There are numerous laws regarding information privacy and data protection that businesses, both small and large, must follow. Most businesses that are affected by these laws fall into the healthcare, banking, accounting and insurance industries. However, all businesses that document their consumers' personal information have to comply with state laws regarding the storage and disposal of that information. If they don't, they can face hefty fines. For example, businesses that fail to comply in the state of Georgia can face up to $10,000 in fines for failing to shred sensitive documents.
If you own a small business, you have to familiarize yourself with the laws in your state that pertain to the storage, handling and destruction of sensitive information. Following are a few ways you may be required to comply with the laws in your state.
In most states, businesses are required to have an incident plan in place. This is a plan that you will follow if your database is breached or if someone gets their hands on sensitive information. Your plan should strive to limit the amount of damage you and your customers sustain as well as reduce recovery times and costs. It is up to you to make sure that everyone who is in a position to do so knows what to do as soon as a breach occurs.
If an incident does occur, you must notify those who are affected. Notification of the incident should happen as soon as possible and be as detailed and accurate as possible so your consumers can take steps to protect themselves. You may also want to inform and educate your consumers about the steps that they need to take following the breach. Some companies even offer identity theft and credit monitoring services in the wake of such an incident.
You have to follow all state laws regarding the storage, handling and disposal of electronic and paper documents. Many companies outsource this task to data security companies to ensure that all laws regarding electronic information is followed. If you keep paper documents, you should be aware that many states have guidelines for shredding and disposing of them. Your office shredder may not be compliant with the laws in your state, so you may have to hire a professional shredding service to dispose of the documents for you.
For more information, contact Vital Records Control or a similar company.