LAWS & REGULATIONS

All businesses that handle any kind of customer or employee personal data are required by recent laws and legislation to ensure that this data is stored securely and destroyed appropriately. Please see the laws below that pertain to different businesses.

ALL USA BUSINESSES:

  • THE FAIR AND ACCURATE CREDIT TRANSACTION ACT OF 2003 (FACTA)

    FACTA (Fair and Accurate Credit Transactions Act) is an amendment to FCRA (Fair Credit Reporting Act ) that was added, primarily, to protect consumers from identity theft. The Act stipulates requirements for information privacy, accuracy and disposal and limits the ways consumer information can be shared.

    This act affects virtually every kind of business in America. It states any record (paper or electronic) of an individual must be properly and prudently handled.

ALL NC BUSINESSES:

  • NORTH CAROLINA IDENTITY THEFT PROTECTION ACT (ITPA, PASSED IN 2005)



    North Carolina Attorney General proposed the Identity Theft Protection Act of 2005. The act was designed to strengthen safeguards for personal information, requiring businesses and government to better protect sensitive financial information, and gave consumers more tools to fight theft of their information. This includes more restriction on the collection, use, and safekeeping of a consumer's social security number and consumer financial information. The Act requires businesses, charities and government to notify individuals if a security breach has compromised any personal information and placed them at risk of identity theft.

HEALTHCARE PROVIDERS:

HIPAA (THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996)

This act requires healthcare organizations to maintain safeguards to prevent intentional or unintentional use of protected health information (PHI). This includes patient medical records, patient logs, insurance, billing and other personally identifiable health information.



HITECH ACT (THE HEALTH INFORMATION TECHNOLOGY FOR ECONOMIC AND CLINICAL HEALTH ACT, PART OF THE AMERICAN RECOVERY AND REINVESTMENT ACT OF 2009)

This legislation anticipates a massive expansion in the exchange of electronic protected health information. Mandatory penalties will be imposed for ‘willful neglect’ of HIPPA.



FINANCIAL INSTITUTIONS

(Banks, Credit Unions, Security Brokers, Real Estate Appraisers, Insurance Co, Auto Leasing Co, Travel Agencies, Retailer who issues own credit card):GRAMM-LEACH BLILEY ACT (FULL MANDATORY COMPLIANCE EFFECTIVE JULY 1, 2001)

Must ensure the security and confidentiality of customer personal information, including names, addresses, phone numbers, bank and credit card account numbers, income and credit histories, and social security numbers. Take steps to ensure secure transmissions, and dispose of paper and old hard drives by destroying appropriately. Shamrock Shredding will provide ‘Document of Destruction” for company’s records.

FOR MORE INFORMATION ON LEGAL & REGULATORY VIOLATIONS CAUSED BY NOT DESTROYING INFORMATION BEFORE DISCARDING: