Storage & Shredding: Expert Advice

How well do YOU know the data protection laws affecting you?

Posted by Sean Kelly on Fri, Oct 07, 2011 @ 03:26 AM

Data Protection LawsVirtually every single business and every single consumer is somehow affected by the following federal and Massachusetts State Laws. See how much you know, good luck!


1. What type of information does the FACTA (Fair and Accurate Credit Transaction Act) pertain to?

a.Medical records
b.Legal Records
c.Any and all business related records
d.Any and all consumer information

2. What are considered reasonable measures for the proper and safe disposal of information according to FACTA?

a.Putting the information in black/non-see through bags for disposal in a dumpster
b.Placing the information in sealed boxes for disposal
c.Tearing up the information before disposal
d.none of the above

3. Which of the following destruction methods would put you in compliance with FACTA?

a.Using a NAID certified document destruction vendor
b.Having your documents shredded or pulverized
c.Both A and B
d.None of the above

4. What industry does the Sarbanes-Oxley Act of 2002 impact the most?

c.Real Estate

5. What are the penalties of non-compliance with the Sarbanes-Oxley Act of 2002 even if the non-compliance was a mistake?

a.A fine up to $1 million dollars and 10 years in prison,
b.A fine up to $100,000 dollars and up to 1 year in prison
c.A fine of $10,000 dollars
d.A prison sentence of 5 years

6. What type of medical information does HIPAA require health care providers to safeguard?

a.Any medical information on any patient
b.medical information that identifies who the patient is
c.Only medical information regarding illnesses and disease
d.Only medical billing information for the patient

7. What is the maximum penalty per HIPAA violation occurring after 2/18/2009?

a.Up to $100 per violation
b.Anywhere between $100- $50,000 + per violation
c.$500 per violation
d.$100-$1,000 per violation 

8. What does the Massachusetts data protection law 93H require businesses to safeguard?

a.Social Security Numbers
b.Driver's License
c.Financial Account Numbers
d.All of the above

9. What does the Massachusetts data protection law 93I require businesses to do?

a.Properly document what information is destroyed and when
b.Have a written policy regarding how any sensitive information should be disposed of
c.Properly store information in a safe and secure manner
d.Witness any document shredding be performed

10. What is the maximum fine per incident of record compromised under the Massachusetts 93H and 93I laws?

a.$100 per record compromised
b.$500 per record compromised
c.$1000 per record compromised
d.$5000 per record compromised


          Any area you need to brush up on? Visit the following links to get all the information you need on the state and federal compliance laws that affect you:


          Answer Key:


          Tags: Massachusetts State Laws, non-compliance, compliance, fines, test