Navigation

Laws and Regulations

Home » Laws and Regulations

The Privacy Act of 1974

This Act protects certain federal government records pertaining to individuals. In particular, the Act covers systems of records that an agency maintains and retrieves by an individual's name or other personal identifier (e.g., social security number, phone numbers, etc.). 

In general, the Privacy Act of 1974 prohibits unauthorized disclosures of the confidential records the Act protects. The Privacy Act of 1974 does not protect the privacy of your records that are not maintained by the federal government (e.g., credit report, bank account and medical records).

If their confidential records are disclosed to outside parties, even by accident, it could be grounds for a lawsuit.

Further information can be found at http://www.ftc.gov/privacy/privacyinitiatives/glbact.html

DISCLAIMER

This is only a brief summary of the law. Please consult a legal professional for more information on how the specifics of this law may apply to you or your business.



The Espionage Act of 1996

The Economic Espionage Act of 1996 ("EEA") contains two separate provisions that criminalize the theft or misappropriation of trade secrets. The first provision is directed towards foreign economic espionage and requires that the theft of the trade secret be done to benefit a foreign government, instrumentality, or agent. The second provision makes criminal the commercial theft of trade secrets, carried out for purely economic or commercial advantage.

Reflecting the more serious nature of foreign government-sponsored economic espionage, an individual convicted of violating the first provision can be imprisoned for up to 15 years and fined $500,000 or both, whereas a defendant convicted for theft of trade secrets under the second provision can be imprisoned for up to 10 years and fined $250,000 or both. Corporations and other entities can be fined no more than $5 million.

Further information can be found at http://www.usda.gov/da/pdsd/SecurityGuideEmployees/Espionage.htm

DISCLAIMER

This is only a brief summary of the law. Please consult a legal professional for more information on how the specifics of this law may apply to you or your business.



The Gramm-Leach-Bliley Act

The Gramm-Leach-Bliley Act (GLBA) of 1999 requires all financial and banking institutions in the United States to describe how they will protect the security and confidentiality of consumer information in their possession.

Violations of GLBA

If your organization is found non-compliant to GLBA, your organization could be subjected to severe fines and class-action lawsuits.

GLBA Penalties

  • Fined up to $100,000 for each violation 
  • The officers and directors of the financial institution could be subject to, and personally liable for, a civil penalty of up to $10,000 
  • Possible imprisonment for up to five years

The Gramm-Leach-Bliley Act applies to the following types of organizations:


  • Banks
  • Companies that operate travel agencies in connection with financial services 
  • Credit Unions
  • Securities Brokers
  • Real Estate Appraisers
  • Retailers that issue their own credit cards directly to consumers
  • Insurance Companies

  • Other entities involved in financial activities

  • Automobile Leasing Companies

Further information can be found at http://www.ftc.gov/privacy/privacyinitiatives/glbact.html

DISCLAIMER

This is only a brief summary of the law. Please consult a legal professional for more information on how the specifics of this law may apply to you or your business.



HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 ensures healthcare organizations in the United States will be responsible for the secure handling and storage of “protected health information”. 

The HIPAA legislation has three objectives:

1.Reduce healthcare fraud and abuse

2. Guarantee security and privacy of health information

3. Enforce standards for health information

HIPAA Penalties

HIPAA Non-compliance can have devastating consequences to non-conforming healthcare organizations. HIPAA applies criminal penalties to anyone violating the law – not just the company. Employees, business associates, and others who handle “protected health information” are all potentially liable for mishandling confidential information. A non-conforming organization, or individual, can be subject to severe fines and penalties, litigation and negative publicity. Non-compliance can result in the following penalties:

  • Civil fines up to $25,000 / year
  • Criminal penalties up to $250,000 as well as, up to 10 years in prison (Information Management Journal 2003)

Examples of Items to Shred due to HIPAA:

  • Patient Medical Records
  • Billing Records
  • Insurance Records
  • X-Rays
  • Prescriptions
  • Personal Health Information
  • Computer Disks and Hard Drives

Further information can be found at http://www.hhs.gov/ocr/privacy/

DISCLAIMER

This is only a brief summary of the law. Please consult a legal professional for more information on how the specifics of this law may apply to you or your business.



HITECH - Health Information Technology for Economic and Clinical Health Act

HITECH was incorporated into the American Recovery and Revitalization Act of 2009 and is designed to strengthen the security of HIPAA which was found to have a few loopholes.  Listed below is a partial list of HITECH provisions which will substantially change the HIPAA environment for medical practice managers.

1.  Health Data Breach Notifications:  Requires that healthcare providers notify patients and authorities when there is a potential data breach.

2.  States' Attorneys General (AG) are provided with HIPAA Enforcement Powers:  The Health and Human Services department is now training States' AG's  to better enforce HIPAA and allows the States to keep the money from any fines they issue.

3.  Mandatory Fines for Some Violations:  The new law will legally require investigations and fines for some offenses including discarding information without destroying it first.

4.  Maximum Fines Have Increased from $25,000 to $1,500,000:  Nothing more needs to be said about this!

5.  Patient Health Information (PHI):  Regulators and Law Enforcement Have Specifically Targeted Improper Disposal of PHI as a violation calling for the highest level of fines.

Further information can be found at:  http://www.hhs.gov/ocr/privacy/hipaa/administrative/enforcementrule/hitechenforcementifr.html  

DISCLAIMER

This is only a brief summary of the law. Please consult a legal professional for more information on how the specifics of this law may apply to you or your business.



The Fair & Accurate Credit Transactions Act (FACTA)

Irresponsible handling of confidential and sensitive consumer data has long been cited as a contributing factor to identity theft. Confidential and sensitive data discarded by a business or institution provides a prime opportunity for a thief to access personal data. A well-known practice known as "dumpster diving" is often claimed by thieves themselves as the source of the data that allowed them to commit the identity theft. Just ask any private detective what their standard charge is for “dumpster diving”.

