Data Security

human-I-T Takes Data Security Very Seriously, and We Have Multiple Options for Every Type of Business

Our standard for data destruction is SecureErase. Once enabled, SecureErase wipes data to specification (NIST 800-88 4 and 800-14). Secure Erase is compliant with the following laws: the Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA), Fair and Accurate Credit Transactions Act (FACTA), Federal Information Security Management Act (FISMA), Personal Information Protection and Electronic Documents Act (PIPEDA), and the Sarbanes-Oxley Act (SOX).

 

HIPAA

Data Security for Health Plans, Health Care Clearinghouses, and Health Care Providers.

Read More About HIPAA

HIPAA, the Health Insurance Portability and Accountability Act, sets the standard for protecting sensitive patient data. Any company that deals with protected health information (PHI) must ensure that all the required physical, network, and process security measures are in place and followed.

Workstation and Device Security. A covered entity must implement policies and procedures to specify proper use of and access to workstations and electronic media. A covered entity also must have in place policies and procedures regarding the transfer, removal, disposal, and re-use of electronic media, to ensure appropriate protection of electronic protected health information (e-PHI).

Read More

GLBA

Data Security for Banks and Financial Institutions.

Read More About GLBA

The Gramm-Leach-Bliley Act requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data. Specifically, human-I-T helps assist Banks, Credit Unions and other companies adhere to the Federal Trade Commission’s (FTC’s) Disposal Rule. Where applicable, the GLBA requires that customer information is disposed of in a secure way.

Read More

FACTA

Data Security for Credit Institutions and Reporting Agencies.

Read More About FACTA

The Fair and Accurate Credit Transaction Act of 2003 (FACTA) added  sections to the federal Fair Credit Reporting Act (FCRA, 15 U.S.C. 1681 et seq.), intended primarily to help consumers fight the growing crime of identity theft. Accuracy, privacy, limits on information sharing, and new consumer rights to disclosure are included in FACTA.

Read More

FISMA

Data Security for Federal Executive Branch Civilian Agencies.

Read More About FISMA

FISMA requires federal agencies to implement a mandatory set of processes and system controls designed to ensure the confidentiality, integrity, and availability of system-related information. The processes and systems controls in each federal agency must follow established Federal Information Processing Standards, National Institute of Standards and Technology standards, and other legislative requirements pertaining to federal information systems, such as the Privacy Act of 1974.

Read More

PIPEDA

Data Security for Private Sector Organizations and Commercial Activity.

Read More About PIPEDA

The Personal Information Protection and Electronic Documents Act (PIPEDA) sets out ground rules for how private sector organizations may collect, use or disclose personal information in the course of commercial activities. PIPEDA also applies to federal works, undertakings and businesses in respect of employee personal information. The law gives individuals the right to access and request correction of the personal information these organizations may have collected about them.

Read More

SOX

Data Security for Public Companies and Financial Reporting.

Read More About SOX

The Sarbanes-Oxley Act of 2002 (SOX) mandated a number of reforms to enhance corporate responsibility, enhance financial disclosures and combat corporate and accounting fraud, and created the “Public Company Accounting Oversight Board,” also known as the PCAOB, to oversee the activities of the auditing profession.

With increased mandates for electronic record keeping, data security has become even more important for public companies.

Read More

---