Every data protection regulation in the United States, requires that organizations train employees to protect client and employee information that should remain private:
- Regulation S-P
- The FACTA Final Disposal Rule
- The Red Flags Rule
Are you a "Covered" Entity?
As defined by HIPAA:
- Health care providers
- Health care clearinghouses
- Health plan administrators
- Possess and/or process PHI (protected health information)
As defined by FACTA, Regulation S-P, GLB and the Red Flags Rule:
Financial institutions and creditors that hold or maintain “covered accounts,” including personal, family or household credit and/or finances that involve payments or transactions. Further, any foreseeable risk of identity theft to customers or to the safety and soundness of the financial institution or creditor. Examples include:
- Mortgage lenders
- Savings and loan associations
- Mutual savings banks
- Credit unions
- Any institution that extends, renews, continues or receives credit.
The New Dual Role Of Data Protection Training:
Every data protection regulation in the US requires that organizations properly train employees on proper information protection, including proper information destruction. Just as important, regulators say that organizations who do train their employees on proper information protection will be held less responsible than if the training is not provided in the first place.
So not only does the training increase employee compliance, it also reduces the fine(s). The NAID Training Program allows Members to deliver that training in a way that is fast, simple and more effective than anything the client could have.
How it Works
- Customers’ employees view the 15 minute NAID Employee Information Destruction video presentation, which explains to them why proper destruction is critical to the organization and to their continued employment. You can even give the customer a permanent copy for ongoing training of new employees and annual retraining of all employees.
- Customers’ employees are provided written instructions on the organization’s specific information destruction procedures. The NAID member-company will be glad to help you prepare this short document.
- Customers’ employees verify that they have viewed training video, understand the written destruction instructions, and agree that ongoing compliance is a condition of their employment. (The NAID Member provides sample agreements).