Relevant Legislation

A look at some recent legislation that encourages document shredding.

Fair and Accurate Credit Transaction Act (FACTA)
Originally enacted in 2003 with the new disposal provision effective June 1, 2005, FACTA gives rights to victims of identity theft and places more responsibility on large and small business owners to destroy personal information that could be used by identity thieves. Personal information means everything from names and phone numbers to social security numbers, credit reports, addresses and employee history.

If someone’s identity is stolen and the company is found liable, the company can be sued by an individual, embroiled in a class action law suit or fined up to $1,000 by the state and up to $2,500 per infraction by the federal government. According to a recent survey by the Better Business Bureau, only 11 percent of businesses were even aware FACTA existed.

Health Information Portability and Accountability Act (HIPAA)
According to federal law, health care organizations must “maintain reasonable and appropriate, technical, and physical safeguards to prevent intentional or unintentional use or disclosure of protected health information,” which includes the safeguarding of patient medical records, patient logs, insurance, billing and other personally identifiable health information.

Health Information Technology for Economic and Clinical Health (HITECH)
Enacted as part of the American Recovery and Reinvestment Act of 2009. This Act requires that a covered entity provide notifications to any and all individuals about any breach of personal heath information stored or collected electronically.

The Economic Espionage Act (EEA)
The Economic Espionage Act of 1996 protects company trade secrets, which are “all forms and types of financial, business, scientific, technical, economic, or engineering information” that the owner has taken reasonable measures to keep secret and not accessible by the public.

Gramm-Leach-Bliley Act
Financial institutes are required to protect the privacy of consumer information and provide the consumer privacy notices detailing the institutions’ information sharing practices.

Identity Theft Penalty Enhancement Act
Aggravated identity theft, defined as the transfer, possession, or use, without lawful authority, a means of identification of another person, is a criminal offense punishable by a term of imprisonment of two years.

Sarbanes-Oxley Act (SOX)
Designed to increase corporate responsibility and deter corporate and accounting fraud, SOX dictates rules concerning the retention, control, management & destruction of company information.