Identity fraud is always a concern to any individual or business that collects and maintains consumer information. The growing incidence of identity theft prompted the federal government to create regulations overseeing the disposal of consumer information. The Fair and Accurate Credit Transaction Act of 2003 demands the compliance of every individual and company that maintains consumer information. FACTA requires every business to rigorously protect client data and dispose of this data according to strict guidelines known as the Disposal Rule.
Any record about an individual that is a consumer report or that is taken from a consumer report is considered consumer information. In order to be compliant under the Disposal Rule, individuals or business that maintain or possess consumer information must take “reasonable measures” to protect that information against misuse and improper access.
Proper disposal of consumer records is critical to compliance. The Federal Trade Commission (FTC) gives two illustrations of compliant disposals of records. According to these examples, the best practice for hard copy records is to destroy them by shredding, burning, or pulverizing. Hard copy or paper records can be shredded in-house, however, the best practice may be to hire a professional data destruction company. Both parties are responsible for keeping documents secure before and during the destruction process. The company will provide a record of destruction. These documents should be kept on file as proof of compliance.
In the second illustration, the best practices for electronic equipment are physical destruction of the equipment or erasure of hard drives and disc or jump drives. Computers and other electronic media can be physically destroyed. This procedure would comply with the Disposal Rule, but not one of the best practices since it exponentially adds to the amount of electronic waste in city landfills and dumps.
Sometimes the best practice is to recycle electronics. This can be done in compliance with the Disposal Rule if the hard drive undergoes permanent erasure. Permanent erasure goes beyond using the delete command. Full disc overwriting programs destroy data by writing 1s and 0s over all sectors. The software program must be able to overwrite every sector of the disc or hard drive, including hidden and locked files; otherwise, the erasure is not complete and records could potentially be reconstructed.
Regulatory Compliance Software: Codifying Best Practices for Business
Legal requirements for business are constantly changing. Regulatory compliance software is one way that companies address these ever-changing legal regulations; because regulatory compliance software is updated automatically, companies can ensure that their practices adhere to all current regulations and laws. While many fields of endeavor may benefit from the use of compliance software, it is most crucial in the accounting, medical, and environmental protection and remediation fields where proof of best practice is necessary in case of any legal challenges or court proceedings.
Accounting regulatory compliance software generally provides internal auditing controls and allows for more transparency in the accounting process, allowing the company to reach full compliance with existing regulations and new legal requirements, including the Sarbanes-Oxley Act of 2002, which is intended to safeguard companies against the excesses and lack of accountability that have plagued accounting firms in the past. The use of compliance software in accounting is considered an essential best practice in today’s accounting industry.
Medical regulatory compliance software is especially important for healthcare companies that must comply with the Health Insurance Portability and Accountability Act of 1996. This act placed additional recordkeeping burdens and required significant safeguards for patient confidentiality as well as changes in how patient information is transferred among medical facilities and healthcare providers. Regulatory compliance software ensures that best practices are consistently used and that the private medical records of patients are kept confidential while facilitating the increased record-keeping requirements outlined by the act and other pertinent legal rulings.
Companies that handle hazardous materials or other substances of concern to the Environmental Protection Agency must be aware of current best practice guidelines; most such companies use regulatory compliance software in order to ensure they are handling these materials in accordance with all regulations and laws governing their storage, use, and transport. These regulatory compliance software programs typically are designed to restrict access to dangerous materials, to measure and control emissions, and to monitor all aspects of the company’s interaction with these dangerous materials.
Many other businesses rely on regulatory compliance software to ensure that they adhere to all aspects of state and federal law. By ensuring that all activities and business transactions are monitored and recorded by use of these software programs and conform to best practice guidelines, companies can build a reputation for transparency and openness in their corporate dealings and protect themselves against any legal actions that may be brought against the company in the future.