Many new laws are in effect or will take effect with regards to records retention and records destruction. Here are a few questions to ask yourself about your records retention and destruction policies.

Is your records retention policy outdated or difficult to access and maintain?

Are your file cabinets crammed and desktops stacked with documents and files no one is quite sure what to do with?

Who has access to these records — Is client information viewable for anyone who enters your office — cleaning staff, IT, etc?

What is your policy for hard drives and floppy disks that are in the storage room? Are you sure there is no sensitive information on those?

Can you confidently say the records in your office are in compliance with the newest legislation and regulatory requirements? If not, what are the penalties you are leaving your business open to?

Call SafeGuard Destruction Services today. We can help you answer all these questions. SafeGuard Destruction Services is Southwest Florida’s leading document destruction firm, and the first company in the state to be rated AAA by NAID for hard drive destruction.

Preventing Identity theft for your business is more important than ever. Civil and criminal penalties for consumer information leaks can quickly put your business out of business. SafeGuard Destruction Services can help your business develop a written program for your company that will help you comply with FACTA and Red Flags Rules. It is crucial that all your your employees understand the utter importance of protecting client information — they must know how to keep it secure and destroy the information securely.

Update your program periodically to make sure you are compliant with laws, and that your employees are following your procedures!! Call SafeGuard Today!

There are many vital questions a company must ask when deciding to outsource their shredding needs. Many shred business state they are bonded. Bonding does not protect information. What does that mean? If there is a breach of consumer information at your company – bonding will not protect you from any liability. Why? Bonding protects a business from physical damage but will not protect information. Therefore, what should consumers do? Ask and demand that your shred company carry errors and omissions insurance.

SafeGuard Destruction Services of Fort Myers carries errors and omissions insurance. There is only one type of insurance that covers the financial damages resulting from accidents or negligence on the part of information destruction services. Call SafeGuard Destruction today at 239-437-7441 or visit us at www.safeguarddestruction.com for more information.

The “Red Flags” Rule – Is Your Business Complying with the Impending Red Flags Rules?

It is every businesses responsibility to do what we can to fight identity theft. Businesses that offer credit or certain financial services can be the first to find red flags that can indicate the risk of identity theft. This includes suspicious activity indicating that identity thieves are trying to gain information or use stolen information like names, Social Security numbers, account numbers, and birth dates. This data if stolen can be used to open new credit accounts or raid existing accounts.

To comply with the new Red Flags Rule which is enforced by the Federal Trade Commission, the federal bank regulatory agencies, and the National Credit Union Administration — your business may meed to develop a written “red flags program” to prevent, detect, and minimize the damage that can and will occur from identity theft.

Call SafeGuard Destruction Services today for any questions you may have. We are certified by NAID and can help you develop your compliance policy.

www.safeguarddestruction.com

Visit SafeGuard for more information on how to protect your information and your clients information from identity theft. We specialize in securely destroying documents, hard drives, and electronics recycling. SafeGuard Destruction Services is the leading shredding document destruction company in Soutwest Florida. Family owned and operated.

The “Red Flags” Rule: Are You Complying with New Requirements for Fighting Identity Theft?

by Tiffany George and Pavneet Singh

The expression “red flag” signals “Danger: Be alert to problems ahead.” For millions of consumers every year, identity theft is more than a threat — it’s their reality. The economic, psychological, and emotional harm to victims can be devastating. But businesses often bear the biggest part of the monetary damage from identity theft.

It’s everyone’s responsibility to do what they can to fight identity theft. But businesses and organizations that offer credit or other financial services can be the first to spot the red flags that signal the risk of identity theft, including suspicious activity indicating that identity thieves may be using stolen information like names, Social Security numbers, account numbers, and birth dates to open new accounts or raid existing ones.

Under the Red Flags Rule, which went into effect on January 1, 2008 *, certain businesses and organizations are required to spot and heed the red flags that often can be the telltale signs of identity theft. To comply with the new Red Flags Rule — enforced by the Federal Trade Commission (FTC), the federal bank regulatory agencies, and the National Credit Union Administration (NCUA) — you may need to develop a written “red flags program” to prevent, detect, and minimize the damage from identity theft.

Are you covered by the Red Flags Rule? If so, have you put into place the new procedures the Rule requires?

Who Must Comply

Although every business or organization with an ongoing relationship with consumers should keep an eye out for the possibility of identity theft, the Red Flags Rule applies only to “financial institutions” and “creditors.” To determine if your business or organization is covered by the Rule and required to develop a written identity theft Program, you’ll need to answer two questions:

1. Is your business or organization either a “financial institution” or “creditor,” as those terms are defined in the Rule?
2. If so, do you have “covered accounts”?

A “financial institution” is a bank, savings and loan, credit union, or other entity that holds a “transaction account” belonging to a consumer. A “transaction account” is an account that allows the owner to make payments or transfers. Examples include checking accounts, savings accounts that permit automatic transfers, and share draft accounts. Another example would be a brokerage account that allows consumers to write checks.

Your business or organization is a “creditor” if you regularly:

• extend, renew, or continue credit;
• arrange for someone else to extend, renew, or continue credit; or
• are the assignee of a creditor who is involved in the decision to extend, renew, or continue credit.

Under the Rule, “credit” means an arrangement by which you defer payment of debts or accept deferred payments for the purchase of property or services. In other words, payment is made after the product was sold or the service was rendered. Some examples of creditors are finance companies, automobile dealers, mortgage brokers, utilities, and telecommunications companies. Even if you’re a non-profit or government agency, you still may be a creditor if you accept deferred payments for goods or services. However, simply accepting credit cards as a form of payment does not make you a creditor under the Rule.

If you determine you’re a financial institution or a creditor, the next step is to see if you have “covered accounts.” There are two types of covered accounts. One is an account used mostly for personal, family, or household purposes that involves multiple payments or transactions. Examples include credit card accounts, mortgage loans, car loans, margin accounts, cell phone accounts, utility accounts, and checking or savings accounts.

The other is one for which there is a foreseeable risk of identity theft. For example, one type of account that should be considered for coverage because it may be vulnerable to identity theft is a small business or sole proprietorship account. In determining whether you have such an account, consider the risks associated with how the accounts may be opened or accessed — i.e. what type of interaction and documentation is required — as well as your experience with identity theft.

If your business or organization is a financial institution or creditor, but does not have any covered accounts, you don’t need a program. But if you have covered accounts, you must develop a written program to identify and address the red flags that could indicate identity theft.

How To Comply

The Rule doesn’t tell you specifically what your red flags program must look like. Instead, it gives you flexibility to implement a program that best suits your business or organization, as long as it meets the Rule’s requirements.

Your starting point for developing a program is the Guidelines issued with the Red Flags Rule, available at www.ftc.gov/os/fedreg/2007/november/071109redflags.pdf. (The Guidelines are on pages 63773-63774 of the document.) The Guidelines list the issues you must consider in developing and maintaining a program appropriate for your business or organization. You also should draw on your own experience and knowledge about identity theft risks in developing your program.

There are four basic steps to designing a program to comply with the Rule:

1. Identify relevant red flags;
2. Detect red flags;
3. Prevent and mitigate identity theft; and
4. Update your program periodically.

In addition, your program must spell out how it will be administered. The program should be appropriate to the size and complexity of your company or organization, as well as the nature of your operations.

Identify Relevant Red Flags

Under the Rule, financial institutions and creditors with covered accounts must develop a written program to identify the warning signs of identity theft.

The Guidelines describe the following categories of warning signs — red flags — that your program must identify and address:

• alerts, notifications, or warnings from a consumer reporting agency;
• suspicious documents;
• suspicious personally identifying information;
• suspicious activity relating to a covered account; or
• notices from customers, victims of identity theft, law enforcement authorities, or other entities about possible identity theft in connection with covered accounts.

When identifying red flags, consider the nature of your business and the type of identity theft to which you might be vulnerable.

Detect Red Flags

Once you’ve identified the red flags that are relevant to your organization or business, you must establish policies and procedures to detect them in your day-to-day operations.

For example, you may spot red flags when you verify a consumer’s identity, authenticate customers, monitor transactions, or verify requests for changes of address. Some red flags may seem harmless on their own, but can signal identity theft when paired with other events, say, a change of address coupled with the use of an address associated with fraudulent accounts.

Prevent and Mitigate Identity Theft

Your program must include appropriate responses to your red flags to prevent and mitigate identity theft. These responses could include monitoring an account, closing an account, not opening a new account, contacting the consumer when you spot a red flag, or a combination. Sometimes you may determine that no response is necessary. In other cases, certain events — such as a recent data breach, a phishing fraud that targeted your business or organization, or another suspicious activity — may raise the risk of identity theft and require specific preventive actions.

Update Your Program Periodically

Because identity theft threats change, your program must describe how you will update it to ensure that you are considering new risks and trends.

Administering Your Program

No matter how good your program looks on paper, the true test is how it works. Your program must describe how it will be administered, including how you will get the approval of your management, maintain the program, and keep it current.

