Laws

FACTA (Fair and Accurate Credit Transactions Act)
FACTA is also known as the FACT Act and was signed into law on December 6, 2003. The Act amends the Fair Credit Reporting Act (FCRA). The Act contains a number of provisions intended to combat Identity Theft and consumer fraud and related crimes. Specifically, the act requires the destruction of papers containing consumer information. Virtually every business or organization that is bound by this law.

The proposed DISPOSAL RULE
Any person who maintains or otherwise possesses consumer information, or any compilation of consumer information, for a business purpose must properly dispose of such information by taking reasonable measures to protect against unauthorized access to or use of the information in connection with its disposal.

Reasonable measures include: Implementing and monitoring compliance with policies and procedures that require the burning, pulverizing, or shredding of papers containing consumer information so that the information cannot practicably be read or reconstructed. Cannot simply be tossed in the trash. In doing so, companies could potentially face federal and state damages and penalties for each violation.

HIPAA (Health Insurance Portability and Accountability Act
Health Insurance Portability and Accountability Act (HIPAA), was enacted in 1996 and includes provisions intended to safeguard the privacy of patient health records. HIPAA is a significant piece of legislation with onerous penalties. For a full text of the Summary of the HIPAA Privacy Rule from the Department of Human Services, available online go to the Health and Human Services link below. See page 14 of this document in regards to shredding information.

HIPAA LINKS:
Penalties for HIPAA Violations
Health and Human Services

GLB (Gramm Leach Bliley)
Gramm Leach Bliley (GLB) is another federal law with a much broader scope than HIPAA. This law was designed to compel financial institutions to “respect the privacy of its customers and to protect the security and confidentiality of those customers’ non-public personal information.” This language suggests that paper documents containing such personal information should also be protected when in use and safely destroyed when no longer current and usable.

GLB LINKS:
Senate Banking Committee Report
Federal Trade Commission Report