A Refresher on the Privacy Protection Laws Affecting Your Business
I remember back in school when a teacher offered a “refresher” of the material we learned; it usually preceded a pop quiz or exam. But fear not! There will be no exam here, but we all could use a refresher on the complex and changing privacy protection laws that affect businesses.
In your organization, you handle and store private information on a daily basis that has been entrusted to you by your staff and your clients. This information is protected by state and federal laws. In the daily grind, it’s easy to forget that the way we handle private information is regulated by a number of laws.
Let’s take a quick practice quiz on existing privacy protection laws that may affect your business and see what you remember. But don’t worry—since the whole point is to refresh your memory, we’ve provided all the answers, too!
Q: What kind of consumer privacy information does the Gramm-Leach-Bliley Act (GLBA) of 1999 protect?
A: The GLBA details how financial data must be protected from unauthorized access. To accomplish this, consumers must be notified of:
- How their information is collected
- Where their information is shared to
- How their information will be used
- How their information will be protected
Q: In 2002, what type of companies was the enactment of Sarbanes-Oxley (SOX) directed towards to strengthen corporate accountability?
A: SOX focused on publicly-traded companies to help eliminate financial fraud by requiring auditing controls. Failing to comply could result in fines, delisting from the stock exchange, or criminal charges.
Q: What organizations are affected by the Health Insurance Portability and Accountability Act (HIPAA)?
A: You might think that only healthcare organizations are directly impacted by HIPAA, but their subcontractors and every entity that handles protected health information (PHI) are subject to the laws imposed by the act. HIPAA contains both privacy and security rules that require organizations handling PHI to restrict access to it and maintain its confidentiality.
Q: Who oversees the enforcement of HIPAA?
A: The Office for Civil Rights (OCR) governs HIPAA and has the ability to criminally charge organizations that don’t comply.
Q: Which act impacts financial businesses, explaining how they must properly dispose of protected information?
A: The Fair and Accurate Credit Transaction Act (FACTA) was enacted to avoid unauthorized access and use of financial information. Digital and paper information must be destroyed so that is impossible to retrieve or reconstruct.
…and a Final Question
Q: Are there organizations with trained and knowledgeable staff that can help an organization remain compliant with privacy protection laws?
A: It’s important to stay compliant with the privacy protection laws governing your organization, but you don’t have to do it alone. A professional records management company can offer guidance and compliance assistance by storing your paper and digital records off-site in a safe and protected environment and shredding your records at the end of their retention period.
Pacific Records Management is a family-owned business founded in 1856. We serve clients in a wide range of industries throughout California’s Central Valley. To talk with our information management experts, call us at 800-685-9034 or complete the form on this page. We’re standing by to answer your questions.