home | about us | shredding services | why shred? | news | faq | contact
A Baltimore City-Baltimore County-Maryland-MD-Area Business
Maryland's "Personal Information Protection Act" requires Maryland businesses to protect the personal information of its customers.
Destruction of information
When destroying records containing customers' personal information, a business must take reasonable steps to protect against unauthorized access or use of the personal information. The business must consider:
- the sensitivity of the records;
- the nature and size of the business and its operations;
- the costs and benefits of different destruction methods; and
- available technology.
Security procedures for maintenance of information.
A business must have reasonable security procedures to protect customers' personal information. The procedures must be appropriate based on:
- the nature of the personal information owned or licensed; and
- the nature and size of the business and its operations.
Security breaches.
If a business discovers a security breach, it must conduct a reasonable and prompt investigation. If misuse of individual personal information is reasonably likely, the business must notify:
- the affected individual(s) as soon as reasonably practicable;
- the Attorney General of Maryland; and
- the national consumer reporting agencies (if the breach may affect 1,000 or more individuals).
A business may have to notify affected customers by:
- conspicuous posting of a notice on its website; and
- notification to statewide media.
Responding to a breach can be a serious financial hardship to a business.
In a 2006 survey noted by the federal Government Accountability Office, businesses reported spending an average of $1.4 million per data breach in customer notification, public relations and legal costs. In addition, violation of the Maryland law is an unfair or deceptive trade practice that may result in fines or prosecution by the Maryland Attorney General.
In addition to the Maryland law, a number of federal laws already require the safe and secure maintenance and destruction of your customers' sensitive information:
Fair and Accurate Credit Transactions Act (FACTA) (credit records); Gramm-Leach-Bliley Act (banking records); Health Insurance Portability and Accountability Act (HIPAA) (health care records).
How does a business respond?
Each Maryland business must:
- take a hard look at its records security and document destruction procedures;
- recognize the true costs of using its employees to sort and shred using a low-speed office shredder; and
- minimize the vulnerability of customer information (and your company's sensitive and proprietary information).
datasense can help. We offer:
- cost-effective document destruction services - at your doorstep - in our state of the art shredding truck;
- secure, locked consoles for your office for materials awaiting destruction;
- destruction of hard drives, CD-ROMs, CPUs, audiotapes and videotapes;
- one-time purges of documents to get you started; and
- regular pickups on your schedule to keep you on track with your secure document destruction needs.
Let your employees do what you hired them to do; let datasense take care of the rest.
