Compliance
What is your legal obligation?
Several laws require the destruction of documents with personal information before they are disposed of. They include FACTA, HIPPA,The Gramm-Leach-Bliley Act of 1999 and various local and state regulations.
FACTA - The Fair and Accurate Credit Transaction Act of 2003
Also known as the FACT Act. Was signed into law on December 4, 2003. In general, the Act amends the Fair Credit Reporting Act (“FCRA”). The Act contains a number of provisions intended to combat consumer fraud and related crimes, including identity theft, and to assist its victims. Specifically the act requires the destruction of PAPERS CONTAINING CONSUMER INFORMATION. It is hard to imagine any business or organization that is not bound by this law.
The proposed DISPOSAL RULE. Sec. 682.3 Proper disposal of consumer information.
A) Standard. Any person who maintains or otherwise possesses consumer information, or any compilation of consumer information, for a business purpose must properly dispose of such information by taking reasonable measures to protect against unauthorized access to or use of the information in connection with its disposal.
B) Examples. Reasonable measures to protect against unauthorized access to or use of consumer information in connection with its disposal would include implementing and monitoring compliance with policies and procedures that require the burning, pulverizing, or shredding of papers containing consumer information so that the information cannot practicably be read or reconstructed.
HIPAA - The Health Insurance Portability and Accountability Act
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 regulates the healthcare industry in the United States and assures that healthcare organizations will be responsible for the secure electronic transmission, secure storage and disposal of patient information.
GLB - The Gramm-Leach-Bliley Act of 1999
Mandates that financial institutions that obtain nonpublic personal information through the normal course of their business must develop precautions to ensure the security and confidentiality of customer records and information, and to protect against unauthorized access to or use of such records. This includes secure storage, disposal, and sharing of confidential information. Who must comply with the Gramm-Leach-Bliley Act: banking and credit issuing, insurance, stocks, bonds, investing, and financial service providers.
