This paper will highlight the data destruction obligations imposed organizations through The Health Insurance Portability and Accountability Act (HIPAA) and the Department of Health and Human Services (HHS) role in enforcing HIPAA data security standards.
The Department of Defense (DoD) is no longer entrusting national security to contractors who self-certify: CMMC requires a third-party audit and certification.
While every contractor or supplier within the DIB supply-chain must be certified, the new standard CMMC provides five levels of certification ranging from “Basic Cyber Hygiene” to “State of the Art”.
A tsunami of punitive data privacy laws like the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) are in place with more being added all the time. End-point storage devices, from which critical data is easily breached, must be protected and are often overlooked as many organizations are using non-compliant data destruction vendors and outdated processes.