In This Issue... Drycleaner in Congress Telephone Scam President’s Desk Thanks for Renewing Join an NCALC Committee Member Matters News You Can Use Vapor Intrusion List of Compliance Inspections IWA Pays Dividend NCALC Membership Benefits Payroll Processing Operational Training New Member Rewards Data Security & PCI Compliance A Drycleaner in Congress? Jeff Miller, left, with Pres. George W. Bush after he was awarded the Presidential Citizens Medal in the Oval Office at the White House. Jeff Miller owner/operator of Miller’s Fine Dry Cleaning in Hendersonville, N.C. is in a hotly contested race with the incumbent Democrat Keith Shuler to represent the 11th Congressional District in the US House of Representatives in the November elections. Jeff succeeds his father and grandfather as the owner/operator of Miller’s Cleaners and Laundry, as a member of DLI and NCALC and as an ardent supporter of the Drycleaning Solvent Cleanup Act Program in North Carolina. He is also well known for his efforts to fly WWII veterans to Washington, D.C. to see their memorials for free. He founded the Honor Air Program in Henderson County in 2006 which spawned other programs across the southeast and merged with the Honor Flight Program in Ohio in 2007 to form the Honor Flight Network which has now made it possible for 36,000 vets to make the trip to visit their memorials from over 100 hubs in 39 states. He was awarded the Presidential Citizens Medal in 2008 for his leadership in sending older veterans to visit their memorial. Miller is a fiscally conservative Republican whose primary agenda is to strengthen our economy by creating and protecting jobs, controlling government spending and getting government off the backs of small business. This article is for informational purposes only and does not imply an endorsement by NCALC or Carolina Clean. WARNING: BEWARE OF TELEPHONE SCAM If you get a call from an operator representing a handicapped person who is communicating with them via a keyboard & if they have 50 comforters, 300 shirts or any seemingly lucrative order, IT’S PROBABLY A SCAM. If they want to give you a credit card # and ask you to send a cashiers check for the shipping,IT’S DEFINITELY THE SCAM.The credit card will go through initially but will come back as a chargeback and no big order will ever show up at your door. What to Expect in the Next Two Years Greeting from the cool, clear, arid Blue Ridge Mountains! Just pulling your chain, it’s hot and humid here too. In this issue I thought you might be interested in knowing a little more about me, my involvement in NCALC and what you should expect from us over the next two years. I grew up the small coastal town of Georgetown, SC, where my family had a commercial laundry and dry cleaning operation. My earliest memories were of riding around the plant in laundry baskets. In later years I swept the floors, served as car hop, drove a delivery van and ultimately served as President of the laundry and dry cleaning plant my father founded after World War II. Dad also served as the second President of IFI (now DLI) in the early 1970’s. Upon his death, I suddenly became partners in this operation with 4 sisters and their husbands, I knew things were about to change. After much teeth gnashing, hand wringing and sleepless nights, I made the decision to move on with my life. I was young, had a small family (wife and two daughters) and I wasn’t at all interested in working for my sisters and especially not the brother-in-laws! Well, as fate would have it, Dad’s friend Bretney Smith of Asheville (Swannanoa Cleaners) needed some help and well, I was available. Shortly after my arrival in the beautiful Appalachian Mountains, Bretney suggested I get involved with NCALC. I’m not sure he knew where that road would lead because before I knew it I was off to Washington D.C. with Mack Davis, Jim Hilker and others to discuss regulatory issues with our representatives. I’ll never forget meeting Jessie Helms. Those were tumultuous years in our organization. There were issues with staff, there were issues with contamination, there were issues with liability, there were even issues with solvent choices. Wow, doesn’t sound like we’ve made much progress does it? That’s what those outside of our industry might think, but from my perspective, I couldn’t be more proud. After our visit to DC, it became apparent that the Federal Government was not going to be of any help. Faced with the daunting challenge of writing State law, this Association under the leadership of the likes of Denny Shaffer, Chris Edwards and many others set out to bring what is now know as the North Carolina Dry cleaning Solvent Clean up Act into law. This law which is the envy of the rest of the United States has proven to be of significant benefit to our environment, numerous communities and operators across our State. However, as you might have expected, this law is not perfect. We continue to hear of far too many uninformed dry cleaners. We hear of boot-leg suppliers selling untaxed solvent. As you can see, we’ve still got work to do on this front but there are other issues facing our industry as well. Tax evasion, illegal immigration and unfair hiring practices in my opinion will plague North Carolina dry cleaners in the years to come. It will be my administration’s goal to assist members with their questions concerning these complex issues. We will also strive to publish helpful and informative literature that might assist our membership in avoiding the complications that these issues will surely bring to our member plants. I strongly urge you to pay particular attention to articles in Carolina Clean that deal with these items. As if that weren’t enough, we also can’t lose sight of the fact that we are in this business to make a profit. Throw into the equation a little wrinkle and stain resistant fabric, $120,000 dry cleaning machines, $50 per gallon alternative solvents and a more casual yet trendy apparel industry and suddenly we’ve got a lot on our plate. You will also continue to see informative articles in Carolina Clean that will keep you in the know on these issues as well. In closing let me remind you, the times they are a changing and we, as members of NCALC will be prepared for the challenges, no, opportunities that lie ahead. Don’t forget, we’ve been through much of this before. Some of our members probably remember when Perc was an alternative solvent and when wash and wear crushed our industry, but we have and will persevere. How? Because we’re involved in our business and this association. Waiting for fall, Marvin Thomas President Renewing Members Richard Chavis Royal Cleaners Inc. Fayetteville J K Fordham Paramount Cleaners Goldsboro Haresh Majithia North Cross Dry Cleaners Huntersville Gary McPherson McPherson Cleaners Burlington Ted Rogers Ideal Cleaners Elizabethtown Ed & Mitzi Forrest Durham Cleaners & Laundromat Durham Chun Tok Yi Lake Jeanette Cleaners Greensboro David Powell Davids Cleaners Inc Winston-Salem Larry Pope Popes Dry Cleaners Raleigh Mary Wells One Hour Koretizing Rocky Mount Jimmy Lee Jones Dry Cleaning Charlotte Victor Uy Neighborhood Dry Cleaning Pinehurst Get Involved ... Join an NCALC Committee NCALC is a committee driven organization. In addition to the Board we have four standing committees that plan and direct the activities, programs and services the association provides to N.C. Cleaners and Launderers. The committees are made up of member cleaners and allied trades representatives. Board members are elected by the general membership; committee members are appointed by the President and include members who are not Board members. The committees meet during each of winter, spring and fall Board and Committee Meetings and by conference call between meetings when needed. NCALC’s four standing committees are: Trusteeship Committee is chaired by the Immediate Past President. Its membership is comprised of all past presidents in attendance, the Treasurer, Sgt at Arms, Allied Trades Representative and At Large Directors and members appointed by the President. It is responsible for financial oversight, Bylaws, Board Policy, Association Objectives, Decorum and dispute resolution. Governmental Affairs is chaired by the Vice President for Governmental Affairs and is responsible for the Association’s activities in pursuit of its