How to Keep Your Business Compliant Amid Emerging Data Regulations
Partners in Combating Identity Crime
Jay: (looking at a magazine) Paige. Listen to this. According to the Federal Trade Commission, in 2020, identity fraud incidents increased about 45%. According to a study the following year, the trend continued with Americans losing a total of $56 billion dollars to identity fraud! This is completely crazy and unacceptable in my opinion. The government needs to do something about this.
Paige: Well then, I’ve got good news for you, Jay. The government just might be doing something about it, starting with the states. For instance, the state of California passed the California Consumer Privacy Act which gave consumers more control over the personal information that business collect which will dramatically limit how data controllers and data processors collect, share, and handle private information and it is expected that other states will follow suit.
Jay: What?! Are you kidding me? Why would they do that? The last thing we need is more strict privacy laws.
Paige: But you just said the government needs to do something.
Jay: I know what I said, but I don’t mean they need to make changes that affect our business. I meant…someone else.
Paige: This might be the solution, though. We could be the partners in combating crime.
Jay: And that’s your observation? You never know, maybe this is just California.
Paige: Nope, too late. Colorado and Virginia have also passed regulations that limit how data controllers handle personal information. And California will implement an additional act, the California Privacy Rights Act (CPRA), on January 1, 2023, which limits the amount of information that can be collected and making it illegal to retain information beyond what is necessary. There’s no reason to believe other states won’t do the same.
Jay: Okay. So, if this is inevitable, what should we do about it?
Paige: I would suggest we be ready. We already stay current and follow all pertinent privacy laws, right?
Jay: Of course we do. It’s the law, and we’ve always strived to stay compliant.
Paige: Exactly. So, we’re already most of the way there! Now we just need to implement or augment future information protection regulations as they are enacted. If we keep our staff informed on what information is appropriate to collect and continue to protect it, we’re way ahead of the game.
Jay: So far, this is all very doable.
Paige: I think we also need to write a Data Subject Response Policy and appoint an Officer.
Jay: Good idea. And I know just the right person.
Paige: Me too! They’re great at policy. One of the most important things is that we make sure our staff responds to every customer request about their information. It’s the customer’s privilege to opt out of us sharing it, and if they ask us to delete it, we must respond.
Jay: That’s just good customer service anyway.
Paige: Exactly. See, we can do it! If we continue to be transparent, we’ll stay compliant and customers will trust that we will handle their personal information with care. One other thing: I recommend that we partner with a reputable shredding and destruction company so that the information we discard is handled properly from collection to destruction. It’s not just our business we need to keep an eye on; we also need to choose the businesses we work with carefully to ensure they have the same high information security standards we do.
Jay: I think you’re right. Any suggestions?
Paige: I’ll do a search, but I know they need to be NAID AAA Certified and be able to provide a Certificate of Destruction after each shredding service. And finding a local company in East Tennessee is a good idea. That way they’re close and we support our own community.
Jay: And can we have our documents and media shredded here, on site, in a mobile shredding truck? I would feel better knowing everything is shredded before it leaves our parking lot.
Paige: Absolutely, Jay. That’s on my list, too.
Jay: I feel better already, Paige. Good job. Here’s to combating the information crooks!
ShredPro Secure proudly serves the businesses and residents of East Tennessee and Southwest Virginia with NAID AAA Certified paper shredding, hard drive and media destruction services. We come right to your location to provide on-site secure shredding services so you get the peace of mind that comes with knowing the information you are responsible for is being properly destroyed.
If you’re looking for information security, value, and peace of mind, give us a call 865-986-5444 or complete the form on this page. We look forward to talking with you!