PRISM Privacy + Certified Records Storage
Privacy+ is an international certification program open to all companies providing storage and protection of hard-copy records and off-line removable computer media. Participation in Privacy+ is voluntary and allows companies to publicly demonstrate their commitment to protecting the privacy of information entrusted to them by their clients. Privacy+ certification is owned and administered by PRISM International (Professional Records & Information Services Management), also referred to herein as the “Association,” the not-for-profit trade association for the commercial information management industry. Privacy+ certification is applicable only to participating companies’ physical storage and handling of hard-copy records and off-line removable computer media. 

The purposes of the Privacy+ program are to:
  • Provide participants a vehicle to publicly demonstrate their commitment to ensuring the privacy of information in their custody
  • Share resources and best practices to help participants reduce risks in their businesses
  • Reduce the number of privacy breach incidents caused by members of our industry, thereby
           preserving the reputation and trusted status of our industry
  • Reducing the likelihood and severity of government-imposed legislation on our industry.

Legislation and Regulation Informing Requirements

The laws, regulations and standards listed below act as privacy guidelines:

  •     Health Insurance Portability and Accountability Act (HIPAA)
  •     HIPAA Privacy RulePayment Card Industry Data Security Standard (PCI DSS)
  •     The Personal Information Protection and Electronic Documents Act (PIPEDA)
  •     Gramm-Leach-Bliley Act (GLBA)
  •     Sarbanes-Oxley Act (SOX)
  •     Federal Trade Commission (FTC) "Red Flags Rules"
  •     American Institute of Certified Public Accountants (AICPA) Statement on Standards for Attestation Engagements        (SSAE) No. 16, Reporting on Controls at a Service Organization
  •     Family Educational Rights and Privacy Act (FERPA)
  •     Fair and Accurate Credit Transaction Act (FACTA)
  •     State information security laws including 201 CMR 17.00
  •     European Data Protection Directive



Business Records Storage, Management, and Shredding Services