1. RESPONSIBLE SHREDDING Bob Johnson CEO, NAID

2. Compliant and secure disposition

3. Information disposal is inevitable!

6. Compliant and secure disposition Health Insurance Portability and Accountability Act Financial Services Modernization Act Fair and Accurate Credit Transaction Act Regulation SP Health Information Technology for Clinical and Economic Health State-level I.D. fraud prevention laws Data Breach Notification Laws

11. Regulators are clear about what will keep you out of trouble.

12. Written policies and procedures Staff training Designated accountability Vendor selection due diligence Service provider contracts required Compliant and secure disposition

13. Written policies and procedures State organization’s commitment to data protection Define organizational accountability Provide sufficient direction to field staff Describe training and field staff acknowledgement Describe incident reporting protocol Describe auditing methodology and tools Include vendor selection criteria and process

14. Link to regulatory requirements and written policies/procedure Establish chain of custody and fiduciary clarity Address subcontracting issues Define liability and indemnification requirements Contractual protections

16. Bob Johnson rjohnson@naidonline.org QUESTIONS?