legislative and regulatory objectives. Committee members are appointed by the President and include both At Large Directors and interested non-Board Members. Membership is chaired by the Vice President for Membership and is responsible for all the Association’s activities in pursuit of its membership objectives and activities to retain, recapture and recruit members. The 7 District Directors are automatically assigned to this committee. In addition, the President appoints Regular and Associate At Large Directors and interested non-Board Members to serve on this committee. Member Services is chaired by the Vice President of Member Services and is responsible for all the Association’s activities in pursuit of its member services objectives, which include education and training, certification, public relations, endorsed provider money saving insurance, credit/debit card and payroll processing and check collection programs; information dissemination by website, newsletter and e-mail; and networking opportunities such as the Annual Convention, area meetings, social and recreational gatherings. NO MATTER WHAT YOUR INTEREST MAY BE THERE’S A PLACE FOR YOU TO GET INVOLVED WITH YOUR ASSOCIATION. All Board and Committee Meetings are open to any and all N.C. Cleaners and Allied Trades. Members and Non-Members are always welcome. Why not join us at our Fall Board and Committee Meetings in Asheville October 1st and 2nd (Details are in this newsletter)? If you have any questions or want to volunteer right now call President Marvin Thomas 828-253-3691 or e-mail him at marvin@swannanoacleaners.com. News You Can Use ... A recent study from the Pew Research Center found that Small Businesses are the most trusted institution in America. 71% of respondents said small business has “a positive effect on the way things are going” ahead of churches and religious organizations 63%; universities 61%; labor unions 32%; Federal government and big business 25% and banks 22%. Your customers and potential customers are predisposed to trust you because they can establish a personal relationship with you-so cultivate it. The Obama administration has launched a multi-faceted crusade against employers who may be guilty of Labor Violations. The Department of Labor hired 250 additional investigators to crack down on wage and hour violations and launched a campaign to help employees file complaints against their employers. “We Can Help” targets workers, including illegal aliens focusing on minimum wage and overtime provisions of the labor laws. REMEMBER THAT YOU MUST HAVE A STANDARD WORK WEEK (beginning and ending on the same days) & PAY OVERTIME IF THE EMPLOYEE WORKS MORE THAN 40 HOURS IN ANY WORK WEEK EVEN IF PAID EVERY TWO WEEKS. ICE-IMMIGRATION CUSTOMS and ENFORCEMENT, the Department of Homeland Security’s enforcement arm has removed several illegals from the premises and levying substantial fines for paperwork violations on the employer. See the July issue of Carolina Clean “Beware the ICE” for what you must do to protect yourself from substantial fines even if you employ no illegals. You are required to do the paperwork - i.e. I-9’s - on every employee. If you accept credit and/or debit cards you must comply with the PCI Security Standards established by the major card companies (e.g. Visa, MasterCard, American Express, Discover, etc.). If you process credit card transactions through your POS system you need to consult with them and your credit card processor. If you process transactions on a stand alone terminal through a dial up phone line, you need only consult with your credit card processor. In either event, you will need to complete a self-assessment questionnaire available at www.PCIsecuritystandards.org (a “no” means you’re not compliant) and complete an “attestation of compliance” and submit it to your credit card processor. Contact your U.S. Representative and Senator and ask them to co-sponsor and/or vote for HR 5141 or S-3578 “The Small Business Paperwork Mandate Elimination Act” which will eliminate Section 9006 of “the Healthcare Reform Act” which requires you to provide each supplier from whom you purchase more than $600/year with a 1099. You may qualify for a 6.2% payroll tax incentive if you hired or hire a worker who was unemployed or worked a total of less than 40 hours during the 60 days before beginning work after February 3, 2010 and before January 1, 2010. The new hire cannot replace an employee unless that employees departure was voluntary or for cause. Relatives of the employer are not eligible. You will also be eligible for an additional tax credit on your 2011 income tax return for each qualified worker kept on the payroll for 52 consecutive weeks of no less than $1,000. YOU MUST OBTAIN A STATEMENT FROM EACH ELIGIBLE NEW HIRE CERTIFYING UNDER PENALTIES OF PERJURY, THAT THEY WERE UNEMPLOYED OR WORKED LESS THAN 40 HOURS FOR ANYONE DURING THE 60-DAY PERIOD. IRS Form W-11 can be used to meet this requirement. For further details and forms contact the IRS, your CPA or payroll processor. North Carolina small businesses with gross receipts less than $1 million can claim a tax credit for 25% of contribution made to the State Unemployment Insurance Fund in tax years 2010 and 2011. Check with your CPA or payroll processor. According to American Drycleaner e-news, Charlotte based Sailstar USA, Inc. ceased operations July 28 according to a letter from Tony Franklin, Sailstar USA President to a Sailstar distributor obtained by its sister publication, American Laundry News. Information provided in “News You Can Use” is drawn from sources we believe to be reliable, but is not to be taken as legal or accounting advice.We strongly recommend that you consult with your lawyer, accoutant or appropriate governmental agency before taking any action based on these news items. Vapor Intrusion - Update and Practical Considerations for Dry Cleaners Vapor intrusion or “VI”, the migration of volatile chemicals from the subsurface into overlying structures, is of growing concern for dry cleaners and property owners. These concerns stem from health, legal and business issues and are compounded by lack of regulatory clarity in a new and emerging environmental field. This article describes the sources of vapor intrusion specific to the dry cleaning industry, regulatory and practical considerations for ongoing dry cleaning operations and considerations for real estate transactions involving current or former dry cleaning plant facilities. Sources of Vapor Intrusion There are two primary sources of vapor intrusion in dry cleaning operations: contaminated soil beneath the building and contribution from off-gassing of volatile compounds from groundwater beneath the building. Note that there are other sources which contribute to volatile compounds in the facility’s indoor air that may compound the concentrations from VI but not be directly attributable to VI. These sources are operational and generally fugitive in nature. Leaks from dry cleaning equipment, muck left in open muck buckets, unsealed or poorly sealed hazardous waste containers, spotting chemicals not properly containerized can contribute to the overall concentration of volatile compound in indoor air, making it difficult, if not impossible to distinguish between intrusion sources and non-intrusion sources. Regulatory Issues One of the frustrations expressed by dry cleaners is the myriad of regulatory agencies with indoor air standards and their applicability to the dry cleaning industry. The most common question “What’s my target?” is often unanswerable or at least not to the certainty desired. There are different standards for VI as it pertains to “releases” versus air quality standards for contaminants found in indoor air from operations. Unfortunately, once a contaminant is found in indoor air from a facility with a documented release, it is difficult to distinguish between operational and release contributions to the contaminant concentrations. It is difficult to determine which factor is dominant and what mitigating steps are likely to yield the most benefit. It is also problematic to know in advance of implementing a “corrective action” if it will reach a chosen “target”. Currently the only enforceable standard for PCE is the OSHA work place standard (see accompanying table)1. While one may gravitate to the OSHA standards, it