Compliance & Privacy

Compliance & Privacy

Recent years have seen the proliferation of laws and regulations designed to hold organizations accountable for sound information management practices. These laws and regulations have codified two primary responsibilities for most organizations: a) the responsibility to securely preserve certain important information, and b) the responsibility to prevent unauthorized access to sensitive personal information.

Vanguard Archives takes very seriously its responsibility to support clients in their efforts to become and remain compliant with information-related laws and regulations. Every aspect of Vanguard’s operations is continually analyzed and improved so that clients can enjoy peace of mind, knowing that their information is safe with Vanguard. Vanguard Archives is one of only a few companies in the world to hold both SSAE 16 and PRISM Privacy+ Certification.

Read the details on laws and regulations impacting organizational records, data and document management by clicking the appropriate link in the secondary menu above.

HIPAA Compliance and Records Management

Date of implementation: August 1996
Regulatory authority: Health and Human Services Office of Civil Rights
Industries affected: Health care and health care service organizations

Impact on an organization’s records management practices:

Requires Covered Entities to make reasonable efforts to preserve Protected Health Information, while also limiting access to such information through appropriate administrative, technical and physical safeguards.

How Vanguard Archives helps you maintain compliance:

Vanguard a) provides you with a Business Associates Agreement and ensures that any subcontractors used by Vanguard are bound by the same terms, b) has appropriate measures in place to protect information against accidental loss or unauthorized destruction, c) has written operating procedures which strictly limit access to Protected Health Information through appropriate administrative, technical and physical safeguards, and d) has a written policy to notify you of any security incident of which it becomes aware.

Sarbanes-Oxley and Records Management

(Public Company Accounting Reform and Investor Protection Act – Public Law 107-204)

Date of implementation: July 30, 2002
Regulatory authority: Securities and Exchange Commission,
Public Company Accounting Oversight Board
Industries affected: Publicly traded companies

Impact on an organization’s records management practices:

Requires preservation of information related to transactions that affect an organization’s financial statements.

How Vanguard Archives helps you maintain compliance:

Vanguard has appropriate measures in place to protect your information against accidental loss, including barcode scanning of items each time they are handled and regular inventory audits which would provide an early warning sign of any inventory irregularity. Vanguard also protects your information against unauthorized destruction by requiring itemized client sign-off and by checking client signatures against authorized user lists before items are destroyed.

Gramm-Leach-Bliley Act and Records Management

(Financial Services Modernization Act of 1999)

Date of implementation: November 12, 1999
Regulatory authority: Various
Industries affected: Financial institutions

Impact on an organization’s records management practices:

Requires establishing appropriate administrative, technical and physical safeguards to prevent identity theft.

How Vanguard Archives helps you maintain compliance:

Vanguard has written operating procedures with appropriate administrative, technical and physical safeguards to prevent identity theft.

FACTA and Records Management

(Fair and Accurate Credit Transactions Act)

Date of implementation: June 1, 2005
Regulatory authority: Federal Trade Commission
Industries affected: All

Impact on and organization’s records management practices:

Requires proper disposal of any consumer information in order to prevent identity theft.

How Vanguard Archives helps you maintain compliance:

Vanguard provides certified shredding services to ensure proper confidential disposal of information assets containing consumer information.

PCI-DSS - Document Storage

(Payment Card Industry Data Security Standard)

Date of implementation: October, 2008
Regulatory authority: Payment Card Industry Council
Industries affected: Organizations that process credit cards

Impact on an organization’s records management practices:

Requires meeting certain standards in data protection policies and practices in order to prevent theft of credit card account numbers.

How Vanguard Archives helps you maintain compliance:

Vanguard a) employs appropriate security measures including recorded video monitoring of all facilities, b) has written operating procedures which strictly limit access to your information and requires the use of unique logins and passwords for digitally stored information, and c) provides certified shredding services to ensure proper confidential disposal of information assets containing credit card account numbers.

Red Flags Rule and Records Management

(Fair Credit Reporting Act)

Date of implementation: December 31,2010
Regulatory authority: Federal Trade Commission
Industries affected: Organizations that provide financing

Impact on an organization’s records management practices:

Requires written plan to detect and respond to data breach, and to identify and mitigate potential points of hazard where identity theft could occur within an organization.

How Vanguard Archives helps you maintain compliance:

Vanguard has its own written plan to detect and respond to data breach, and to identify and mitigate potential points of hazard where identity theft could occur while your information is in Vanguard’s custody.

FERPA and Records Management

(Family Educational Rights and Privacy Act – 20 USC § 1232g and 34 CFR part 99)

Date of implementation: August 21, 1974
Regulatory authority: US Department of Education
Industries affected: Educational organizations receiving federal funding

Impact on an organization’s records management practices:

Requires strict controls over access to student records.

How Vanguard Archives helps you maintain compliance:

Vanguard has written operating procedures which strictly limit access to student information.

Back to Top