In the past 10 years, over 10,000 new regulations have been placed on the books by local, state and federal agencies pertaining to the handling, storage, and disposal of confidential client, patient, and employee documents.
A few examples are:
- SEC Rule 17a-4 Electronic Storage of Broker Dealer Records Graham-Leach-Bliley Act
- Financial Services Modernization Act
- Sarbanes-Oxley Act
- DOD 5015.2 Department of Defense
- Health Insurance Portability and Accountability Act (HIPAA)
- Fair Labor Standards Act
- Occupational Safety and Health Administration (OSHA) Act
- Payment Card Industry Data Security (PCI DSS)
No matter how small your business is, you are surely going to be affected by one or more of these new government regulations. Naturally some industries are more regulated, such as financial or medical, but all companies that hold information such as employee social security numbers, credit cards, financial statements (credit applications, bank statements, order forms) fall under these new regulations.
While we cannot cover every single aspect of protecting your company, here are a few tips that will go a long way in making sure you don’t end up fined, sued, or with a bad reputation for not securing your clients information:
Seek professional help. If you think you are holding confidential information that should be secured, ask a qualified attorney who specializes in data confidentiality in your industry about what you must do to meet new government regulations.
Shred all documents that contain confidential information. A good shredder should do a cross cut or diamond cut versus a simple strip shredder to make it more difficult for someone to piece together a shredded document.
If you have to keep a copy of contracts or other documents that contain confidential information, contact a high-security document storage facility like Iron Mountain (ironmountain.com) and they will store your documents in a high-security location.
Keep a fire-proof safe with a lock and key for employee documents you need to keep onsite.
Make sure your offsite backups have 32-bit encryption (ask your provider).
Also make sure the facility where the information is stored is under lock and key with security camera and access-controlled security.