What Every Workplace Needs to Know About the Cost of Non-Compliance
Tax time makes some people nervous about how much confidential information they have – and how safe it is from information thieves.
That’s understandable when you consider how common data breaches have become.
The 2014 Identity Theft Resource Center Breach Report shows that the number of breach reports has surpassed 5,000 reported breaches and 675 million records exposed since 2005.
“It is important to note that the 5,000 breach milestone only encompasses those reported,” said Adam Levin of data risk management solutions company IDT911 in an online story. “Many breaches fly under the radar each day because there are many institutions that prefer to avoid the financial dislocation, liability, and loss of goodwill that comes with disclosure and notification.”
While reputation takes a big hit when a breach occurs, if a privacy law violation has occurred there may also be fines and even jail time. Some privacy laws are national, others are regional, and some are trained on specific industry sectors.
The Gramm-Leach-Bliley Act in the United States, for example, protects the privacy of financial information. Individuals who don’t comply face prison terms up to five years and can be fined up to $100,000 for each violation.
Violators of the Fair & Accurate Credit Transaction Act (FACTA), which allows consumers access their credit information, risk up to $1,000 for damages plus punitive damages and the costs of action.
In the case of the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act, non-compliance penalties can range up to $1.5 million.
Here is more information on U.S. privacy legislation.
In Canada, there is no ceiling on how much the penalty for privacy act breach can be when it comes to the Personal Information Protection and Electronic Documents Act (PIPEDA).
Further enhancing PIPEDA is the Digital Privacy Act (Bill S-4), which was recently passed to better protect privacy online. Organizations that don’t comply may face fines of $100,000.
Here is more information on Canadian privacy legislation.
At the end of the day, it’s up to every workplace to put necessary precautions in place – to protect confidential information and to protect itself from fines and other consequences.
Here is a checklist:
Ensure full compliance of privacy laws and legislation that pertain to your industry and location.
Designate someone to be in charge of security in your organization.
Implement a comprehensive information security policy.
Provide all the latest and most up-to-date IT protection.
Train employees in all the best practices in document management.
Use security audits to identify breach-vulnerable areas in your workplace.
Create a plan in the event a security breach does happen.
Partner with a professional shredding company for secure document destruction that includes locked consoles for disposal in the workplace, secure on or off site shredding, and a certificate of destruction after every shred.
This Lifecycle of a Document infographic shows why the old-fashioned method of document disposal increases the risk of non-compliance.