is imperative to note that use of these standards assume that employees will generally understand the nature and use of chemicals in the work place as addressed in the Hazard Communication Plan. This further assumes that (a) a written Hazard Communication Plan is in place and (b) employees have had this plan made available, i.e., trained. In absence of documented training concerning work place hazards, chemicals and exposures, a dry cleaner may not be able to rely on OSHA standards as the default criteria. In our experience, concentrations approaching the OSHA standard would be noticeable in the work place and would (and should) be addressed. It is also important to note that human health risk based standards used by the North Carolina Drycleaning Solvent Clean-up Act (DSCA) program for releases are based on a 1 in 10,000 risk level that requires mitigation if those standards are exceeded. Practical Considerations for Dry Cleaning Operators Until a comprehensive regulatory approach is developed to address contaminant contributions to indoor air from both operational and non-operational sources, there are a few practical and comparatively low-cost steps a dry cleaner can take to reduce indoor air concentrations of contaminants. •Verify that equipment is in good working order with no discernable leaks. • Make sure all waste containers in occupied spaces are tightly sealed with locking rings. Better yet, store waste containers outside the occupied space, in an enclosed storage building or other dedicated enclosed interior space, if possible. • Never store wastes outside, even if the area is enclosed or in a boiler room. • Use only waste containers supplied by your waste handler • Do not leave still residue in the muck bucket and place the muck bucket, when not in use, inside of a waste container with the locking ring securely attached. • Develop a Hazard Communication Plan, conduct employee training and document in writing that training. Have the employee sign off that the training was completed and understood. Issues for Real Estate Transactions In real estate transactions involving both the transfer of real property and the business entity, there is often discussion concerning what information relative to the condition of the property should be disclosed. While there is no ‘commercial disclosure statement’ and buyers should conduct what ever level of due diligence they feel necessary, environmental issues are considered material facts and must be disclosed to all parties. Maintaining an organized file with all regulatory correspondence, actions taken to address any regulatory directives and documents relating to corrective action (reports, lab data, etc.) should be clear, concise and readily available if requested. Prior to implementing an exit strategy (from the real property, business or both) consultation with legal counsel is a prudent first step. Environmental issues do nothing to improve the quality of a real estate transaction, so you must first have a comprehensive strategy for addressing questions that are sure to arise. About the Author Greg D. Icenhour, P.G., MBA, Realtor® is a Principal Geologist and Vice President of Shield Engineering, overseeing Shield’s Real Estate Environmental Services Practice. Greg also specializes in Commercial and Investment real estate, with an emphasis on environmentally-impacted properties and land transactions. Greg is a licensed Professional Geologist in North and South Carolina and holds a Masters of Business Administration degree with concentrations in Finance and Marketing Management. Greg has over 28 years of progressive geological, business, real estate and management experience and currently serves on the Board of Directors of Shield Engineering, Inc. and as consultant-liaison to the Environment, Energy, and Natural Resources Law Section of the North Carolina Bar Association. Fabricare Program Pays Dividend for 59th Consecutive Year Irving Weber Associates and Argo Select Continue to Spread the Wealth Irving Weber Associates and Argo Select (a division of Argo Group US) have just declared the 59th consecutive dividend for fabricare safety groups managed by Irving Weber Associates (IWA). Continually outpacing the typical insurance products by providing an exceptional program to its fabricare customers, IWA delivers a program that provides the most comprehensive coverage while allowing its group participants to share in the program’s outstanding results. “This latest dividend is further confirmation that the relationship and hard work of IWA and Argo really pays off for our clients,” said Adam Weber, IWA president. “This year was exceptional because we not only continued to pay these dividends to our eligible participants, we did so when our up-front rates are the lowest they have been in years.” While dividends are never guaranteed, they are based on the experience of the company you choose to provide your insurance needs. The continued diligence of IWA and Argo in managing claims and safety prevention is evident in its 59 consecutive years of paying back to program participants, an unprecedented accomplishment in this industry. IWA looks forward to providing fabricare customers and their local brokers with cost effective insurance protection for many years to come. Irving Weber Associates insurance programs have provided protection for Fabricare specialists such as Dry Cleaners, Commercial Launderers, Linen Supply and Uniform Rental firms for over 60 years. Its comprehensive and cost effective insurance programs are the hallmark for others to be compared against. Their superior products and stability marks IWA as the leader in the insurance industry protecting more dry cleaners than any other program in the country. IWA encourages anyone not already participating, to request that their broker obtain a proposal on their behalf. For more information, visit www.iwains.com. Fall Operational Training One of NCALC’s primary purposes is to provide N.C. cleaners with opportunities to train themselves and their employees in weeknight and weekend classes across the state. In order to provide you with the training you want we need to know what classes you would like us to offer in your area. These classes are open to non-members as well as members of NCALC/DLI. They are also open to members (MAC/SEFA/DLI) in other states who will get the member rate. Non-members pay a higher rate since they provide no dues support to NCALC/DLI. THERE IS A FALL 2010 FIELD TRAINING SURVEY INSERTED IN THE NEWSLETTER. If you would be interested in attending or sending one or more of your employees to any or all of the classes listed please complete the survey form and mail or fax it to the NCALC office as soon as possible so we can complete our Fall Training plans. Data Security & PCI Compliance Keep It Clean: Getting Compliant with Information Security Requirements will Help Avoid a Messy (and Expensive) Data Leak Small businesses have a lot to worry about, so information security is typically not at the top of the list. Sometimes, it’s not even on the list. Recent developments have, however, significantly raised the stakes for small businesses. Understanding the risks and requirements is your first step to dealing with the issues at hand. This article is intended to give you a flavor of some major requirements and issues in information security law, and why the risks of noncompliance are important to you. Why Should You Care? Because government agencies care (and, as described below, you have certain legal obligations to fulfill). The Federal Trade Commission has taken more than 20 actions alleging that inadequate information security constituted an unfair trade practice. These actions are typically settled with the offending entity, in which settlements require implementation of a comprehensive, written information security program and a third party audit of compliance with that program every other year for 10 or 20 years. Multiple state attorneys general have taken similar actions at the state level. In addition, Mississippi recently became the 46th state to enact a law requiring businesses experiencing a security breach to notify affected individuals if their personal information is impacted (North Carolina adopted its version in 2005). These laws mean that when certain personal information is either lost or stolen (e.g., an employee loses records containing financial account numbers, your system containing payment card numbers is hacked, etc.), you may have a legal obligation to send letters to each person affected (whether customer or employee) explaining what happened. That letter may be read with interest by regulators, plaintiffs’ attorneys, the media, and, unfortunately, potential investors or customers. Whether you’re responding to government enforcement or containing a security breach, productivity and cash flow will both be adversely affected. What Are the Requirements? • Security Breach Notification As mentioned above, if something goes wrong with your information security program and personal information is adversely impacted, you may have a legal obligation to report that incident to the affected persons (e.g., your customers). In North Carolina, notification must also be made to the state attorney general who, not coincidentally, is the person authorized to charge you with an unfair business practice if it turns out your security was lax. • PCI DSS The Payment Card Industry Data Security Standard (“PCI DSS”) is, for the most part, a privately-enforced set of security requirements issued by the major payment card brands (Am Ex, Visa, Discover, MasterCard and JCB). The PCI DSS requirements are typically applicable to merchants by way of their contracts with acquiring banks. The acquiring banks have an incentive to require compliance and enforce against noncompliance because the card brands will fine the banks in the event of data breaches that affect payment cards and necessitate reissuance of affected individuals’ cards. There are a lot of costs associated with reissuing cards, and the point here is to downstream those costs to the merchant if their security was not sufficient. To the extent breaches were due to a merchant’s failure to abide by PCI DSS, the consequences for the merchant can be fairly dramatic. The bank typically retains the right in the contract to withdraw funds directly from the merchants’ account without much, if any, due process in the case of alleged PCI DSS noncompliance. Although the majority of PCI DSS enforcement is private, three states have incorporated some or all of the standards into their laws and applied those requirements directly to merchants. Nevada is has incorporated PCI DSS in full such that any entity processing card data must fully comply as a matter of law. Washington and Minnesota apply PCI DSS less broadly than does Nevada, including some safe harbors, but the overall thrust is to hold merchants directly liable to banks for costs associated with breaches of card data. Topics covered by PCI DSS include: firewall installation and maintenance; system passwords and other provider-supplied default security settings; access rights; anti-virus software; unique user IDs; physical security; system logging; testing; and written policies and procedures addressing information security. • State Information Security Laws Many states now require that businesses handling “personal information” implement certain information security measures. The definition of “personal information” will vary depending on the state and the law, but almost always includes Social Security numbers, driver’s license or other state-issued ID numbers and financial account numbers (including payment card numbers). In North Carolina, there is a mandatory obligation to securely dispose of personal information, which is more broadly defined than is typical of state security laws and includes, for example, seemingly innocuous information like Internet account numbers and email addresses as well as more sensitive information like biometric data and maiden names. Other states, like Massachusetts, are much more extensive in their requirements and go well beyond information disposal. Because these laws usually apply based on the residency of the individuals in question, you may have to worry about more than one state’s law if you hold personal information about customers or employees in multiple states. • Federal Trade Commission Disposal Rule If you run credit checks or other types of background checks on employees or consumers, this federal regulation will require that you securely dispose of that information by cross-cut shredding or any other method that renders it unreadable and unusable. • Federal Trade Commission Red Flags Rule Without getting into the details, the fate of this federal regulation is as yet undetermined. As written, it will apply to your business if you qualify as a “creditor.” That term is defined broadly, so if you allow customers (generally individuals, not businesses) to maintain a line of credit or otherwise provide service but allow them to pay for it later (such as invoice-based billing) the rule may apply to you. It requires creditors to take steps to curb identity theft, such as by implementing written procedures to ensure that the person requesting the service actually is the person they claim to be. An easy example would be requesting a photo ID prior to opening up the line of credit. The rule has, however, been challenged repeatedly in court and has been delayed multiple times by the Commission. The current enforcement deadline is December 31, 2010 unless an earlier date is specified by Congress in the meantime. What Should You Do? Here are a few steps you should take to mitigate risk in this area. This list is not exhaustive, but presents a good starting point: • Carefully review your contracts with banks or service providers that play a role in your process for conducting payment card transactions. Consider questions like: What does the bank require of you? What happens if you don’t comply (can they withdraw funds from your account as a fine)? Is your provider giving you a PCI-compliant processing solution? Did they guarantee that in your contract? • Never retain full card data from the magnetic stripe, sometimes referred to as track data or magnetic stripe data. If you retain the full card number, secure it while your retain it and securely delete or destroy it as soon as the transaction clears. • Get PCI DSS compliant if you are not already. What that means will vary depending on the volume of your payment card transactions. Each card brand sets and defines their own levels, but generally speaking there are four levels. Level 1 is the highest and carries the greatest burdens, such as submitting to a third party assessment. Level 4 is the smallest and typically requires an annual written self-assessment. Vulnerability scans may be required or only recommend, depending on the volume of card transactions. • Apply reasonable security measures to personal information. Make sure access by your employees and others is limited on a need-to-know basis. Use physical security, like locking file cabinets, whenever possible. For electronic records, avoid storing personal information on any unencrypted portable device like a laptop, thumb drive, CD, PDA or smart phone. Document your security procedures, such as how you grant access rights, so that you can demonstrate them if called on to do so by a regulator or in litigation (and because PCI DSS and certain states require it). • Ensure that all records containing personal information (even something innocuous like email address) are cross-cut shredded or otherwise disposed of so that they cannot be “practicably read or reconstructed.” When it comes time to dispose of electronic records, degauss or wipe so that information cannot be resurrected. Remember that North Carolina requires a written policy documenting your information disposal process. • Be careful of service providers that handle personal information on your behalf. You are responsible for their actions (or inaction). Some states require that you have an appropriate contract in place regarding the provider’s information security. North Carolina requires such contracts with anyone engaged to dispose of personal information on your behalf. And, even if not required, a contract is a good idea to protect you against some of the risks described above. Elizabeth Johnson is an attorney at the law firm Poyner Spruill LLP. She practices privacy and information security law, representing clients from many industries ranging in size from small businesses to Fortune 100 companies. She can be reached at 919-783-6400. Home

