:: Resources
Privacy Laws and Data Management
Electronically sanitizing data makes good business sense. By eliminating the possibility of losing confidential or private data, secure deletion reduces the threat of business data being used for identity theft.
Secure deletion of electronic media can also help businesses stay in compliance with federal regulations. Several federal laws require that adequate measures be taken to guard against data loss:
HIPAA: As part of the "Physical Safeguards" section, HIPAA specifically requires covered entities to “Implement policies and procedures to address the final disposition of electronic protected health information, and/or the hardware or electronic media on which it is stores.” 1
Under "Media Re-Use", the regulation also requires businesses to “Implement procedures for removal of electronic protected health information from electronic media before the media are made available for reuse.” 1
FACTA: For business that use or view consumer report information, the Federal Trade Comission enforces the “Disposal Rule”. According to the FTC, credit report information includes not only information taken from a credit report or credit score, but also any reports with employment background, check writing history, insurance claims, residential or tenant history, or medical history data.
The Disposal Rule requires disposal practices that “destroy or erase electronic files or media containing consumer report information so that the information cannot be read or reconstructed.” 2
Gramm-Leach-Bliley: The "Safeguards Rule" in the GLB Act requires financial institutions to protect the confidentiality and integrity of personal consumer information. Specifically, the FTC recommends: “Destroy or erase data when disposing of computers, disks, CDs, magnetic tapes, hard drives, laptops, PDAs, cell phones, or any other electronic media or hardware containing customer information.” 3
Using the latest technology and algorithms, Latent Data can help your business ensure that it follows the above procedures.
Sources:
1: HIPAA Administrative Simplification Text, March 2006; §163.310 (page 42) [pdf]
2: New Rule Seeks to Protect Privacy by Requiring Proper Disposal of Sensitive Consumer Information
3: Financial Institutions and Customer Information: Complying with the Safeguards Rule
