Archives

Monthly Archive for: ‘February, 2012’

Business Leaders: What We Learned From Super Bowl XLVl 0

It is obvious that Eli Manning and The New York Giants were the big winners in last weeks Super Bowl. But who were the big losers?

Yes, Tom Brady and the Patriots for sure. But one company in New York City may have lost more than the biggest game of the year. Here’s what happened.

Reported by CBS New York
Unbelievable. Stupid.

Those were just a couple of the words New Yorkers used to describe a head-scratching practice during Tuesday’s Super Bowl parade for the New York Giants along the Canyon of Heroes.

It turns out that some of the “confetti” dropped from office buildings was actually un-shredded paper containing personal information and records, including Social Security numbers and medical records.

That report came from the show Inside Edition, which said some papers even included information about a 54-year-old woman’s mammogram — all with specific details.

How easily might this story have been about your company? Yes, I know your staff wouldn’t throw private paperwork out your office windows, but would they throw it in the trash or the recycling container?

The point I am making is that throwing private paperwork in the trash or recycling container is just as bad as what the victory crazed, paper throwing Super Bowl parade revelers did.

What You Need To Know

Here’s why: Your staff is breaking the law just like they did. And this could mean a big, ugly New England Patriot-like loss for your team.

FACTA’s latest Red FLags Rule states the following:

1. You must destroy private information prior to disposal

2. You must have a written disposal policy

3. You must educate/train your employees regarding your policy

So, more policy, it’s never easy and it’s never a quick fix. But here is one way to help you meet compliance and be able to do it quickly and effectively.

An Effective Solution

Find a local shredding company who is affiliated with NAID. Many NAID members are offering a client education tool kit.

Their program generally offers you a policy template, training video and compliance documentation that will have you well on your way to not only compliance but a better informed team of employees.

So, the next time your team wins a championship you will be prepared.

Mike

legal copying, scanning, shredding

Posted on: 02-18-2012
Posted in: Updates

RISK ASSESSMENT-LOOK BEYOND YOUR OWN WALLS! 0

When it comes to risk what keeps you up at night?

Maybe it’s your IT practices or establishing a sound crisis management plan? How about an external audit of your standards and procedures relating to your IT, administration and operations? These are all reasonable things to be concerned about.

But what about your vendors SOP’s?Risk Plan
Do you lay awake at night wondering how your vendors view these things? You should.

Be it a third party regulatory audit or an internal audit of your own practices, it is prudent to not only understand the practices of your vendors, it might just be requirement.

If you operate within an organization requiring the protection of private information, you may want to explore how the companies you work with view their own practices.

Requiring a vendor to sign in and show a proper form of ID has become general practice for many organizations.

Allowing vendors to carry cell phones on your premises has become less common as well. With most smart phones having cameras and a good number have recorders as well, prohibiting them in secure areas has become an important consideration.

Are vendors escorted at all times or are they given freedom to roam unattended?

How do you manage contracts with a third party services such as; cleaning, maintenance, electricians, pest control, or other crews that tend to service your organizational needs during non business hours?

The above are all important important considerations, but they are just a start in protecting you from possible exposure.

Understanding your vendors policies and procedures regarding hiring, privacy and confidentiality are extremely important as well.

Does your vendor adhere to a similar standards and practices that you require in your hiring practices?

3 Steps You Might Take To Control Third Party Risk

1. Ask your vendors for a copy of their policy relating to privacy and confidentiality. Do they perform background checks and or perform substance abuse testing on all employees? What else do they do?

2. Create an appropriate business associates/vendor agreement pertaining to these policies.

3. Establish standards and procedures by which you evaluate your vendors. Write these expectations into your Privacy Policy.

If you address the 3 steps above and monitor them on a scheduled basis you will be sure to have reduced your risk to some degree and it will certainly buy you a better nights sleep.

Mike

records shredding, document scanning, data backup

Posted on: 02-12-2012
Posted in: Updates

5 Keys To An Effective Privacy Policy 0

When it comes to organizational privacy it is not about being compliant, it is about being secure. Privacy is what we all want but it is security which enables privacy.

In today’s world we want to be secure in order to protect data, save money and maintain client confidence.

Our emphasis should be on security which in turn will promote compliance and ultimately privacy.

Here are 5 keys to Creating an Effective Privacy Policy:

1. Risk Assessment: Evaluate your controls because it’s not just about electronic protection of data.

Research shows that 84% of healthcare breaches since 2003 were due to “low tech” incidents such as lost or stolen laptops, improper disposal of documents or stolen backup tapes, etc.

If we don’t properly identify risk then we will not know what safeguards we are missing.

2. Implement Controls: Talk to your employees, engaging them in your process is critical as they know better than anyone where your greatest vulnerabilities are internally.

Your key areas of risk are technology, administration and the physical elements of your business. Once you have identified your greatest areas of vulnerability create written controls and implement them immediately.

3. Monitor Controls: Monitoring is an ongoing process. Just as the threats are always changing so do your risks. So your monitoring must keep pace. Here it is beneficial to have strict reporting practices. Reports that are reviewed on a periodic basis. Some daily, weekly and others monthly, quarterly or annually.

Your environment is always changing, be it due to internal changes or external threats, it’s critical to be able to maintain awareness of potential changes in your risk.

4. Test Controls: Now that you have created controls and implemented a sound reporting practice, the best exercise you can do is to test your controls. In my business, delivering critical information to clients is an essential part of our business. Doing so in a secure fashion is of utmost concern. So, I can call clients and ask questions as to our practices to see if our employees are complying with our controls.

In fact, it doesn’t hurt you to share your practices and concerns with clients as they may have really concerns or ideas that maybe you haven’t thought of or addressed.

Testing of practices is critical. It alerts your entire organization that old habits will not be tolerated and that you are taking these measures seriously.

5. Adjust Controls: How often do you adjust controls? The company that is most often making modest changes to its process is probably the one that is most secure.

By making routine tweaks and changes to your process tells me that you are extremely aware of your real and potential vulnerabilities and that you and your team are engaged in your process.

Take some time to review your privacy policy. Make sure your focus is on security as it will ensure you are compliant when it comes to privacy.

Have a great week.

Mike

legal copying and scanning, shredding, records storage

Posted on: 02-3-2012
Posted in: Updates