Information Security Compliance Laws You Should Know

Posted by Ray Barry

Information security compliance laws are not just for your IT department. If everyone is aware of the regulations, your company is more secure since information does not leave a secure area by mistake. When your employees know the regulations, you'll also save money because some regulations come with hefty fines if they are broken.

FACTA Documents

The Fair and Accurate Credit Transactions Act, amended to the Fair Credit Reporting Act, protects you from identity theft. In part, it states that certain documents must be handled in a certain manner. FACTA and other documents with sensitive information need to be shredded to comply with information security laws.

While these documents are in your place of business, they should be kept under lock and key. When it's time to dispose of them, they should be put into a locked console that is only accessible by Carolina Shred. The slot is small enough so that employees and others won't be able to see or reach into the bin. In fact, when we shred documents contained in locked containers, we unlock them at the shredder and immediately dump them so the employee doesn't see or handle the documents. This treatment of these documents is a requirement for some industries.

NAID Certification

NAID – the National Association for Information Destruction, certifies private information destruction companies. Many industries are required to use a NAID-certified shredding service to destroy documents and other personal information that belongs to clients and employees. This non-profit organization also ensure that companies follow federal and local government regulations regarding the destruction of personal information based on several privacy regulations including GSA, FACTAHIPPA and GLAB.

Certificate of Destruction

In many cases, you will need to keep a copy of a certificate of destruction for documents and digital storage media. The certificate is physical proof that you properly shredded documents that contained personal information. You must keep the certificate of destruction in order to be compliant with information security laws.

Shred Sizes

In addition to strict laws regarding documents with personal information, some laws regulate the size of the shred used to destroy documents. HIPPA and other documents with highly sensitive information require a higher level of shred. Shredders use six different sizes ranging from Level 1, which is a strip cut normally found on home shredders. This is fine for junk mail. The most secure shred is Level 6, which shreds documents into small, confetti-like pieces. The smaller the shred, the harder it is for anyone to put the pieces of paper back together.

Regulatory Agencies

Several regulatory agencies ensure that companies use the proper shredding companies, including the National Security Agency, National Institute of Standards and Technology, Securities and Exchange Commission, US Department of Health and Human Services, PCI Security Standards, NAID, State of California Senate Bill 1386, Department of Defense, Federal Trade Commission and Department of Homeland Security.

Contact Carolina Shred

Contact Carolina Shred to make an appointment to shred any sensitive documents, files and digital media you are ready to destroy. Ask us about our secure storage solutions to keep documents secure while you are waiting to shred them.