A few examples are:
- SEC Rule 17a-4 Electronic Storage of Broker Dealer Records Graham-Leach-Bliley Act
- Financial Services Modernization Act
- Sarbanes-Oxley Act
- DOD 5015.2 Department of Defense
- Health Insurance Portability and Accountability Act (HIPAA)
- Fair Labor Standards Act
- Occupational Safety and Health Administration (OSHA) Act
- Payment Card Industry Data Security (PCI DSS)
While we cannot cover every single aspect of protecting your company, here are a few tips that will go a long way in making sure you don’t end up fined, sued, or with a bad reputation for not securing your clients information:
- Seek professional help. If you think you are holding confidential information that should be secured, ask a qualified attorney who specializes in data confidentiality in your industry about what you must do to meet new government regulations.
- Shred all documents that contain confidential information. A good shredder should do a cross cut or diamond cut versus a simple strip shredder to make it more difficult for someone to piece together a shredded document.
- If you have to keep a copy of contracts or other documents that contain confidential information, contact a high-security document storage facility like Iron Mountain (ironmountain.com) and they will store your documents in a high-security location.
- Keep a fire-proof safe with a lock and key for employee documents you need to keep onsite.
- Make sure your offsite backups have 32-bit encryption (ask your provider). Also make sure the facility where the information is stored is under lock and key with security camera and access-controlled security.
No comments:
Post a Comment