Personal information can exist in either a physical or electronic form. Regardless of the form in which the information exists, the standard of protection remains, only the implementation of that protection changes.
Physical copies of personal information can be easily protected by simply storing the information in a locked storage area. This area can be anything from a filing cabinet to a safe to a third party storage facility. So long as access to the information is limited to properly trained employees, any of these forms of locked storage should be sufficient.
See more about File Retention Policy
The storage and security of electronic personal information can be more complicated than the storage of physical personal information. The implementation of an electronic storage system can vary widely depending on the size of a company or firm, and the amount of information that must be secured. At a minimum, the WISP (Written Information Security Plan) must cover authentication protocols, including the use of user IDs and passwords and their security; secure and restricted access to the personal information records; the encryption of the electronic records; and the monitoring of the implemented systems.
Many electronic file systems and operating systems have a built-in function for the creation and maintenance of a user ID and password system. For larger firms and companies, a more robust system may be needed and can be found through third-party vendors.
Encrypted storage and transmission of personal electronic information can be implemented in many ways. Many manufacturers now sell USB drives and external hard drives with built-in encryption systems. For the encryption of current drives and file systems there are numerous programs available for purchase and comparable free programs as well.
State Security Breach Notification Laws
It is essential to be familiar with your particular State’s Security Breach Notification Law. At this time, 46 States have unique Security Breach Laws in place. NAPLIA provides you with a summary of each State Security Breach Law identifying:
- Date law was enacted
- Definition of Personal Information by State
- Notification Requirements
- Links to full State Statutes, and Laws