Losing sensitive data to identity theft or computer hacks may threaten your organization with legal liability. At the same time, a number of federal regulations mandate the handling and storage of sensitive material. Here are the most important guidelines for document security that may impact your business.
HIPAA – The Health Insurance Portability and Accountability Act of 1996 is federal law that protects the confidentiality and security of healthcare information. It includes a Security Rule that sets standards for how private health information is store and disposed of.
FACTA – The Fair and Accurate Credit Transaction Act is an amendment to the Fair Credit Reporting Act designed to protect consumers from identity theft. It includes requirements for the privacy, distribution, and disposal of consumer information.
Sarbanes-Oxley – The Sarbanes-Oxley Act of 2002 protects investors from the fraudulent accounting by mandating strict reforms to improve financial disclosures form corporations. Unlike the regulations above, this act forbids the destruction of certain records that might be used in a criminal investigation. These records must be stored and safeguarded without alteration.
PCI DSS – PCI’s Data Security Standards are not law, but a set of best practices for protecting credit card data. The DSS include 12 general requirements for payment procedures, security management, and control measures. Individual payment brands enforce compliances and levy penalties for non-compliance.