- Published: Monday, 04 November 2013 17:44
- Written by Dave Murray
When transporting backup tapes for storage off-site, keep in mind that various laws have been enacted to protect the privacy of personal information. The increase in Identity Theft crime has caused the enactment of many of these laws. Various states have also enacted laws, starting with the states of California, Wisconsin and Georgia.
The most famous of the laws is HIPAA, enacted to protect the privacy of patient information.
Health Insurance Portability and Accountability Act (HIPAA), was enacted in 1996 and includes provisions intended to safeguard the privacy of patient health records. HIPAA is a significant piece of legislation with onerous penalties. For a full text of the SUMMARY OF THE HIPAA PRIVACY RULE from the Department of Human Services, available online. See page 16of this document in regards to specifically "securing records under lock and key.…and limiting access….."
Data Safeguards. A covered entity must maintain reasonable and appropriate administrative, technical, and physical safeguards to prevent intentional or unintentional use or disclosure of protected health information in violation of the Privacy Rule and to limit its incidental use and disclosure pursuant to otherwise permitted or required use or disclosure. For example, such safeguards might include shredding documents containing protected health information before discarding them, securing medical records with lock and key or pass code, and limiting access to keys or pass codes.
Gramm Leach Bliley (GLB) is another federal law with a much broader scope than HIPAA. The broad standards outlined in this law were designed to compel financial institutions to "respect the privacy of its customers and to protect the security and confidentiality of those customers' non-public personal information." Specifically, this law requires protection against "unauthorized access to or use of such records or information which could result in substantial harm or inconvenience to any customer." See page 1, section (b) (3) of Section 501 of the Conference Report and Text of Gramm-Leach-Bliley Bill published by the Senate Banking Committee.
The Fair and Accurate Credit Transactions Act of 2003 also known as the FACT Act was signed into law on December 4, 2003. In general, the Act amends the Fair Credit Reporting Act (``FCRA''). The Act contains a number of provisions intended to combat consumer fraud and related crimes, including identity theft, and to assist its victims
The Disposal Rule of FACTA, as proposed, requires entities covered by the rule to take "reasonable measures" to protect against unauthorized access to or use of information.