Unintended consequences: Consultants using HIPAA to strong-arm business associates
By Bob Johnson, NAID CEO When the U.S. Federal Trade Commission (FTC) contacted NAID to help write the FACTA Final Disposal Rule, their main concern was what they called “unintended consequences.” It seems every new law has side effects. The FTC’s goal was to anticipate the bad side effects and minimize them when creating new […]
Read more »Compliance and data security are not the same things
By Bob Johnson, NAID CEO On Tuesday, I described how privacy and data security, though often thought of interchangeably, are two distinct and separate concepts. Today, I will show how data security and regulatory compliance, concepts often thought of as synonymous, are actually significantly different as well. For instance, if an organization destroyed their discarded […]
Read more »Privacy and data security are not the same things
By Bob Johnson, NAID CEO When I address an audience of privacy professionals, especially an international audience, I often point to the fact that the U.S. has the strongest data protection regulations in the world. In such occasions, I get two reactions: confusion, as if they are struggling to understand how I could possibly be […]
Read more »HITECH will ignite great opportunities in the secure destruction industry
By Bob Johnson, NAID CEO One of the country’s most prominent and respected privacy experts, attorney Kirk Narha, reported the HITECH Final Rule may be released soon, possibly by the end of this month. As many of you know, it was originally supposed to be released last summer and has been postponed several times since […]
Read more »Delayed HIPAA/HITECH Final Rules promise big changes
By Tom Dumez, President of Prime Compliance The “Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules” Notice of Proposed Rulemaking (NPRM) was initially published in July 2010. The Office of Management and Budget (OMB) received the much delayed U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) Final Rules that […]
Read more »Industry pros take CSDS exam to better serve customers
By Bob Johnson, NAID CEO In Boston this morning, a group of secure destruction professionals took the Certified Secure Destruction Specialist (CSDS) Examination. It was the second such exam held this year and will be followed by several other regional exams over the next couple of months. I have the utmost respect for these industry […]
Read more »How NAID Certification relates to PCI compliance
By Bob Johnson, NAID CEO In 2006, the five largest credit card companies formed the Payment Card Industry (PCI) Security Standards Council as a self-policing data security initiative designed to quell calls for government intervention prompted by the increasing number of large data breaches and identity theft. To that end, PCI quickly produced its Data Security Standards (PCI-DSS) to […]
Read more »The real value of NAID Certification
By Bob Johnson, NAID CEO From any perspective, the NAID AAA Certification Program has been an amazing success. The program will soon certify its 1,000th member location. Also, hundreds of state and federal government agencies recognize it, including a growing number outside the U.S., and tens of thousands of private organizations now require it of their […]
Read more »Common misconceptions about HIPAA and data destruction
By Bob Johnson, NAID CEO In my blog next Tuesday, I will continue my pricing thread about why secure destruction professionals aren’t willing to do what’s necessary to get out of the commodity rat race. But, today, I am going to mix it up by shedding light on a few Health Insurance Portability and Accountability Act […]
Read more »Data protection laws require due diligence
By Bob Johnson, NAID CEO It is illegal to select a data destruction service provider on price alone. So what qualifications should you use to select a vendor? In my last blog post, I wrote about the principle of “reasonableness.” I want to continue that theme in today’s posting, specifically looking at data-related vendor selection. […]
Read more »