“Consumers are angry – and our office is hearing about it all the time – at the apathy of business and government in protecting their data privacy. And they are telling their elected officials that change is needed and needed NOW. That is what is driving this rapidly changing legal environment.”

-- C. Steven Baker
Federal Trade Commission presenting at a Security and Privacy Summit, 9/14/09

 

Government Regulations


Compliant programs must address environmental and data privacy regulations

Maxxum is an expert in the laws and regulations surrounding data destruction and computer asset disposition that have regulatory implications for your organization. We also closely follow the trends that could affect changes in local, state, and national laws and regulations.

We hope you find the following highlights and links to other resources helpful in your efforts to keep your company environmentally compliant and safe when it comes to disposition and recycling of IT assets - both digital data and hardware.

 

At Maxxum, all equipment is audited by serial number, assessed as to condition and marketability, and processed accordingly. Client reports for each batch include Audit (by serial number with detailed information), a serialized Certificate of Electronic Records Destruction (certifying data destruction), as well as a Certificate of Electronic Equipment Destruction by serial number for any true end-of-life equipment.

Red Flags Rule – Require that financial institutions develop and implement an Identity Theft Protection Program. The Program must include reasonable policies and procedures for detecting, preventing and mitigating identity theft.

New Red Flag Requirements for Financial Institutions and Creditors Will Help Fight Identity Theft
Provided by the Bureau of Consumer Protection Business Center

Complying with the Red Flags Rule: A Do-It-Yourself Prevention Program for Business and Organizations At Low Risk for Identity Theft
Provided by the Federal Trade Commission as a PDF file

HIPAA/HITECH - Administered by the Department of Health and Human Services. A Covered Entity is required to develop and implement policies and procedures appropriate to the entities business practices.

HIPPA Privacy Rule - establishes national standards to protect individuals’ medical records and other personal health information and applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically.
Provided by Department of Health and Human Services

HIPPA Recent Changes and the Impact on the Information Destruction Industry
Provided by NAID as a 6 page PDF file

Other Regulatory Initiatives

Payment Card Industry Data Security Standard (PCI DSS) - Overview of compliance and best practices. Provided as a 29 page PDF by Diana Kelley, a partner with SecurityCurve, an Amherst, N.H.-based consulting firm, and with Search CIO.com.

Gramm Leach Bliley (GLB) – The Financial Services Modernization Act requires financial institutions to develop a written information security plan that details their program to protect customer information. Provided by the Federal Trade Commission as a PDF file

White Papers & Documents of Interest

FACTA – Specifically notes that "reasonable measures" to protect data privacy most likely requires the establishment of policies and procedures governing the disposal of IT equipment housing data.
Provided by the Federal Trade Commission

State Data Protection Laws – Almost every state has at least one data privacy requirement, and most states have privacy laws that contain a data breach notification requirement. Consult your local sate web site for complete details.

© Copyright Maxxum Inc. 2010 | 1350 South Field Avenue | PO Box 489 | Rush City, MN 55069 | 651.674.2715