Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data Destruction Standards & Compliance

Published byKathleen Shepherd Modified over 6 years ago

Similar presentations

Presentation on theme: "Data Destruction Standards & Compliance"— Presentation transcript:

1 Data Destruction Standards & Compliance
Co-Presented by: Adam Ball, CSDS Operations Manager Stevens & Stevens Business Records Management, Inc. & Chris Parker, V.P. Operations

2 International Data Protection Laws
Australia – The Federal Privacy Act of 1988 Canada – Personal Information Protection and Electronic Documents Act (PIPEDA) European Union – The General Data Protection Regulation of 2016 Hong Kong – The Personal Data Ordinance and the Personal Data Bill Japan – The Act on the Protection of Personal Information (APPI) of 2003 Mexico – The Federal Law on the Protection of Personal Data New Zealand – The Privacy Act (1993) Singapore – The Personal Data Protection Act (2012) South Africa – The Protection of Personal Information Act (2013)

3 Data Protection Regulations
Currently, the United States has no overarching regulation protecting non-public personal information. Instead, there are numerous regulations aimed at various business sectors that require sector-specific requirements to protect personal information. (Healthcare, financial, legal, consumer credit)

4 Basis of Data Protection
1. Privacy Hippocratic Oath Fourth Amendment of the US Constitution 2. Intellectual Property The protection of proprietary trade information The defense of regional economic security 3. National Security

5 U.S. Data Protection Timeline
- The Social Security Act of 1934 - The Privacy Act of 1974 HIPAA – The Health Insurance Portability and Accountability Act Enacted August 21, 1996 Rules: - Privacy Rule - Transactions and Code Sets Rule - Security Rule - Unique Identifiers Rule - Enforcement Rule

6 U.S. Data Protection Timeline
The Financial Services Modernization Act of 1999 - Enacted November 12, 1999 - Applies to ALL Financial Institutions - Widely known as Gramm-Leach-Bliley ACT (GLBA) - Federal Agencies – GLB Rulemaking & Enforcement - The Safeguards Rule The Fair and Accurate Credit Transactions Act (FACTA) 2003 - The Red Flag Rules (RFR) - FACTA Final Disposal Rule (FDR) The Economic Espionage Act of 1996 (EEA)

7 U.S. Data Protection Timeline
HITECH – The Health Information Technology for Economic and Clinical Health Act Passed into law on February 17, 2009 Non-Compliance Penalties increased from $25,000 per year to $1.5 million per year Three categories of violations were introduced 1. Unknowing 2. Reasonable Diligence 3. Willful Neglect

8 HIPAA Provisions Provisions on the Prevention of Unauthorized Access to PHI Written Policies and Procedures* Designation of Organizational Compliance Accountability* Employee Training* Business Associate Selection Due Diligence** Execution of Business Associate Agreements** PHI Data Security Breach Notification Compliance** Periodic Risk Assessments* * Apply equally to Covered Entities and Business Associates ** Vary slightly in application to Covered Entities and Business Associates.

9 Costly Settlements Due to Improper PHI Disposal
CVS – January $2.25 million Massachusetts’ South Shore Hospital – May $750k Affinity Health Plan – August $1.2 million US Supreme Court Ruling – Greenwood v California 1988

10 Identity Theft Every Year the IRS prepares a list of tax scams
Identity Fraud Occurs Every Two Seconds Identity Theft is the #1 Consumer Complaint Medical Sector has more Identity Theft than any other industry Children’s Identities can be stolen before they have credit

11 Identity Theft Thieves use Social Media to find personal information
Your smartphone is vulnerable Javelin Strategy & Research Study 2016 More Identity Fraud Victims – Less Stolen EMV drives doubling of new account fraud Consumer choices negatively impacting fraud detection US consumer data being used for fraud internationally

12 Types of Media Paper & Microforms
Networking devices (Routers & Switches) Mobile Devices Office Equipment (Faxes, Copiers, Printers, MFP’s) Legacy Magnetic Media (Floppy’s, Disks, Reels, ATA Hard Drives, SCSI Drives) External Drives Optical Media (CD, DVD) Flash Memory (USB) RAM & ROM Based Storage Devices

13 Early Methods of Destruction

14 Destruction Today

15 Sanitization Standards
DoD M is a software based data sanitization method used in various file shredder and data destruction programs to overwrite existing information on a hard drive or other storage device. DoD requires a combination of wiping, degaussing and/or physical destruction. NIST Over the past several years, the National Institute for Standards and Technology's (NIST) Special Publication : Guidelines for Media Sanitization has become the real world reference for data erasure compliance.

