In the second video of our series, we will provide you with a quick overview of privacy laws. Protecting customers’ or patients’ confidential information is not only the right thing to do but also the law. Not knowing the law does not exempt you from following it.
Please take a few minutes to view our 2 minute video on privacy laws:
In the United States and Canada, legislation specific to certain industries has been passed to protect individuals’ confidential information. For example in the medical industry, the Health Insurance Portability Accountability Act (HIPAA) was passed in 1996 to protect patients’ health information. Specifically, the Privacy Rule outlines standards for the use, disclosure and disposal of patients’ health information.
The Gramm-Leach-Bliley Act (GLB) was passed in 1999, and contains privacy provisions relating to consumer financial information and how to safeguard data. In 2003, the Fair and Accurate Credit Transactions Act (FACTA) was passed with specific guidelines to protect consumers’ information.
PIPEDA, the Personal Information Protection and Electronic Documents Act is a law that Canadian businesses need to abide by when using and disclosing personal information. This Act also addresses the use of electronic documents.
The laws are just a few examples of the vast amount of legislation that has been created and passed over the last 15 years. Given that compliance is not an option and violations can be punishable with fines and even jail time, it is critical to not only make yourself aware of the privacy laws that apply to your industry but to ensure your have the correct processes and procedures in place to make sure you are abiding by them.
What should you do to ensure you complying with the privacy laws?
- Understand privacy laws and how they apply to your business
- Be compliant, with a clearly communicated information security policy
- Store documents securely and shred them once they are no longer needed
- Use a reliable shredding services and consider shredding all documents and implementing a shred all policy