According to the Rule, your program must be approved by your Board of Directors or, if your business or organization doesn’t have a Board, by a senior employee. The Board or designated senior employee also must approve any material changes to the program. Your program should include staff training as appropriate, and provide a way for you to monitor the work of your service providers. The keys are to maintain oversight of the program, keep it relevant and current, and ensure that all necessary members of your staff — from the boardroom to the mail room — are on board. A program that stays in a filing cabinet isn’t a good program.

Penalties for Noncompliance

Although there are no criminal penalties for failing to comply with the Red Flags Rule, financial institutions or creditors that violate the Rule may be subject to civil monetary penalties. But there’s an even more important reason for compliance: It’s just plain good business. It assures your customers that you are doing your part to fight identity theft.

Have questions about how health care providers can comply with the Rule? Email RedFlags@ftc.gov.

* On October 22, 2008, the Federal Trade Commission issued an Enforcement Policy statement that delays enforcement of the Red Flags rule until May 1, 2009 (http://www.ftc.gov/opa/2008/10/redflags.shtm). Although the Rule is in effect, the FTC will wait until May 2009 to enforce it. This does not affect enforcement of the address discrepancy and credit card issuer rules. Nor does it affect compliance for entities not under the jurisdiction of the Commission.

This is a great article regarding protecting your clients information in the office.

http://www.youtube.com/watch?v=iC38D5am7go

Every company must take steps to protect consumer information to reduce the risk of identity theft. For only 5 dollars – SafeGuard Destruction Services can destroy hard drives. We are the first company in the state of Florida to be AAA certified in hard drive destruction. Our process physically grinds the hard drives into pieces so they can never be compromised.

Visit us at SafeGuard Destruction for more information on identity theft, hard drive destruction, document destruction, shredding services, etc. We are the leading shred firm servicing Fort Myers, Naples, Bonita Springs, Cape Coral, Punta Gorda, Sarasota, and more. Family owned and operated.

Here is a brief bit of information HIPAA HITECH which goes into effect on February 2010.  If you have any questions, please feel free contact SafeGuard Destruction Services. We do have a compliance kit to make sure your business is up to date on the changes of HIPAA HITECH.

Penalties for HIPAA violators will rise substantially under the new guidelines. These rules were issued by the Department of Health and Human Services now state that health care organizations and professionals within them who violate the provisions of HIPAA will now face fines up to 1.5 million. These fines are now based on four categories of the penalty scheme.

Here are the categories and the penalties associated with the violations:

The Health Information Technology for Economic and Clinical Health (HITECH) Act provides a tiered system for assessing the level of each HIPAA privacy violation and, therefore, its penalty:

• Tier A is for violations in which the offender didn’t realize he or she violated the Act and would have handled the matter differently if he or she had. This results in a $100 fine for each violation, and the total imposed for such violations cannot exceed $25,000 for the calendar year.
• Tier B is for violations due to reasonable cause, but not “willful neglect.” The result is a $1,000 fine for each violation, and the fines cannot exceed $100,000 for the calendar year.
• Tier C is for violations due to willful neglect that the organization ultimately corrected. The result is a $10,000 fine for each violation, and the fines cannot exceed $250,000 for the calendar year.
• Tier D is for violations of willful neglect that the organization did not correct. The result is a $50,000 fine for each violation, and the fines cannot exceed $1,500,000 for the calendar year.

Please visit www.safeguarddestruction.com

Here is a great article posting some information about shredding and myths about document destruction:

Start off the New Year and let SafeGuard Destruction Services securely destroy your confidential information. Whether it is personal or business, SafeGuard can do it all for you. SafeGuard was the first plant based facility in Florida to be certified as AAA by the National Association for Information Destruction.

When choosing a shredding firm be sure to ask some of the following questions.

Does the shred firm have written procedures on how confidential material is picked up and process? SafeGuard has a detailed employee procedure manual that is inspected by our NAID auditor.

How is the shredded material disposed of? SafeGuard ships all destroyed material directly to a paper mill to be recycled into paper products.

What type of background check is performed on the employees of the shred firm and how often? SafeGuard performs a nation wide background check on all new employees and on randomly picked employees every 12 months.

Does the shred firm drug test its employees? SafeGuard performs drug testing on all new employees, and is then performed at random every 12 months.

Call SafeGuard today for a quick quote and for any questions you may have.

239-437-7441 or visit us on the web at www.safeguarddestruction.com

SafeGuard Destruction Services is Naples leading shred company. As a family owned business, we believe in providing the customer the best possible service for the best possible price. Also, here at SafeGuard, we do not believe in forcing clients to sign long term contracts.

Call SafeGuard today for a quick quote on your shredding and document destruction needs.