RESPONSIBLE SHREDDING Bob Johnson CEO, NAID

Compliant and secure disposition

Information disposal is inevitable!

Compliant and secure disposition Health Insurance Portability and Accountability Act Financial Services Modernization Act Fair and Accurate Credit Transaction Act Regulation SP Health Information Technology for Clinical and Economic Health State-level I.D. fraud prevention laws Data Breach Notification Laws

Regulators are clear about what will keep you out of trouble.

Written policies and procedures Staff training Designated accountability Vendor selection due diligence Service provider contracts required Compliant and secure disposition

Written policies and procedures State organization’s commitment to data protection Define organizational accountability Provide sufficient direction to field staff Describe training and field staff acknowledgement Describe incident reporting protocol Describe auditing methodology and tools Include vendor selection criteria and process

Link to regulatory requirements and written policies/procedure Establish chain of custody and fiduciary clarity Address subcontracting issues Define liability and indemnification requirements Contractual protections

Bob Johnson QUESTIONS?