SecurShred complies with all state and federal privacy laws including HIPAA, FACTA, GLBA, Sarbanes Oxley, and Red Flag Rules. SecurShred also has a GSA contract.

FACTA (Fair and Accurate Credit Transactions Act)

The Federal Trade Commission (FTC) has issued a new rule that will require businesses to properly dispose of and destroy sensitive consumer data. The rule is one of several new requirements intended to combat consumer fraud and identity theft and protect privacy required by the federal Fair and Accurate Credit Transactions Act (FACT Act) which was enacted in December 2003.

The new FACT Act Disposal Rule broadly covers "any record about an individual, whether in paper, electronic, or other form that is a consumer report (also known as a credit report) or is derived from a consumer report." It requires any person or company that possesses or maintains such information to take "reasonable measures to protect against unauthorized access to or use of the information in connection with its disposal." The new rule provides examples of how to comply with the new requirements, including:

• Implementing and monitoring compliance with policies and procedures that require shredding or other forms of destruction of documents and electronic media containing consumer information.
• Contracting with a third party to properly dispose of consumer information and monitoring their performance.

Sarbanes Oxley (SOX)

A United States federal law enacted on July 30, 2002, set new or enhanced standards for all U.S. public company boards, management and public accounting firms.

The purpose of the Sarbanes Oxley Act was to enhance corporate responsibility, financial disclosures and combat corporate and accounting fraud. The Public Company Accounting Oversight Board (PCAOB) to oversee the activities of the auditing profession was also created.

The act does not apply to privately held companies. It contains 11 titles, or sections, ranging from additional corporate board responsibilities to criminal penalties, and requires the Securities and Exchange Commission (SEC) to implement rulings on requirements to comply with the new law. 

One major provision of Sarbanes-Oxley Act’s includes a requirement that public companies evaluate and disclose the effectiveness of their internal controls. This requirement drives the need for companies to have detailed information systems in place, including secure disposal of obsolete business records.

The Sarbanes Oxley law changed the way businesses retain records. While it does not specify specific business practices or how business should store records, it does specify how long records should be kept and which records need to be maintained. The act specifies that paper and electronic records must be kept for five years.

The act also covers issues such as auditor independence, corporate governance, internal control assessment, and enhanced financial disclosure.

Red Flag Rules

November 01, 2009 in Industry News

The National Association for Information Destruction is alerting its members that starting Nov. 1, 2009, the amendment to FACTA, called the Red Flag Rule, will go into effect. Under this amendment, every organization “that holds any consumer account, or other account for which there is a reasonably foreseeable risk of identity theft” to develop what it calls “reasonable policies and procedures for detecting, preventing, and mitigating identity theft.”

The Red Flags Rule requires an estimated 11 million businesses and organizations to implement a written Identity Theft Prevention Program designed to detect the warning signs – or “red flags” – of identity theft in their day-to-day operations.

This is good news for the secure destruction industry, since NAID’s own statistics show that organizations with written data protection procedures are twice as likely to outsource their destruction requirements as those without them.

While all current data protection laws require organizations to have written data protection policies and procedures, the Red Flag Rule is specifically created to emphasize the importance regulators put on them.

To support its members, NAID has produced a draft Red Flag contract clause and language to update member’s policies and procedures. To obtain the documents, members must complete the NAID Red Flag Rule Release.

NAID has also stepped up training on the use of the Compliance Toolkit for members looking to capitalize on the opportunity created by the imminent effective dates of the Red Flag Rule and HITECH.

Gramm-Leach-Bliley Act (GLBA)

The Financial Modernization Act of 1999, also known as the "Gramm-Leach-Bliley Act" or GLB Act, includes provisions to protect consumers' personal financial information held by financial institutions. There are three principal parts to the privacy requirements: the Financial Privacy Rule, Safeguards Rule and pretexting provisions.

The GLB Act gives authority to eight federal agencies and the states to administer and enforce the Financial Privacy Rule and the Safeguards Rule. These two regulations apply to "financial institutions," which include not only banks, securities firms, and insurance companies, but also companies providing many other types of financial products and services to consumers. Among these services are lending, brokering or servicing any type of consumer loan, transferring or safeguarding money, preparing individual tax returns, providing financial advice or credit counseling, providing residential real estate settlement services, collecting consumer debts and an array of other activities.

HIPAA (Health Insurance Portability and Accountability Act)

SecurShred destruction process ensures compliance with HIPAA disposal requirements.

Protecting the Privacy of Patient's Health Information
Excerpts from the HHS Fact Sheet and the HIPAA Bill
Congress recognized the need for national patient record privacy standards in 1996 when they enacted the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The law included provisions designed to save money for health care businesses by encouraging electronic transactions, but it also required new safeguards to protect the security and confidentiality of that information.

From HIPAA Regulations Safeguards: 164.518©
"Examples of appropriate safeguards include requiring that documents containing protected health information be shredded prior to disposal"...

Securshred can service all federal agencies and activities in the executive, legislative and judicial branches. Government contractors authorized in writing by a federal agency pursuant to 48 CFR 51.1. Mixed ownership government corporations (as defined in the Government Corporation Control Act).

The GSA-Customer Relationship

With GSA Schedules, customers have a partner in meeting their procurement needs. GSA has worked hard to award contracts to vendors who provide “fair and reasonable” pricing. GSA also works with customers to respond to the evolving marketplace and to meet the needs for new supplies and services.

Schedules also enable compliance with federal procurement regulations as well as environmental and socioeconomic requirements, providing a simplified process for obtaining commercial supplies and services.

GSA Contract # GS-25-00195