Lauren,
There do exist laws that govern the security and/or disposal of personal information of other people. Here are some sections of an outline of a talk I recently gave on the subject:
>>>
* HIPAA:
45 CFR 160.103 "Business Associate" - "Provides, other than in the capacity of a member of the workforce of such covered entity, legal, actuarial, accounting, consulting, data aggregation (as defined in §164.501 of this subchapter), management, administrative, accreditation, or financial services to or for such covered entity, or to or for an organized health care arrangement in which the covered entity participates, where the provision of the service involves the disclosure of individually identifiable health information from such covered entity or arrangement, or from another business associate of such covered entity or arrangement, to the person."
* FACTA:
"Any person who maintains or otherwise possesses consumer information for a business purpose must properly dispose of such information by taking reasonable measures to protect against unauthorized access to or use of the information in connection with its disposal."
Consumer information -- means any record about an individual, whether in paper, electronic, or other form, that is a consumer report or is derived from a consumer report. Consumer information also means a compilation of such records. Consumer information does not include information that does not identify individuals, such as aggregate information or blind data.
FACTA is codified into 16 CFR 682
* Gramm-Leach-Bliley Act:
Applies to financial institutions. Purpose is to protect customer information. It is codified into
16 CFR 314 Standards for Safeguarding Customer Information.
16 CFR 314.2(d) Service Provider - "any person or entity that receives, maintains, processes, or otherwise is permitted access to customer information through its provision of services directly to a financial institution that is subject to this part."
16 CFR 682.3(b)(5) - says any institution subject to G-L-B Act must incorporate the information destruction standards of FACTA
<<<<<
You should alert your management to the existence of these laws when you discuss re-using paper with other peoples' information on it.
Gary Link, CRM
Pittsburgh, PA
-----Original Message-----
From: Lauren K. Glaettli [mailto:[log in to unmask]]
Sent: Wednesday, November 04, 2009 10:41 AM
To: [log in to unmask]
Subject: Re: [RM] Use of dirty paper - Found word(s) list error in the Text body
I apologize for not defining my terminology. By dirty paper I mean paper
that has been printed on one side and then that information was deemed no
longer needed. Then the paper is turned over and used again. Many times
this leads to one piece of paper that includes information for two different
clients and since we work with employee benefit plans both sides of the
paper have SSNs for two different clients.
And to answer John - Yes, there have been instances that when scanned the
backside has either inadvertently been scanned or it has bled through.
I have tried many times to get our employees to stop using dirty paper and I
have a feeling that the only way I'm going to get this to happen is if I can
quote legal "stuff" to our owner.
On Wed, Nov 4, 2009 at 10:10 AM, John Annunziello
<[log in to unmask]>wrote:
> Hi Lauren....
>
> Not certain what you mean by "dirty paper"?
>
> If you are re-using the backside, the only issue would be that when
> scanned, the image from the back may transfer through to the front. Also,
> if the paper is sent out to an outside agency, there may be critical
> information you might not want them to see. As well, it is not very
> professional looking. We save single used side paper and make internal
> pads of them.
>
> John Annunziello, ermm
> Manager, Records and Information
> Toronto and Region Conservation Authority
> [log in to unmask]
>
> "Information is a corporate, strategic asset that needs to be managed"
>
>
>
>
>
>
>
>
>
>
> "*PLEASE CONSIDER THE ENVIRONMENT WHEN DECIDING TO PRINT THIS MESSAGE*
>
>
>
> Toronto and Region Conservation Authority Confidentiality Notice:
>
> The information contained in this communication including any attachments
> may be confidential, is intended only for use of the recipient(s) named
> above, and may be legally privileged. If the reader of the message is not
> the intended recipient, you are hereby notified that any dissemination,
> distribution,disclosure or copying of this communication is strictly
> prohibited. If you have received this communication in error, please
> resend this communication to the sender and delete it permanently from
> your computer system.
>
> Thank you."
>
>
>
> List archives at http://lists.ufl.edu/archives/recmgmt-l.html
> Contact [log in to unmask] for assistance
> To unsubscribe from this list, click the below link. If not already
> present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the
> message.
> mailto:[log in to unmask]
>
--
Lauren K. Glaettli
[log in to unmask]
List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]
List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]
|
