Compliance & Privacy
Recent years have seen the proliferation of laws and regulations designed to hold organizations accountable for sound information management practices. These laws and regulations have codified two primary responsibilities for most organizations: a) the responsibility to securely preserve certain important information, and b) the responsibility to prevent unauthorized access to sensitive personal information.
Vanguard Archives takes very seriously its responsibility to support clients in their efforts to become and remain compliant with information-related laws and regulations. Every aspect of Vanguard’s operations is continually analyzed and improved so that clients can enjoy peace of mind, knowing that their information is safe with Vanguard. Vanguard Archives is one of only a few companies in the world to hold both SSAE 16 and PRISM Privacy+ Certification.
Read the details on laws and regulations impacting organizational records, data and document management by clicking the appropriate link in the secondary menu above.
|Date of implementation:||August 1996|
|Regulatory authority:||Health and Human Services Office of Civil Rights|
|Industries affected:||Health care and health care service organizations|
Requires Covered Entities to make reasonable efforts to preserve Protected Health Information, while also limiting access to such information through appropriate administrative, technical and physical safeguards.
Vanguard a) provides you with a Business Associates Agreement and ensures that any subcontractors used by Vanguard are bound by the same terms, b) has appropriate measures in place to protect information against accidental loss or unauthorized destruction, c) has written operating procedures which strictly limit access to Protected Health Information through appropriate administrative, technical and physical safeguards, and d) has a written policy to notify you of any security incident of which it becomes aware.
(Public Company Accounting Reform and Investor Protection Act – Public Law 107-204)
|Date of implementation:||July 30, 2002|
|Regulatory authority:||Securities and Exchange Commission,
Public Company Accounting Oversight Board
|Industries affected:||Publicly traded companies|
Requires preservation of information related to transactions that affect an organization’s financial statements.
Vanguard has appropriate measures in place to protect your information against accidental loss, including barcode scanning of items each time they are handled and regular inventory audits which would provide an early warning sign of any inventory irregularity. Vanguard also protects your information against unauthorized destruction by requiring itemized client sign-off and by checking client signatures against authorized user lists before items are destroyed.
(Financial Services Modernization Act of 1999)
|Date of implementation:||November 12, 1999|
|Industries affected:||Financial institutions|
Requires establishing appropriate administrative, technical and physical safeguards to prevent identity theft.
Vanguard has written operating procedures with appropriate administrative, technical and physical safeguards to prevent identity theft.
(Fair and Accurate Credit Transactions Act)
|Date of implementation:||June 1, 2005|
|Regulatory authority:||Federal Trade Commission|
Requires proper disposal of any consumer information in order to prevent identity theft.
Vanguard provides certified shredding services to ensure proper confidential disposal of information assets containing consumer information.
(Payment Card Industry Data Security Standard)
|Date of implementation:||October, 2008|
|Regulatory authority:||Payment Card Industry Council|
|Industries affected:||Organizations that process credit cards|
Requires meeting certain standards in data protection policies and practices in order to prevent theft of credit card account numbers.
Vanguard a) employs appropriate security measures including recorded video monitoring of all facilities, b) has written operating procedures which strictly limit access to your information and requires the use of unique logins and passwords for digitally stored information, and c) provides certified shredding services to ensure proper confidential disposal of information assets containing credit card account numbers.
(Fair Credit Reporting Act)
|Date of implementation:||December 31,2010|
|Regulatory authority:||Federal Trade Commission|
|Industries affected:||Organizations that provide financing|
Requires written plan to detect and respond to data breach, and to identify and mitigate potential points of hazard where identity theft could occur within an organization.
Vanguard has its own written plan to detect and respond to data breach, and to identify and mitigate potential points of hazard where identity theft could occur while your information is in Vanguard’s custody.
(Family Educational Rights and Privacy Act – 20 USC § 1232g and 34 CFR part 99)
|Date of implementation:||August 21, 1974|
|Regulatory authority:||US Department of Education|
|Industries affected:||Educational organizations receiving federal funding|
Requires strict controls over access to student records.
Vanguard has written operating procedures which strictly limit access to student information.