Growing personal privacy concerns have made the issue of data security more important than ever. Accordingly, CIOs must appreciate the potential areas of liability, corporate vulnerabilities and options for compliance with emerging legal standards for handling electronic data.
There is a lot of discussion about how best to protect network data through means such as encryption and access management. However, many have not considered what happens to data when the hard drives it resides upon leave an organization.
Several laws now require many businesses to take affirmative steps to ensure that no personal data is left on disposed hard drives. One piece of federal legislation, the Health Insurance Portability and Accountability Act (HIPAA), requires covered entities such as healthcare providers, clearinghouses and health plans to take extensive measures to protect certain protected health information and data at all stages, including disposal or resale.
The Gramm-Leach-Bliley Act (GLBA) is another industry-specific piece of legislation similar to HIPAA, but applicable to financial services firms of all sizes and non-affiliated third parties. The requirement under GLBA is that any “non-public” personal financial information must be protected under the “Safeguards Rule.”Read Full Story