In This Issue...

Drycleaner in Congress

Telephone Scam

President’s Desk

Thanks for Renewing

Join an NCALC Committee

Member Matters

News You Can Use

Vapor Intrusion

List of Compliance Inspections

IWA Pays Dividend

NCALC Membership Benefits

Payroll Processing

Operational Training

New Member Rewards

Data Security & PCI Compliance

A Drycleaner in Congress?

Jeff Miller, left, with Pres. George W. Bush after he was awarded the Presidential Citizens Medal in the Oval Office at the White House.

Jeff Miller owner/operator of Miller’s Fine Dry Cleaning in Hendersonville, N.C. is in a hotly contested race with the incumbent Democrat Keith Shuler to represent the 11th Congressional District in the US House of Representatives in the November elections.

Jeff succeeds his father and grandfather as the owner/operator of Miller’s Cleaners and Laundry, as a member of DLI and NCALC and as an ardent supporter of the Drycleaning Solvent Cleanup Act Program in North Carolina. He is also well known for his efforts to fly WWII veterans to Washington, D.C. to see their memorials for free. He founded the Honor Air Program in Henderson County in 2006 which spawned other programs across the southeast and merged with the Honor Flight Program in Ohio in 2007 to form the Honor Flight Network which has now made it possible for 36,000 vets to make the trip to visit their memorials from over 100 hubs in 39 states. He was awarded the Presidential Citizens Medal in 2008 for his leadership in sending older veterans to visit their memorial.

Miller is a fiscally conservative Republican whose primary agenda is to strengthen our economy by creating and protecting jobs, controlling government spending and getting government off the backs of small business.

This article is for informational purposes only and does not imply an endorsement by NCALC or Carolina Clean.

WARNING: BEWARE OF TELEPHONE SCAM

If you get a call from an operator representing a handicapped person who is communicating with them via a keyboard & if they have 50 comforters, 300 shirts or any seemingly lucrative order, IT’S PROBABLY A SCAM. If they want to give you a credit card # and ask you to send a cashiers check for the shipping,IT’S DEFINITELY THE SCAM.The credit card will go through initially but will come back as a chargeback and no big order will ever show up at your door.

What to Expect in the Next Two Years

Greeting from the cool, clear, arid Blue Ridge Mountains! Just pulling your chain, it’s hot and humid here too. In this issue I thought you might be interested in knowing a little more about me, my involvement in NCALC and what you should expect from us over the next two years.

I grew up the small coastal town of Georgetown, SC, where my family had a commercial laundry and dry cleaning operation. My earliest memories were of riding around the plant in laundry baskets. In later years I swept the floors, served as car hop, drove a delivery van and ultimately served as President of the laundry and dry cleaning plant my father founded after World War II. Dad also served as the second President of IFI (now DLI) in the early 1970’s. Upon his death, I suddenly became partners in this operation with 4 sisters and their husbands, I knew things were about to change. After much teeth gnashing, hand wringing and sleepless nights, I made the decision to move on with my life. I was young, had a small family (wife and two daughters) and I wasn’t at all interested in working for my sisters and especially not the brother-in-laws!

Well, as fate would have it, Dad’s friend Bretney Smith of Asheville (Swannanoa Cleaners) needed some help and well, I was available. Shortly after my arrival in the beautiful Appalachian Mountains, Bretney suggested I get involved with NCALC. I’m not sure he knew where that road would lead because before I knew it I was off to Washington D.C. with Mack Davis, Jim Hilker and others to discuss regulatory issues with our representatives. I’ll never forget meeting Jessie Helms. Those were tumultuous years in our organization. There were issues with staff, there were issues with contamination, there were issues with liability, there were even issues with solvent choices. Wow, doesn’t sound like we’ve made much progress does it?

That’s what those outside of our industry might think, but from my perspective, I couldn’t be more proud. After our visit to DC, it became apparent that the Federal Government was not going to be of any help. Faced with the daunting challenge of writing State law, this Association under the leadership of the likes of Denny Shaffer, Chris Edwards and many others set out to bring what is now know as the North Carolina Dry cleaning Solvent Clean up Act into law. This law which is the envy of the rest of the United States has proven to be of significant benefit to our environment, numerous communities and operators across our State. However, as you might have expected, this law is not perfect. We continue to hear of far too many uninformed dry cleaners. We hear of boot-leg suppliers selling untaxed solvent.

As you can see, we’ve still got work to do on this front but there are other issues facing our industry as well. Tax evasion, illegal immigration and unfair hiring practices in my opinion will plague North Carolina dry cleaners in the years to come. It will be my administration’s goal to assist members with their questions concerning these complex issues. We will also strive to publish helpful and informative literature that might assist our membership in avoiding the complications that these issues will surely bring to our member plants. I strongly urge you to pay particular attention to articles in Carolina Clean that deal with these items.

As if that weren’t enough, we also can’t lose sight of the fact that we are in this business to make a profit. Throw into the equation a little wrinkle and stain resistant fabric, $120,000 dry cleaning machines, $50 per gallon alternative solvents and a more casual yet trendy apparel industry and suddenly we’ve got a lot on our plate. You will also continue to see informative articles in Carolina Clean that will keep you in the know on these issues as well.

In closing let me remind you, the times they are a changing and we, as members of NCALC will be prepared for the challenges, no, opportunities that lie ahead. Don’t forget, we’ve been through much of this before. Some of our members probably remember when Perc was an alternative solvent and when wash and wear crushed our industry, but we have and will persevere. How? Because we’re involved in our business and this association.

Waiting for fall,

Marvin Thomas

President

Renewing Members

Richard Chavis

Royal Cleaners Inc.

Fayetteville

J K Fordham

Paramount Cleaners

Goldsboro

Haresh Majithia

North Cross Dry Cleaners

Huntersville

Gary McPherson

McPherson Cleaners

Burlington

Ted Rogers

Ideal Cleaners

Elizabethtown

Ed & Mitzi Forrest

Durham Cleaners & Laundromat

Durham

Chun Tok Yi

Lake Jeanette Cleaners

Greensboro

David Powell

Davids Cleaners Inc

Winston-Salem

Larry Pope

Popes Dry Cleaners

Raleigh

Mary Wells

One Hour Koretizing

Rocky Mount

Jimmy Lee

Jones Dry Cleaning

Charlotte

Victor Uy

Neighborhood Dry Cleaning

Pinehurst

Get Involved ... Join an NCALC Committee

NCALC is a committee driven organization. In addition to the Board we have four standing committees that plan and direct the activities, programs and services the association provides to N.C. Cleaners and Launderers. The committees are made up of member cleaners and allied trades representatives. Board members are elected by the general membership; committee members are appointed by the President and include members who are not Board members. The committees meet during each of winter, spring and fall Board and Committee Meetings and by conference call between meetings when needed.

NCALC’s four standing committees are:

Trusteeship Committee is chaired by the Immediate Past President. Its membership is comprised of all past presidents in attendance, the Treasurer, Sgt at Arms, Allied Trades Representative and At Large Directors and members appointed by the President. It is responsible for financial oversight, Bylaws, Board Policy, Association Objectives, Decorum and dispute resolution.

Governmental Affairs is chaired by the Vice President for Governmental Affairs and is responsible for the Association’s activities in pursuit of its legislative and regulatory objectives. Committee members are appointed by the President and include both At Large Directors and interested non-Board Members.

Membership is chaired by the Vice President for Membership and is responsible for all the Association’s activities in pursuit of its membership objectives and activities to retain, recapture and recruit members. The 7 District Directors are automatically assigned to this committee. In addition, the President appoints Regular and Associate At Large Directors and interested non-Board Members to serve on this committee.