16 NIST 800-88 Sanitization Standards
The intent of the NIST document is to provide meaningful guidelines for sanitizing electronic media. The document does not provide requirements, standards or specifications. Sanitization Methods: Clear Purge Destroy

17 NAID – National Association for Information Destruction
The International Trade Association for Companies Providing Information Destruction Services around the Globe NAID's mission is to promote the information destruction industry and the standards and ethics of its member companies NAID AAA Certification CSDS Accreditation

18 NAID AAA Certification Criteria
Employee Requirements Operational Security Company Assurances Endorsements & the Destruction Process

19 Endorsements & the Destruction Process
Paper or Printed Media Continuous Shred - 5/8” maximum Cross Cut or Pierce & Tear - ¾” wide x 2.5” long Pulverizer/Hammermill - 2” diameter holes Micro Media Particle size of 1/8” or less Hard Drives Company has a written and verifiable process for the physical destruction Serial # Tracking

20 QUESTIONS? Contact Info: Adam Ball, CSDS (727) Chris Parker

Download ppt "Data Destruction Standards & Compliance"

Similar presentations

H = P = A = HIPAA DEFINED HIPAA … A Federal Law Created in 1996 Health

H = P = A = HIPAA DEFINED HIPAA … A Federal Law Created in 1996 Health
Department of Information Systems Brigham and Womens Hospital Laptop Encryption Catherine McGoldrick Schroeder Corp. Mgr, BWH IS Management & Planning.

Department of Information Systems Brigham and Womens Hospital Laptop Encryption Catherine McGoldrick Schroeder Corp. Mgr, BWH IS Management & Planning.
THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) OFFICE FOR CIVIL RIGHTS (OCR) ENFORCES THE HIPAA PRIVACY, SECURITY, AND BREACH NOTIFICATION RULES HIPAA.

THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) OFFICE FOR CIVIL RIGHTS (OCR) ENFORCES THE HIPAA PRIVACY, SECURITY, AND BREACH NOTIFICATION RULES HIPAA.
Red Flags Rule BAS Forum August 18, 2010. What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.

Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
Red Flag Rules: What they are? & What you need to do

Red Flag Rules: What they are? & What you need to do
HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.

HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.

Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.
Privacy Laws & Higher Education. Agenda 1.Five Privacy Laws a.FERPA b.HIPAA c.GLB d.FACTA Disposal Rule e.CAN-SPAM 2.Overview of the Laws a.What does.

Privacy Laws & Higher Education. Agenda 1.Five Privacy Laws a.FERPA b.HIPAA c.GLB d.FACTA Disposal Rule e.CAN-SPAM 2.Overview of the Laws a.What does.
CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.

CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.
HIPAA Regulations What do you need to know?.

HIPAA Regulations What do you need to know?.
 The Health Insurance Portability and Accountability Act of 1996.  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.

 The Health Insurance Portability and Accountability Act of  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.
© 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2.5 HIPAA Legislation and its Impact on Physician Practices 2-15 The Health Insurance Portability.

© 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2.5 HIPAA Legislation and its Impact on Physician Practices 2-15 The Health Insurance Portability.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
Privacy, Security, Confidentiality, and Legal Issues

Privacy, Security, Confidentiality, and Legal Issues
FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (FACTA)- RED FLAG RULES University of Washington Red Flag Rules Protecting Against Identity Fraud.

FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (FACTA)- RED FLAG RULES University of Washington Red Flag Rules Protecting Against Identity Fraud.
RMG:Red Flags Rule 1 Regal Medical Group Red Flags Rule Identify Theft Training.

RMG:Red Flags Rule 1 Regal Medical Group Red Flags Rule Identify Theft Training.
Brief Synopsis of Computer Security Standards. Tenets of Information Systems Security Confidentiality Integrity Availability Over the years, standards.

Brief Synopsis of Computer Security Standards. Tenets of Information Systems Security Confidentiality Integrity Availability Over the years, standards.
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.

HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.

Similar presentations

Ads by Google