HIPAA Compliant Backup Data Protection Compliance - Privacy and Security Policy Rules for Health Industry Information - Remote Data Backups  
Free 24/7 Support @ 866.7.BACKUP Contact · Support · Billing · Clients · Partners
Why Back Up
Offsite?		 Backup Plans & Services Software
Features		 Backup
Data Security		 Corporate
Information
Why use RDB?
Data & system loss risks
Types of backup users
Server Backup
Desktop / PC Backup
Laptop Backup
Home User Backup
Regulatory Compliance
- Data Protection Laws
- Healthcare Backup
- Accounting Backup
- SysTrust Certified
Files to back up
HIPAA Compliant Backup
Padgett Business Services
“Being responsible for confidential and crutial information for my clients makes this backup system an easy choice. I recently had a computer crash and with Dan Dugal's help was able to operate my business in a matter of hours.”
— Daniela Hops

   > More Clients
   > More Testimonials

International Franchise Association - Supplier Forum Member

Data Protection, Privacy and Regulatory Compliance Laws

Corporations today face growing federal and state regulations. If not understood, planned for, and complied with, these mandates threaten the bottom line of every public U.S. company.

Records managers and executives alike must become familiar with these regulations in order to avoid stiff penalties and preserve brand equity.

  Free 30-Day Trial - Download Now
Data Security Regulatory Compliance
Read how Remote Data Backups helps you comply.

Federal regulations protecting consumer data
Any organization that collects and stores consumer information may be affected:

  1. Fair and Accurate Credit Transactions Act (FACTA)
    Protects “consumer information” and provides regulations to properly dispose of it and protect against unauthorized disclosure
  2. Electronic Signature in Global and National Commerce Act
    Provides assurances that electronic records and contracts can have the same legal authority and protection as paper records and contracts
  3. Rules 26 & 34 of the Federal Rules of Civil Procedure
    Governs the discovery and disclosure of information relevant to civil actions
  4. Uniform Preservation of Private Business Records Act (UPPBRA)
    Enacted by several states business records not otherwise specified may be destroyed after the expiration of three years
  5. Uniform Photographic Copies of Business & Public Records as Evidence Act
    Reproductions of records have the same legal significance as the original (UPA)
  6. The Paperwork Reduction Act of 1980
    Provides the framework to control the paperwork burdens the federal administrative agencies can place on the public
  7. Department of Defense: Standard for Records Management Software
    Establishes mandatory baseline functional requirements for Records Management Applications (RMA) software
  8. U.S. General Services Administration: GSA Advantage Approved Vendor
    Contact us directly regarding GSA vendor approval. We can personally tailor a bid proposal to your specific Federal Government contract needs.

Federal regulations protecting industry-specific data
Doctors, dentists, bankers, accountants, CPAs, financial advisors, lenders, brokers, etc.

  1. Healthcare Insurance Portability and Accountability Act (HIPAA)
    Limits the use and disclosure of individually identifiable information
  2. Sarbanes Oxley Act
    Implements multiple sweeping reforms within the accounting industry
  3. Gramm-Leach-Bliley Act (GLB)
    Requires financial institutions to ensure the security and confidentiality of customers’ non-public, personal information
  4. Bank Secrecy Act
    Requires financial institutions to maintain records of transactions that are useful to the Department of Treasury in criminal, tax and regulatory investigations
  5. SEC Rules 17a-3 & 4
    Record retention requirement governing broker-dealer records in all formats

State regulations
These laws effect any business with clients in these states (more states will soon follow):

  1. New York: Information Security Breach and Notification Act
    Governor George Pataki signed the Information Security Breach and Notification Act (A04254) into law on August 10th, 2005, joining a growing number of states which legislate the protection of consumers' personal data.
  2. California's SB-1386 law requires disclosure of compromised data
    Privacy law requiring all businesses that own or license computerized data with personal information, to disclose to residents any data security breach if unencrypted personal information is reasonably believed to have been acquired by an unauthorized person.
  3. Washington's Substitute Senate Bill (SB-6043)
    Enacted on July 23rd, 2005, the law regulates disclosure standards concerning data security breaches involving unencrypted personal information.

International business regulations
These laws effect any business with international clients or transactions:

  1. USA Patriot Act
    Measures to prevent, detect and prosecute terrorism and international money laundering, giving the government new powers to request confidential company info
  2. Safe Harbor Act (European Union Data Protection Directive)
    Places new requirements on businesses that wish to collect, process or transfer personal data from an EU Member State
  3. ISO 15489 – Records Management Standard
    International standard that provides a high level framework for recordkeeping
  4. Canadian Personal Info Protection and Electronic Documents Act (PIPEDA)
    Governs the collection, use, and disclosure of personal info in commercial activities

Sarbanes-Oxley Act of 2002 (SOX)

  • Implements multiple sweeping reforms for public companies, auditors, board members and lawyers
  • Applies to all U.S. public companies and non-U.S. public companies that have issued securities in the U.S. public markets and are required to file periodic reports with the Securities and Exchange Commission
  • Prescribes a system of federal oversight of public auditors
  • Prohibits specified behavior regarding insider trades, loans to officers and directors, disclosure of information and improper influence on audits
  • Imposes new criminal penalties relating to fraud, conspiracy, destruction of evidence and interfering with investigations
  • Requires management to establish and maintain an adequate internal control structure and procedures for financial reporting
  • Requires establishment of a process for employees to submit, in confidence and with anonymity, concerns regarding questionable accounting matters

