Information Destruction Laws
With identity theft and information fraud at an all-time high, the federal government has enacted over 40 information destruction laws to protect consumers. Here’s a synopsis of the three most significant pieces of consumer information protection legislation:
The Fair and Accurate Credit Transaction Act (FACTA) requires that any individual or business that maintains personal consumer information must take reasonable care to protect against unauthorized access to this information, and they must also destroy personal consumer information before it is discarded. Violation of FACTA, which went into effect in 2005, can mean fines and penalties of up to $2,500 for each consumer record compromised.
For more information about FACTA click here.
The Health Insurance Portability and Accountability Act (HIPAA) sets national standards for the protection of personal health information. HIPAA, which went into effect in 1996, requires all healthcare providers, including any organization that transmits personal health information, to maintain the confidentiality of this information and to destroy the information before it is discarded.
For more information about HIPAA click here.
The Gramm-Leach-Bliley Act requires that all financial institutions protect the confidential information of their clients. Banks, credit unions, mortgage companies, investment and financial services firms and insurance underwriters are among those affected. Fines for violating GLB can be severe. American United Mortgage Company was fined $50,000 for violating GLB (learn more).
For more information about GLB click here.
Identity Theft Enforcement and Protection Act of 2005
The Identity Theft Enforcement and Protection Act (the “ITEP Act”) , mandates that businesses have a legal duty to protect and safeguard sensitive personal information.
Similar to the Gramm-Leach Bliley Act, the ITEP Act requires businesses that collect or maintain sensitive personal information in the regular course of business to implement and maintain reasonable procedures and corrective measures to protect and safeguard sensitive personal information from unlawful use or disclosure. Further more , the ITEP Act includes a “Dumpster Diving”provision where companies are required to destroy customer records no longer in use by shredding, erasing modifying the records to make the information unreadable or undecipherable.
The ITEP Act not only allows the Attorney General to seek permanent injunction, but also exposes defendants to a civil penalty of at least 2,000 and up to $50,00 against each defendant.
For more information click here.
Total Security Breaches Nationwide Tops 218 Million
Think a security breach can’t happen to your organization? Think again! Since they began tracking security breaches in Jan. 2005, PrivacyRights.Org reports that over 218 million confidential files, in every imaginable industry, have been compromised!
For a comprehensive list of these information security breaches, click here.