In the past 10 years, over 10,000 new regulations have been placed on the books by local, state, and federal agencies pertaining to the handling, storage, and disposal of confidential client, patient, and employee documents.
A few examples are:
- SEC Rule 17a-4 Electronic Storage of Broker-Dealer Records Graham-Leach-Bliley Act
- Financial Services Modernization Act
- Sarbanes-Oxley Act
- DOD 5015.2 Department of Defense
- Health Insurance Portability and Accountability Act (HIPAA)
- Fair Labor Standards Act
- Occupational Safety and Health Administration (OSHA) Act
- Payment Card Industry Data Security (PCI DSS)
No matter how small your business is, you are surely going to be affected by one or more of these new government regulations. Naturally, some industries are more regulated, such as financial or medical, but all companies that hold information such as employee social security numbers, credit cards, financial statements (credit applications, bank statements, order forms) fall under these new regulations.
While we cannot cover every single aspect of protecting your company, here are a few tips that will go a long way in making sure you don’t end up fined, sued, or with a bad reputation for not securing your client’s information:
- Seek professional help. If you think you are holding confidential information that should be secured, ask a qualified attorney who specializes in data confidentiality in your industry about what you must do to meet new government regulations.
- Shred all documents that contain confidential information. A good shredder should do a cross-cut or diamond-cut versus a simple strip shredder to make it more difficult for someone to piece together a shredded document.
- If you have to keep a copy of contracts or other documents that contain confidential information, contact a high-security document storage facility like Iron Mountain (ironmountain.com) and they will store your documents in a high-security location.
- Keep a fire-proof safe with a lock and key for employee documents you need to keep onsite.
- Make sure your offsite backups have 32-bit encryption (ask your provider). Also, make sure the facility where the information is stored is under lock and key with security camera and access-controlled security.
If you have questions related to this topic or IT issues in general, please feel free to contact us using the information provided below
Telephone: (408) 400-0232