Embed Size (px)
Citation preview
RESPONSIBLE SHREDDING
Bob Johnson
CEO, NAID
Compliant and secure disposition
Information disposal is inevitable!
Compliant and secure disposition
• Health Insurance Portability and Accountability Act
• Financial Services Modernization Act• Fair and Accurate Credit Transaction Act• Regulation SP• Health Information Technology for Clinical and Economic Health
• State-level I.D. fraud prevention laws• Data Breach Notification Laws
Regulators are clear about what will keep you out of trouble.
Written policies and procedures
Staff training
Designated accountability
Vendor selection due diligence
Service provider contracts required
Compliant and secure disposition
Written policies and procedures
• State organization’s commitment to data protection
• Define organizational accountability
• Provide sufficient direction to field staff
• Describe training and field staff acknowledgement
• Describe incident reporting protocol
• Describe auditing methodology and tools
• Include vendor selection criteria and process
• Link to regulatory requirements and written policies/procedure
• Establish chain of custody and fiduciary clarity
• Address subcontracting issues
• Define liability and indemnification requirements
Contractual protections
DENIAL is not a strategy
