state when personal data has been compromised.
Legal Compliance is Necessary
There are many reasons why a company should invest in staying current regarding privacy laws and following them. One of the most obvious reasons is to avoid liabilities. Violating privacy laws can result in severe fines or lawsuits from affected customers. Some laws such as FACTA will fine a company thousands of dollars depending on the number of individuals affected.
Following the law with respect to privacy does not have to be a difficult task. This can easily be done through professional or onsite shredding services from a top company like PROSHRED®. Using these services will give you a convenient yet cost effective way to properly destroy documents and digital media such as hard drives containing sensitive data while staying compliant with privacy laws.
Staying current with privacy laws and implementing solutions for compliance will not only protect your company’s assets, it will also protect the people who rely on your company’s services.