In order to increase efficiencies and provide quality to their clients, many companies collaborate and share personal information with their record retrieval vendors. However, if this information falls into the wrong hands, substantial liability and loss of client trust will result. Clients demand data security and will go elsewhere if it is inadequate. Ensuring the protection of personal information is not just good business, the failure to do so exposes businesses to liability from both those whose data is compromised and governmental agencies. In today’s electronic age, personal information is distributed across vast computer networks and no longer securely locked in a file cabinet. Criminal elements are well aware of the vulnerability of this wealth of data and constantly attack these networks to gain access to personal information for malicious profit. For companies that fail to adequately protect data, it is a matter of when and not if significant harm will occur.
As a result of this risk, it is imperative that companies comply with data security standards both internally and with their vendors. The enactment of regulations such as HIPAA and HITECH mandated the protection of personal information. This has led to the creation of data security standards such as ISO/IEC 27000 series, NIST and SSAE 16 SOC II which provide for physical, technical and administrative safeguards to secure data. The FTC considers it an unfair and deceptive business practice to put data at unreasonable risk by failing to follow these standards and has been ramping up enforcement actions, resulting in millions of dollars in penalties. Engaging and entrusting data to a record retrieval vendor that fails to follow best practices in data protection potentially exposes law firms, corporations and other providers to substantial liability in the event of a data breach. Currently, corporations with robust risk management departments are keenly aware of this risk. As such, they perform a comprehensive security analysis to ensure data is never entrusted to a record retrieval company that fails to meet industry standards for data protection. However, many other companies are unaware of the serious risk created by using an unproven vendor.
RecordTrak is an industry leader in data security. The use of record retrieval vendors that fail to follow modern standards and best practices exposes all involved to significant liability in the event of a data breach.