Member Services is chaired by the Vice President of Member Services and is responsible for all the Association’s activities in pursuit of its member services objectives, which include education and training, certification, public relations, endorsed provider money saving insurance, credit/debit card and payroll processing and check collection programs; information dissemination by website, newsletter and e-mail; and networking opportunities such as the Annual Convention, area meetings, social and recreational gatherings.

NO MATTER WHAT YOUR INTEREST MAY BE THERE’S A PLACE FOR YOU TO GET INVOLVED WITH YOUR ASSOCIATION. All Board and Committee Meetings are open to any and all N.C. Cleaners and Allied Trades. Members and Non-Members are always welcome. Why not join us at our Fall Board and Committee Meetings in Asheville October 1st and 2nd (Details are in this newsletter)? If you have any questions or want to volunteer right now call President Marvin Thomas 828-253-3691 or e-mail him at marvin@swannanoacleaners.com.

News You Can Use ...

A recent study from the Pew Research Center found that Small Businesses are the most trusted institution in America. 71% of respondents said small business has “a positive effect on the way things are going” ahead of churches and religious organizations 63%; universities 61%; labor unions 32%; Federal government and big business 25% and banks 22%. Your customers and potential customers are predisposed to trust you because they can establish a personal relationship with you-so cultivate it.

The Obama administration has launched a multi-faceted crusade against employers who may be guilty of Labor Violations. The Department of Labor hired 250 additional investigators to crack down on wage and hour violations and launched a campaign to help employees file complaints against their employers. “We Can Help” targets workers, including illegal aliens focusing on minimum wage and overtime provisions of the labor laws. REMEMBER THAT YOU MUST HAVE A STANDARD WORK WEEK (beginning and ending on the same days) & PAY OVERTIME IF THE EMPLOYEE WORKS MORE THAN 40 HOURS IN ANY WORK WEEK EVEN IF PAID EVERY TWO WEEKS.

ICE-IMMIGRATION CUSTOMS and ENFORCEMENT, the Department of Homeland Security’s enforcement arm has removed several illegals from the premises and levying substantial fines for paperwork violations on the employer. See the July issue of Carolina Clean “Beware the ICE” for what you must do to protect yourself from substantial fines even if you employ no illegals. You are required to do the paperwork - i.e. I-9’s - on every employee.

If you accept credit and/or debit cards you must comply with the PCI Security Standards established by the major card companies (e.g. Visa, MasterCard, American Express, Discover, etc.). If you process credit card transactions through your POS system you need to consult with them and your credit card processor. If you process transactions on a stand alone terminal through a dial up phone line, you need only consult with your credit card processor. In either event, you will need to complete a self-assessment questionnaire available at www.PCIsecuritystandards.org (a “no” means you’re not compliant) and complete an “attestation of compliance” and submit it to your credit card processor.

Contact your U.S. Representative and Senator and ask them to co-sponsor and/or vote for HR 5141 or S-3578 “The Small Business Paperwork Mandate Elimination Act” which will eliminate Section 9006 of “the Healthcare Reform Act” which requires you to provide each supplier from whom you purchase more than $600/year with a 1099.

You may qualify for a 6.2% payroll tax incentive if you hired or hire a worker who was unemployed or worked a total of less than 40 hours during the 60 days before beginning work after February 3, 2010 and before January 1, 2010. The new hire cannot replace an employee unless that employees departure was voluntary or for cause. Relatives of the employer are not eligible. You will also be eligible for an additional tax credit on your 2011 income tax return for each qualified worker kept on the payroll for 52 consecutive weeks of no less than $1,000. YOU MUST OBTAIN A STATEMENT FROM EACH ELIGIBLE NEW HIRE CERTIFYING UNDER PENALTIES OF PERJURY, THAT THEY WERE UNEMPLOYED OR WORKED LESS THAN 40 HOURS FOR ANYONE DURING THE 60-DAY PERIOD. IRS Form W-11 can be used to meet this requirement. For further details and forms contact the IRS, your CPA or payroll processor.

North Carolina small businesses with gross receipts less than $1 million can claim a tax credit for 25% of contribution made to the State Unemployment Insurance Fund in tax years 2010 and 2011. Check with your CPA or payroll processor.

According to American Drycleaner e-news, Charlotte based Sailstar USA, Inc. ceased operations July 28 according to a letter from Tony Franklin, Sailstar USA President to a Sailstar distributor obtained by its sister publication, American Laundry News.

Information provided in “News You Can Use” is drawn from sources we believe to be reliable, but is not to be taken as legal or accounting advice.We strongly recommend that you consult with your lawyer, accoutant or appropriate governmental agency before taking any action based on these news items.

Vapor Intrusion - Update and Practical Considerations for Dry Cleaners

Vapor intrusion or “VI”, the migration of volatile chemicals from the subsurface into overlying structures, is of growing concern for dry cleaners and property owners. These concerns stem from health, legal and business issues and are compounded by lack of regulatory clarity in a new and emerging environmental field. This article describes the sources of vapor intrusion specific to the dry cleaning industry, regulatory and practical considerations for ongoing dry cleaning operations and considerations for real estate transactions involving current or former dry cleaning plant facilities.

Sources of Vapor Intrusion

There are two primary sources of vapor intrusion in dry cleaning operations: contaminated soil beneath the building and contribution from off-gassing of volatile compounds from groundwater beneath the building. Note that there are other sources which contribute to volatile compounds in the facility’s indoor air that may compound the concentrations from VI but not be directly attributable to VI. These sources are operational and generally fugitive in nature. Leaks from dry cleaning equipment, muck left in open muck buckets, unsealed or poorly sealed hazardous waste containers, spotting chemicals not properly containerized can contribute to the overall concentration of volatile compound in indoor air, making it difficult, if not impossible to distinguish between intrusion sources and non-intrusion sources.

Regulatory Issues

One of the frustrations expressed by dry cleaners is the myriad of regulatory agencies with indoor air standards and their applicability to the dry cleaning industry. The most common question “What’s my target?” is often unanswerable or at least not to the certainty desired. There are different standards for VI as it pertains to “releases” versus air quality standards for contaminants found in indoor air from operations. Unfortunately, once a contaminant is found in indoor air from a facility with a documented release, it is difficult to distinguish between operational and release contributions to the contaminant concentrations. It is difficult to determine which factor is dominant and what mitigating steps are likely to yield the most benefit. It is also problematic to know in advance of implementing a “corrective action” if it will reach a chosen “target”.

Currently the only enforceable standard for PCE is the OSHA work place standard (see accompanying table)1. While one may gravitate to the OSHA standards, it is imperative to note that use of these standards assume that employees will generally understand the nature and use of chemicals in the work place as addressed in the Hazard Communication Plan. This further assumes that (a) a written Hazard Communication Plan is in place and (b) employees have had this plan made available, i.e., trained. In absence of documented training concerning work place hazards, chemicals and exposures, a dry cleaner may not be able to rely on OSHA standards as the default criteria. In our experience, concentrations approaching the OSHA standard would be noticeable in the work place and would (and should) be addressed.

