Understanding the Privacy Laws That Impact Your Information Disposal Practices

Do you understand the privacy laws that affect your business? Several federal laws impact how organizations handle, transmit and dispose of confidential patient, client and employee information. Failure to comply with each law carries heavy fines and penalties. Here we discuss the most common and widely enforced regulations:

Family Educational Rights and Privacy Act (FERPA)

FERPA is one of the United States’ oldest privacy laws. Enacted in 1972, it gives parents access to their children’s educational records. It also prevents educational institutions from distributing student records to anyone other than parents or organizations without written permission. If student information is breached, the organization held responsible can be subject to a withholding of federal funds and payments. As a result, educational institutions must dispose of student records in a secure manner.

The Health Insurance Portability and Accountability Act (HIPAA)

While FERPA impacts educational institutions, HIPAA affects physicians, hospitals, pharmacies and other organizations that handle and transmit protected health information (PHI). More specifically, the law’s Privacy Rule and Security Rule require business associates to implement physical, administrative, and technical safeguards for PHI. This includes secure destruction of patient records. HIPAA compliance is monitored and enforced by the Department of Health and Human Services’ Office of Civil Rights (OCR). Penalties for lack of compliance include monetary fines as well as possible jail time.

The Fair and Accurate Credit Transactions Act (FACTA)

FACTA requires financial institutions to protect personally identifiable information (PII). The law’s Disposal Rule directly impacts how financial institutions dispose of documents and data. This provision calls for the proper disposal of information to protect against “unauthorized access to or use of the information.” If your business collects sensitive client data; e.g. credit applications, that data should be disposed of according to retention and final disposition guidelines.

Gramm-Leach-Bliley Act (GLBA)

GLBA is like FACTA in that the law requires financial institutions to develop and maintain a written information security plan for protecting consumer information. The act comprises three sections:

  • The Financial Privacy Rule
  • The Safeguards Rule
  • Pretexting Provisions

The Financial Privacy Rule applies to how information is collected and disclosed. The Safeguards Rule requires financial institutions to have an enforceable security program, while the Pretexting Provisions forbids anyone from gaining access to private information for reasons not fully disclosed.

Regardless of whether your organization must comply with one or all of the regulations we’ve discussed here, it’s important to have a secure information destruction solution.

Sentry Storage Solutions offers secure paper shredding services in the Greater San Diego area and the city of Chula Vista, California. For more information about our services, please call us or complete the form on this page.