Commonwealth Document Management is NAID AAA certified to provide mobile operations endorsed for paper/printed media and computer hard drive destruction.

What does it mean to you as a consumer or a business owner? NAID is the National Association for Information Destruction, and the AAA rating is the highest rating a document destruction company can receive.

This means that Commonwealth Document Management must undergo rigorous inspections to ensure we are complying with NAID standards.

For more information please visit http://www.naidonline.org/

The following are laws pertaining to the handling and disposal of confidential information:

THE PRIVACY ACT OF 1974

  • Established a code of fair information practice that governs the collection, maintenance, use and dissemination of personally identifiable information about individuals (e.g. social security number, phone number, etc.) that is maintained in systems of records by federal agencies.
  • Does not protect the privacy of your records that are not maintained by the federal government (e.g. credit report, bank account and medical records)
  • Requires that agencies give the public notice of their systems of records by publication in the Federal Register.
  • Prohibits unauthorized disclosures of the confidential records the Act protects.
  • If confidential records are disclosed to outside parties, even by accident, it could be grounds for a lawsuit.
  • Further information can be found at: http://business.ftc.gov/privacy-and-security/gramm-leach-bliley-act

FAIR AND ACCURATE CREDIT TRANSACTION ACT (FACTA)

  • Consumer law related to the acquisition, use and disposal of our credit information used in making lending decisions.
  • This law applies to virtually every person and business in the United States.
  • Requires businesses and individuals to take "reasonable" measures to dispose of sensitive information derived from consumer reports.
  • "Reasonable" measures are defined by the Act as burning, pulverizing or shredding of papers containing consumer information.
  • Both federal and state governments are authorized to bring enforcement actions against violators.
  • There are also civil liability issues and class action lawsuits that can provide potentially severe financial information.
  • Further information can be found at: http://www.ftc.gov/os/statutes/031224fcra.pdf

GRAMM-LEACH-BLILEY ACT (GLBA)

  • Federal legislation designed to safeguard and protect consumers private financial information.
  • All financial institutions are covered by this law
    1. Automobile Leasing Companies
    2. Banks
    3. Credit Unions
    4. Insurance Companies
    5. Real Estate Appraisers
    6. Security Brokers
  • Requires that financial institutions and insurance companies give consumers prior notice of an intention to share personal information and a chance to opt out of the sharing of such information.
  • Documents containing private financial information should be safely destroyed.
  • Penalties:
    1. Fines up to $100,000 for each violation
    2. Officers and directors of the financial institution could be subject to and personally liable for a civil penalty of up to $10,000
    3. Possible imprisonment for up to (5) years
  • Further information can be found at: http://business.ftc.gov/privacy-and-security/gramm-leach-bliley-act

HEALTH INFORMATION PORTABILITY AND ACCOUNTABILITY ACT (HIPAA)

  • Federal legislation designed to projected consumers from inadvertent or fraudulent disclosure of their protected health information (PHI)
  • Insurance companies and healthcare providers are mandated to comply with this law.
  • HIPAA legislation has three objectives:
    1. Reduce healthcare fraud and abuse
    2. Guarantee security and privacy of health information
    3. Enforce standards for health information
  • Examples of items to be destroyed to comply with HIPAA standards:
    1. Patient Medical Records
    2. Billing Records
    3. Insurance Records
    4. X-Rays
    5. Prescriptions
    6. Protected Health Information (PHI)
    7. Computer Disks and Hard Drives
  • Employees, business associates and others who handle "protected health information" are all potentially liable for mishandling confidential information.
  • Non-compliance can result in the following penalties:
    1. Civil fines up to $25,000/year
    2. Criminal penalties up to $250,000 as well as up to 10 years in prison
  • Further information can be found at: http://www.hhs.gov/ocr/privacy/

HEALTH INFORMATION TECHNOLOGY for ECONOMICS and CLINICAL HEALTH ACT (HITECH)

  • Incorporated into the American Recovery and Revitalization Act of 2009 and was designed to strengthen the security of HIPAA
  • The following are HITECH provisions which will substantially change HIPAA for healthcare facilities:
    1. Health Data Breach Notification: Requires that healthcare providers notify patients and authorities when there is a potential data breach.
    2. State's Attorney Generals (AG) are provided with HIPAA enforcement powers: The Department of Health and Human Services has trained State AG's to better enforce HIPAA and allows states to keep money from fines issued.
    3. Mandatory fines for some violations.
    4. Maximum fines have increased from $25,000 to $1,500,000.
  • Further information can be found at: http://www.hhs.gov/ocr/privacy/hipaa/understanding/