It is also important to note that human health risk based standards used by the North Carolina Drycleaning Solvent Clean-up Act (DSCA) program for releases are based on a 1 in 10,000 risk level that requires mitigation if those standards are exceeded.

Practical Considerations for Dry Cleaning Operators

Until a comprehensive regulatory approach is developed to address contaminant contributions to indoor air from both operational and non-operational sources, there are a few practical and comparatively low-cost steps a dry cleaner can take to reduce indoor air concentrations of contaminants.

•Verify that equipment is in good working order with no discernable leaks.

• Make sure all waste containers in occupied spaces are tightly sealed with locking rings. Better yet, store waste containers outside the occupied space, in an enclosed storage building or other dedicated enclosed interior space, if possible.

• Never store wastes outside, even if the area is enclosed or in a boiler room.

• Use only waste containers supplied by your waste handler

• Do not leave still residue in the muck bucket and place the muck bucket, when not in use, inside of a waste container with the locking ring securely attached.

• Develop a Hazard Communication Plan, conduct employee training and document in writing that training. Have the employee sign off that the training was completed and understood.

Issues for Real Estate Transactions

In real estate transactions involving both the transfer of real property and the business entity, there is often discussion concerning what information relative to the condition of the property should be disclosed. While there is no ‘commercial disclosure statement’ and buyers should conduct what ever level of due diligence they feel necessary, environmental issues are considered material facts and must be disclosed to all parties. Maintaining an organized file with all regulatory correspondence, actions taken to address any regulatory directives and documents relating to corrective action (reports, lab data, etc.) should be clear, concise and readily available if requested. Prior to implementing an exit strategy (from the real property, business or both) consultation with legal counsel is a prudent first step. Environmental issues do nothing to improve the quality of a real estate transaction, so you must first have a comprehensive strategy for addressing questions that are sure to arise.

About the Author

Greg D. Icenhour, P.G., MBA, Realtor® is a Principal Geologist and Vice President of Shield Engineering, overseeing Shield’s Real Estate Environmental Services Practice. Greg also specializes in Commercial and Investment real estate, with an emphasis on environmentally-impacted properties and land transactions. Greg is a licensed Professional Geologist in North and South Carolina and holds a Masters of Business Administration degree with concentrations in Finance and Marketing Management.

Greg has over 28 years of progressive geological, business, real estate and management experience and currently serves on the Board of Directors of Shield Engineering, Inc. and as consultant-liaison to the Environment, Energy, and Natural Resources Law Section of the North Carolina Bar Association.

Fabricare Program Pays Dividend for 59th Consecutive Year

Irving Weber Associates and Argo Select Continue to Spread the Wealth

Irving Weber Associates and Argo Select (a division of Argo Group US) have just declared the 59th consecutive dividend for fabricare safety groups managed by Irving Weber Associates (IWA). Continually outpacing the typical insurance products by providing an exceptional program to its fabricare customers, IWA delivers a program that provides the most comprehensive coverage while allowing its group participants to share in the program’s outstanding results.

“This latest dividend is further confirmation that the relationship and hard work of IWA and Argo really pays off for our clients,” said Adam Weber, IWA president. “This year was exceptional because we not only continued to pay these dividends to our eligible participants, we did so when our up-front rates are the lowest they have been in years.”

While dividends are never guaranteed, they are based on the experience of the company you choose to provide your insurance needs. The continued diligence of IWA and Argo in managing claims and safety prevention is evident in its 59 consecutive years of paying back to program participants, an unprecedented accomplishment in this industry. IWA looks forward to providing fabricare customers and their local brokers with cost effective insurance protection for many years to come.

Irving Weber Associates insurance programs have provided protection for Fabricare specialists such as Dry Cleaners, Commercial Launderers, Linen Supply and Uniform Rental firms for over 60 years. Its comprehensive and cost effective insurance programs are the hallmark for others to be compared against. Their superior products and stability marks IWA as the leader in the insurance industry protecting more dry cleaners than any other program in the country.

IWA encourages anyone not already participating, to request that their broker obtain a proposal on their behalf. For more information, visit www.iwains.com.

Fall Operational Training

One of NCALC’s primary purposes is to provide N.C. cleaners with opportunities to train themselves and their employees in weeknight and weekend classes across the state. In order to provide you with the training you want we need to know what classes you would like us to offer in your area.

These classes are open to non-members as well as members of NCALC/DLI. They are also open to members (MAC/SEFA/DLI) in other states who will get the member rate. Non-members pay a higher rate since they provide no dues support to NCALC/DLI.

THERE IS A FALL 2010 FIELD TRAINING SURVEY INSERTED IN THE NEWSLETTER. If you would be interested in attending or sending one or more of your employees to any or all of the classes listed please complete the survey form and mail or fax it to the NCALC office as soon as possible so we can complete our Fall Training plans.

Data Security & PCI Compliance

Keep It Clean: Getting Compliant with Information Security Requirements will Help Avoid a Messy (and Expensive) Data Leak

Small businesses have a lot to worry about, so information security is typically not at the top of the list. Sometimes, it’s not even on the list. Recent developments have, however, significantly raised the stakes for small businesses. Understanding the risks and requirements is your first step to dealing with the issues at hand. This article is intended to give you a flavor of some major requirements and issues in information security law, and why the risks of noncompliance are important to you.

Why Should You Care?

Because government agencies care (and, as described below, you have certain legal obligations to fulfill). The Federal Trade Commission has taken more than 20 actions alleging that inadequate information security constituted an unfair trade practice. These actions are typically settled with the offending entity, in which settlements require implementation of a comprehensive, written information security program and a third party audit of compliance with that program every other year for 10 or 20 years. Multiple state attorneys general have taken similar actions at the state level. In addition, Mississippi recently became the 46th state to enact a law requiring businesses experiencing a security breach to notify affected individuals if their personal information is impacted (North Carolina adopted its version in 2005). These laws mean that when certain personal information is either lost or stolen (e.g., an employee loses records containing financial account numbers, your system containing payment card numbers is hacked, etc.), you may have a legal obligation to send letters to each person affected (whether customer or employee) explaining what happened. That letter may be read with interest by regulators, plaintiffs’ attorneys, the media, and, unfortunately, potential investors or customers. Whether you’re responding to government enforcement or containing a security breach, productivity and cash flow will both be adversely affected.

What Are the Requirements?

• Security Breach Notification

As mentioned above, if something goes wrong with your information security program and personal information is adversely impacted, you may have a legal obligation to report that incident to the affected persons (e.g., your customers). In North Carolina, notification must also be made to the state attorney general who, not coincidentally, is the person authorized to charge you with an unfair business practice if it turns out your security was lax.

