NAID : News : NAID Compliance Toolkit Update

NAID COMPLIANCE TOOLKIT UPDATE

The long awaited Information Destruction Compliance Toolkit, designed to allow members to help organizations around the world comply with their legal obligation to have written information protection policies and procedures, is about to enter its final legal review. The project turned out to be far more expansive than originally conceived. While the basic policy template within the toolkit is only four pages in length, the supporting sections, including templates for definitions, procedures, and forms, expand the publication to nearly 70 pages. The packet is designed to be presented to clients and prospects to help them develop and document their legally-required, unique information destruction policies and procedures. The publication will be bound in an attractive folder, which includes an interactive CD with all templates included.

When released, sometime near the date of the 2008 NAID Annual Conference, NAID members will be required to undergo orientation on its use, and sign a release prior to obtaining access to the materials.

The recent (and first) fine, issued by the FTC that was related to the FACTA Disposal Rule and the GLB Safeguards Rule, cited the absence of written policies and procedures for information disposal as the basis of the fine. FACTA, GLB and HIPAA require covered entities to have written policies and procedures. Additionally, according to the results of the 2006 NAID Consumer Attitudes Survey, organizations with written information destruction policies and procedures are far more likely to outsource their destruction requirements than organizations without them. Less than 25% of organizations in the US currently have such policies and procedures, and even those that do have them, usually lack a reasonable level of direction and specificity.