At Cedar Financial we have a responsibility to protect consumers from the dangers of cyberthreats such as ID theft, data breaches, and stolen sensitive information. Because of the rise in internet security threats, and the major security breaches reported in the news, Cedar Financial has taken the steps to ensure that all sensitive information is protected.
- Data Redaction: Closed files are kept active in the Cedar database for one year. On the one-year anniversary, the file is purged of all PII including consumer name, street address, phone numbers, notes on the file, and all attachments. The revised record is then saved for 7 years for compliance and audit purposes, at which point the record is purged and all information is deleted.
- Purges: In an effort to protect consumers from the dangers of ID theft, purges of consumer information are performed 7 years after a file has been closed from the database. This procedure also helps lower insurances and mitigates risk if there were to be a data breach. We suggest that you discuss implementing something similar with your management team. Important consumer data to look for in your network include email, network drives, data bases, third party programs, and reports.
- Daily Efforts: When creating reports, Cedar uses the minimum amount of information possible in the report. Reports are then purged on a regular basis. Consumer account information provided by clients is also purged on a regular basis.
Most states have laws regarding the length of time a business record must be stored. We suggest checking with your local jurisdiction to see which laws apply to your business. Signing up for state data breach notifications will also to help keep you up to date on what to be aware of and to protect your business against.
In addition, familiarize yourself with the US Dept of Health and Human Services’ special notifications requirements for information: https://www.hhs.gov/hipaa/for-professionals/breach-notification/index.html