• Chamber News

  • Featured News

  •  

  • Demonstrating Compliance Leaves No Shred of Doubt About Your Businesses’ Security

    • Share:
    March 09, 2018
    Demonstrating Compliance Leaves No Shred of Doubt About Your Businesses’ Security
    These days, identity theft, email hacks and the illegal use of personal information has become commonplace. Headlines about major companies being hacked or putting their clients’ personal information at risk of exposure have become more and more frequent. As a business owner, are you doing all you can to protect the sensitive information of your business and your clients?

    One of the easiest steps to take is properly discarding documents that contain sensitive information. Following proper compliance laws for discarding sensitive information isn’t only the right thing to do, there are legal ramifications if your business is not being compliant.

    Omar and Petra Hernandez, owners of Shred 2 You, explain that there are government laws that help protect the personal information of individuals which require businesses to properly secure and dispose of documents containing sensitive information. In recent years, organizations have become more stringent on making sure companies are being compliant with these laws.

    “U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) investigate potential violators of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules," they explained. “They are enforcing the laws, so don’t be caught being non-compliant!”

    So, how do businesses know if they are being compliant? Shred 2 You says the protocols for storing and disposing of sensitive information vary based on your industry.

    “Requirements differ from a medical facility to a retail store that holds customers credit card information,” they explain. “Regardless, all businesses need to be compliant.”

    For handing sensitive information, employees who have access need to have background checks completed. To assure sensitive information is being properly discarded, outsourcing your businesses’ shredding needs to a separate facility is recommended.

    “Demonstrating HIPPA compliance is important, and all that is required is to show a paper trail,” Shred 2 You explains. “Hiring a qualified shredding service company gives your office a record of compliance. Even if your employees shred everything they should, you have no proof that it happens regularly. A receipt from a shredding service, gives you the compliance audit trail which also is part of your HIPAA compliance.”

    Shred 2 You says there are a few things to look for when outsourcing document shredding, including:
    •          Does the vendor (shred company) screen employees before they hire?
    •          Do they provide containers with locks to protect unauthorized access to the material?
    •          Do they offer training resources? 
    •          How long has the vendor been destroying materials?
    •          Are the employees trained and understand their information destruction responsibilities?
    Too often, smaller businesses overlook the importance of compliance when it comes to handling and disposing of customer information.

    “A misconception is that the business owner or manager doesn't believe that they must comply, because they are too small, or they will never be investigated,” Shred 2 You explains.

    Regardless of the size of the business, those who don’t comply run the risk of a data breach and can expose themselves to a costly lawsuit.

    “Proper document handling and destruction needs to be done by all companies and industries that handle other people’s information, period!” Hernandez said.  “If it is a client, customer, vendor - as long as you are in possession of other people’s information you need to be aware and follow the law. Be compliant, and don’t be caught not being compliant.”

    If you are a business and are unsure whether you’re being compliant, Shred 2 You can help. “We offer a one on one consultation to help businesses assess their vulnerability or liability of a possible breach and help them take corrective steps to reduce the possibilities of a breach,” Hernandez said. You can contact Shred 2 You by calling (805) 928-6800 or visiting www.shred2you.com.

    Proper compliance with the handling and disposing of sensitive information is critical in the security of your business and your clients but can be easily overlooked. Understanding the laws of compliance and taking actions like having a shredding facility manage the disposal of sensitive information will leave no shred of doubt that your company is keeping your client’s information safe.

  • Upcoming Events