• PCI DSS

The Payment Card Industry Data Security Standard (“PCI DSS”) is, for the most part, a privately-enforced set of security requirements issued by the major payment card brands (Am Ex, Visa, Discover, MasterCard and JCB). The PCI DSS requirements are typically applicable to merchants by way of their contracts with acquiring banks. The acquiring banks have an incentive to require compliance and enforce against noncompliance because the card brands will fine the banks in the event of data breaches that affect payment cards and necessitate reissuance of affected individuals’ cards. There are a lot of costs associated with reissuing cards, and the point here is to downstream those costs to the merchant if their security was not sufficient. To the extent breaches were due to a merchant’s failure to abide by PCI DSS, the consequences for the merchant can be fairly dramatic. The bank typically retains the right in the contract to withdraw funds directly from the merchants’ account without much, if any, due process in the case of alleged PCI DSS noncompliance.

Although the majority of PCI DSS enforcement is private, three states have incorporated some or all of the standards into their laws and applied those requirements directly to merchants. Nevada is has incorporated PCI DSS in full such that any entity processing card data must fully comply as a matter of law. Washington and Minnesota apply PCI DSS less broadly than does Nevada, including some safe harbors, but the overall thrust is to hold merchants directly liable to banks for costs associated with breaches of card data.

Topics covered by PCI DSS include: firewall installation and maintenance; system passwords and other provider-supplied default security settings; access rights; anti-virus software; unique user IDs; physical security; system logging; testing; and written policies and procedures addressing information security.

• State Information Security Laws

Many states now require that businesses handling “personal information” implement certain information security measures. The definition of “personal information” will vary depending on the state and the law, but almost always includes Social Security numbers, driver’s license or other state-issued ID numbers and financial account numbers (including payment card numbers). In North Carolina, there is a mandatory obligation to securely dispose of personal information, which is more broadly defined than is typical of state security laws and includes, for example, seemingly innocuous information like Internet account numbers and email addresses as well as more sensitive information like biometric data and maiden names. Other states, like Massachusetts, are much more extensive in their requirements and go well beyond information disposal. Because these laws usually apply based on the residency of the individuals in question, you may have to worry about more than one state’s law if you hold personal information about customers or employees in multiple states.

• Federal Trade Commission Disposal Rule

If you run credit checks or other types of background checks on employees or consumers, this federal regulation will require that you securely dispose of that information by cross-cut shredding or any other method that renders it unreadable and unusable.

• Federal Trade Commission Red Flags Rule

Without getting into the details, the fate of this federal regulation is as yet undetermined. As written, it will apply to your business if you qualify as a “creditor.” That term is defined broadly, so if you allow customers (generally individuals, not businesses) to maintain a line of credit or otherwise provide service but allow them to pay for it later (such as invoice-based billing) the rule may apply to you. It requires creditors to take steps to curb identity theft, such as by implementing written procedures to ensure that the person requesting the service actually is the person they claim to be. An easy example would be requesting a photo ID prior to opening up the line of credit. The rule has, however, been challenged repeatedly in court and has been delayed multiple times by the Commission. The current enforcement deadline is December 31, 2010 unless an earlier date is specified by Congress in the meantime.

What Should You Do?

Here are a few steps you should take to mitigate risk in this area. This list is not exhaustive, but presents a good starting point:

• Carefully review your contracts with banks or service providers that play a role in your process for conducting payment card transactions. Consider questions like: What does the bank require of you? What happens if you don’t comply (can they withdraw funds from your account as a fine)? Is your provider giving you a PCI-compliant processing solution? Did they guarantee that in your contract?

• Never retain full card data from the magnetic stripe, sometimes referred to as track data or magnetic stripe data. If you retain the full card number, secure it while your retain it and securely delete or destroy it as soon as the transaction clears.

• Get PCI DSS compliant if you are not already. What that means will vary depending on the volume of your payment card transactions. Each card brand sets and defines their own levels, but generally speaking there are four levels. Level 1 is the highest and carries the greatest burdens, such as submitting to a third party assessment. Level 4 is the smallest and typically requires an annual written self-assessment. Vulnerability scans may be required or only recommend, depending on the volume of card transactions.

• Apply reasonable security measures to personal information. Make sure access by your employees and others is limited on a need-to-know basis. Use physical security, like locking file cabinets, whenever possible. For electronic records, avoid storing personal information on any unencrypted portable device like a laptop, thumb drive, CD, PDA or smart phone. Document your security procedures, such as how you grant access rights, so that you can demonstrate them if called on to do so by a regulator or in litigation (and because PCI DSS and certain states require it).

• Ensure that all records containing personal information (even something innocuous like email address) are cross-cut shredded or otherwise disposed of so that they cannot be “practicably read or reconstructed.” When it comes time to dispose of electronic records, degauss or wipe so that information cannot be resurrected. Remember that North Carolina requires a written policy documenting your information disposal process.

• Be careful of service providers that handle personal information on your behalf. You are responsible for their actions (or inaction). Some states require that you have an appropriate contract in place regarding the provider’s information security. North Carolina requires such contracts with anyone engaged to dispose of personal information on your behalf. And, even if not required, a contract is a good idea to protect you against some of the risks described above.

Elizabeth Johnson is an attorney at the law firm Poyner Spruill LLP. She practices privacy and information security law, representing clients from many industries ranging in size from small businesses to Fortune 100 companies. She can be reached at 919-783-6400.

Home

Site Index

Home

Carolina Clean

NCALC_Officers & Directors

NCALC Allied Trades

Calendar

NCALC New Member Rewards

NEW MEMBER REWARDS

MORE THAN $2000 IN GOODS & SERVICES

IF YOU JOIN NCALC/DLI NOW

A PLANT ENVIRONMENTAL COMPLIANCE INSPECTION by Greg Icenhour, CED of Shield Engineering

A PLANT MAINTENACE CHECK-UP By Tri-State Laundry Equipment Co.

A SUPPLY INVENTORY MANAGEMENT SYSTEM from N.S. Farrington & Co.

A FULL REGISTRATION to CAROLINA CLEAN '09 from NCALC

"QUALITY SHIRT FINISHING" IN PLANT TRAINING VIDEO OR DVD IN ENGLISH OR SPANISH from DLI

20,000 CUSTOM INVOICES AT STOCK PRICES from Liberty Pittsburgh

A STANFORD SPOTTING KIT from Fabritech

A 10% DISCOUNT ON SECONDARY CONTAINMENT TRAYS from MCF Systems

THE OPPORTUNITY TO HAVE THE SERVICES OF AN NCALC MENTOR

Access to Scholarship for DLI Resident Courses

In order to qualify as a new member you or your cleaners cannot have been a member of NCALC/DLI in the past year and you must pay your annual dues in the correct dues category in full with your membership application.

memberapp.pdf

North Carolina Association

of Launderers & Cleaners

The Source of Official Information

for NCALC

Carolina Clean

August, 2010