The Cost of Non-Compliance: What Every Company Should Know
The cost of non-compliance for HIPAA, for example, can range up to 1.5 million dollars.
And according to one data breach Report by the 2014 Identity Theft Resource Center, security breach reports have hit a record high, surpassing 5,000 reported breaches and 675 million records exposed since 2005.
When it comes to compliance programming and procedure, it is important to create effective programming and take necessary precautions.
Although reputation can take a major hit once a breach occurs, if there is a privacy law violation there may also be fines and even jail time. It is imperative that companies educate personnel on privacy laws and company policy. Some privacy laws are national, some regional, and some are industry specific. Many larger organizations have the luxury of handing this responsibility to the Chief Information Security Officer, but what about small businesses?
For a small business it may be harder to keep up with information security trends, without the help of an information security officer running it on the back end. However, here are some tips to consider that can help you with following regulations:
Learn the requirements - subscribe to selected newsgroups on PCI DSS, HIPAA or NERC, or set up a Google Alert for news items on credit card security, or whatever is most pertinent to your industry.
Training and awareness – training begins with the individual employee. Ensure that employees and contractors realize their actions or inactions can contribute to breaches or non-complaint situations. Spend time training your employees on important business processes that if not fulfilled properly will result in non-compliance or a data breach.
Understanding the Root Cause – If a potential breach or non-compliant situation occurs, learn to spend more time on understanding the root cause and origin of the breach. Don't simply gloss over the symptoms and implications; really work towards understanding what happened and why. Then, it is necessary to take the time to develop remediation actions that will solve the problem and help prevent it from occurring in the future.
Partnering - Partner with a professional shredding company for secure on-site document destruction, which includes locked consoles for disposal in the workplace, and a certificate of destruction after every shred.
Rock Solid Shredding provides customized paper and hard drive shredding services that assist businesses with complying with legislation while protecting information.
Contact them at 501.940.9900 or fill out the Contact Form.
Follow Rock Solid on Twitter. Like them on Facebook.