Privacy Compliance – Don’t Be Complacent

privacy compliance

Privacy Compliance – Don’t Be Complacent

Businesses often find that when it comes to information, they are bound to several privacy compliance standards. These standards can be confusing and costly to their bottom line. Some believe that it may be easier to safely and securely store certain documents and files rather than destroy them, but storage costs can stack up quickly and space can start to become full. A great way to combat these compliancy issues is by utilizing a secure shredding company.

But, what are the different standards of compliancy that businesses must balance? There are quite a few, and they are accompanied by hefty fines when broken:

FACTA Privacy Compliance

FACTA, or the Fair and Accurate Credit Transactions Act of 2003, is designed to improve the accuracy of consumer’s credit-related records. There are many businesses that need your credit information in order to provide loans and other services (i.e., auto dealers, boat dealers, banks, legal agencies, and more). Businesses are tasked with taking “reasonable steps” to see that your credit application is not stolen by an identity thief, whether that application is submitted electronically or physically.

The definition of “reasonable steps” to ensure that credit information is not stolen includes:

  1. Burning or shredding physical documents.
  2. Erasing or destroying electronic documents.
  3. Outsourcing to a third-party engaged in the business of information destruction.


HIPAA Compliance

The well-known federal law of HIPAA (Heath Insurance Portability and Accountability Act of 1996) requires that sensitive medical patient information be protected and not disclosed without the patient’s knowledge and consent. HIPAA aims to protect the privacy of not only people seeking care within a healthcare facility, but from employees that have disclosed health-related information to their place of employment.

The following types of organizations are considered covered entities under HIPAA:

  • Healthcare Providers
  • Health Plans
  • Healthcare Clearinghouses
  • Business Associates


The Gram-Leach-Bliley Act

Financial institutions are required to explain their information-sharing practices to their customers and safeguard sensitive data under the Gramm-Leach-Bliley Act (GLBA). This law includes both privacy standards and security standards. The privacy standards include allowing consumers the right to opt-out of certain information sharing. It also prompts businesses to be up front about certain sharing processes. The security standards include protection against unauthorized access that could result in substantial harm or inconvenience to any customer.

The Sarbanes-Oxley Act

The Sarbanes-Oxley Act of 2002 is a federal law that holds auditors, accountants, and corporate officers accountable for proper financial reporting, internal audits, and other business practices that could result in fraud. This law was established in part because of a rise in corporate scandals in the 21st century and now aims to focus on:

  • Increasing Criminal Punishment of Fraud
  • Accounting Regulations and Practices
  • Corporate Responsibility for Fraud


Get Compliant Today

In today’s environment it is more important than ever to protect your company’s, employee’s, and client’s information. With a wide variety of compliancy standards looming above businesses’ heads, it is easy to be intimidated by them. However, Greenway Shredding making staying compliant with privacy standards easy with convenient and secure shredding services. If you are ready to get started, contact us today for more information!