Healthcare Insurance Portability and Accountability Act of 1996 (HIPAA)

  • Limits the use and disclosure of individually identifiable information relating to the physical or mental health of individuals absent the consent or authorization from the patient
  • Requires that all records regardless of format be managed as part of the organization’s official records management program
  • Requires training to ensure employees are aware of the requirements
  • Privacy Rules issued under the Act became effective in April 2001. Security Rules under the Act became effective in April 2006
  • Applies to doctors, hospitals, pharmacies, medical billing services, health care plans, HMOs, and business associates of these entities such as their accountants and attorneys
  • Imposes strict data disposal requirements, including overwriting or physically destroying all magnetic media that is no longer in use or that is given away or sold

Gramm-Leach-Bliley Act (GLB), November 1999

  • Requires financial institutions to ensure the security and confidentiality of customers’ non-public, personal information
  • Organizations are required to send privacy notices automatically to customers
  • Harm caused by “identity theft” has led the federal government to create mandates such as this to prevent the negligent disclosure of private information

Safe Harbor Act

  • In October 1998, the European Union passed the European Union Data Protection Directive. This Directive places new requirements on businesses that wish to collect, process or transfer personal data from an EU Member State
  • Under the Directive, the transfer of personal information from an EU Member State to a non-EU country is forbidden unless the receiving country provides an “adequate” level of privacy protection. The EU Directive has very strict privacy rules pertaining to personal information of its citizens
  • In order to avoid potential disruptions in trade between the U.S. and the EU, the U.S. Department of Commerce in consultation with the European Commission and industry developed the Safe Harbor framework. This framework allows U.S. companies a means of assuring European consumers that they will provide an adequate level of privacy protection, thereby satisfying the “adequacy” requirement of the European Directive of Data Protection

Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism, USA Patriot Act, October 2001

  • Contains measures to prevent, detect and prosecute terrorism and international money laundering
  • Gives the government new powers to request confidential company information and requires that financial institutions know their customer base intimately
  • Provides the government with authority to intercept wire, oral and electronic communications and to prosecute offenders
  • Reporting requirements now extend to credit unions and entities trading commodities and futures
  • Requires every financial institution to develop and implement an anti-money laundering program

Electronic Signature in Global and National Commerce Act

  • Provides assurances that electronic records and contracts can have the same legal authority and protection as paper records and contracts
  • Requires that companies address their e-commerce activities and implement measures to ensure that these activities meet acceptable standards

Fair and Accurate Credit Transactions Act of December 2003 (FACTA) and The FACT Act Disposal Rules

  • Amends the Fair Credit Reporting Act, the federal law governing the use of credit reports
  • Requires banking agencies to adopt consistent and comparable rules applicable to the entities they regulate, requiring such entities to properly dispose of any consumer information
  • Requires organizations that possess or maintain “consumer information” for business purposes to properly dispose of it by taking reasonable precaution to protect against unauthorized disclosure. This includes consumer information in any format including electronic records

Canadian Personal Information Protection and Electronic Documents Act (PIPEDA)

  • Governs the collection, use, and disclosure of personal information in commercial activities by organizations of all types, including associations, partnership, trade unions and the Canadian offices or subsidiaries of foreign companies
  • Applies to both traditional paper-based business as well as online commercial activities

Rules 26 & 34 of the Federal Rules of Civil Procedure

  • Governs the discovery and disclosure of information relevant to civil actions
  • Applies to organizations facing litigation and those aware that a discovery request may be made
  • Organizations with poor records management programs can face court sanctions and loss of rights in litigation

Uniform Preservation of Private Business Records Act (UPPBRA)

  • Statute enacted by several states declares that unless a specific period is designated by law for their preservation, business records which persons by the laws of this state are required to keep or preserve may be destroyed after the expiration of three years from the making of such records without constituting an offense under such laws

Uniform Photographic Copies of Business and Public Records as Evidence Act (UPA)

  • Enacted by almost all states, it specifies that reproductions of records have the same legal significance as the original and may be used in place of the original for all purposes including evidence

Bank Secrecy Act

  • Requires financial institutions to maintain records of personal financial transactions that are useful to the Department of Treasury in criminal, tax and regulatory investigations

ISO 15489 – Records Management Standard developed by the International Organization for Standards in 2001

  • International standard that provides a high level framework for recordkeeping and specifically addresses the benefits of records management, regulatory considerations affecting its operation and the importance of assigning responsibility for recordkeeping
  • Provides specific detail about the development of records management policy and responsibility statement and outlines processes for developing recordkeeping systems

SEC Rules 17a-3 & 4

  • Record retention requirement governing broker-dealer records in all formats

The Paperwork Reduction Act of 1980

  • Provides the framework to control the paperwork burdens the federal administrative agencies can place on the public and empowers the Office of Management and Budget (OMB), Executive Office of the President, to develop regulations to implement the act and to enforce continual monitoring of the process

DoD 5015.2-STD: Department of Defense Design Criteria Standard for Electronic Records Management Software Applications – 6/19/2002

  • Establishes mandatory baseline functional requirements for Records Management Applications (RMA) software used by the DoD Components in the implementation of their records management programs
  • Defines required system interfaces and search criteria to be supported by the RMAs
  • Describes the minimum records management requirements that must be met, based on current National Archives and Records Administration (NARA) regulations
  © 1999-2008 Remote Data Backups, Inc. · 866.722.2587 24/7 · Sitemap · Bookmark · Top