This law applies to virtually every person and business in the United States. It requires the destruction of all consumer information before it is discarded and has potentially severe penalties against violators. The Act states “any person who maintains or otherwise possesses consumer information for a business purpose” must “properly dispose of such information by taking reasonable measures to protect against unauthorized access to or use of the information in connection with its disposal”.

Reasonable measures are defined by the Act as “burning, pulverizing, or SHREDDING OF PAPERS containing consumer information”. Another alternative is for a company to enter into an agreement “with another party engaged in the business of record destruction to dispose of material, specifically identified as consumer information, in a manner consistent with this rule”.

Both the Federal government and State government are authorized to bring enforcement actions against violators of FACTA. There are also civil liability issues and class action lawsuits that can provide potentially severe financial penalties for violators. 

Further information can be obtained at http://www.ftc.gov/os/statutes/031224fcra.pdf

DISCLAIMER

This is only a brief summary of the law. Please consult a legal professional for more information on how the specifics of this law may apply to you or your business.



The Sarbanes-Oxley Act (PUBLIC COMPANY ACCOUNTING REFORM AND INVESTORS PROTECTION ACT) 

The Sarbanes-Oxley Act was signed into law on July 30, 2002 and introduced highly significant legislative changes to financial practice and corporate governance regulation. The act followed a series of very high profile scandals, such as Enron. It is also intended to "deter and punish corporate and accounting fraud and corruption, ensure justice for wrongdoers, and protect the interests of workers and shareholders" (Quote: President Bush).

The primary intent of the Sarbanes-Oxley Act is to force publicly held companies to promptly make available and maintain all meaningful business related information in order to protect the investing public. While Sarbanes-Oxley requires the development and maintenance of detailed corporate financial information, cleansing computer systems of unnecessary files is an essential task. 

During the course of a lawsuit, when a plaintiff comes and says "Give me all your data; you've got to give them all your data – both paper and electronic. The plantiffs use these discovery processes to try and find out as much information as possible. According to Douglas Young, a lawyer at Farella Braun & Martel in San Francisco, "If records are destroyed in the normal course of business, it is very difficult to prove that anyone is trying to obstruct justice". 

Properly documented disposal of paper and electronic records is absolutely essential in today's litigious society. Torn2Shredz can provide you with a free consultation on how you can establish a regularly scheduled document and media destruction program.

Further information can be obtained at http://www.sec.gov/rules/final/33-8183.htm

DISCLAIMER

This is only a brief summary of the law. Please consult a legal professional for more information on how the specifics of this law may apply to you or your business.



The Identity Theft and Assumption Deterrence Act of 1998

The Identity Theft and Assumption Deterrence Act of 1998 looks at identity theft in two important ways.

1. The Act strengthens the criminal laws governing identity theft. Specifically, the Act makes it a federal crime to knowingly transfer or use, without lawful authority, a means of identification of another person with the intent to commit, or to aid or abet, any unlawful activity that constitutes a violation of Federal law, or that constitutes a felony under any applicable State or local law.

2. The Act provides for a centralized complaint and consumer education service for victims of identity theft.

The Act makes identity theft a Federal crime with penalties up to 15 years imprisonment and a maximum fine of $250,000. It allows for the identity theft victim to seek restitution if there is a conviction.

Further information can be obtained at http://www.ftc.gov/os/2000/09/idthefttest.htm

DISCLAIMER

This is only a brief summary of the law. Please consult a legal professional for more information on how the specifics of this law may apply to you or your business.



U.S. Identity Theft Surveys and Statistics

As striking as the studies and statistics listed below are, these figures more than likely represent only the tip of the iceberg since many cases of identity theft may go unreported.

On September 3, 2003, The Federal Trade Commission (FTC) (www.ftc.gov) released a survey on identity theft. The survey was conducted in the Spring of 2003 and had a random sample of over 4,000 households.

27.3 million Americans have been victims of identity theft from 1998 to 2003. Over 9.9 million people were victims of identity theft in the past year alone.

In the past 12 months, 3.23 million consumers discovered that new accounts have been opened in their name, as well as, renting an apartment or home, obtaining medical care or employment.

Last year businesses and financial institutions lost $47.6 billion and consumers lost $5 billion.

On July 21, 2003, Gartner (www.gartner.com) released the results of a survey of 2,445 households in regards to identity theft. A summary of their findings:

Identity theft is up nearly 80% from last year.

7 million U.S. consumers were identity theft victims in the 12 months prior to the survey.

Because of the nature of identity theft, the thieves have just a 1 in 700 chance of being caught by Federal authorities.

On September 23, 2003, the Identity Theft Resource Center (www.idtheftcenter.org) released its survey on the impact of identity theft on 173 known victims.

Nearly 85% of all the victims surveyed found out about their identity theft case in a negative way. Only 15% of the victims found out as a result of a proactive stance from a business.

The average time victims spent to eliminate negative information from their credit reports is 600 hours.

The emotional impact of identity theft has been found to be equivalent to that of a violent crime. 

On January 26, 2005, the Better Business Bureau (BBB) (www.bbb.org) released its Identity Theft survey as an update to the Federal Trade Commission’s 2003 Identity Theft Survey Report. Some key findings of the BBB survey are:

Within the twelve months prior to the survey, 9.3 million Americans were victims of identity theft.

The total annual identity fraud cost in the United States, remains virtually unchanged since 2003 at $52.6 Billion.

Most thieves still obtain personal information through traditional (ie: documents or media) rather than electronic channels

Conventional methods such as lost or stolen wallets, misappropriation by family and friends, and theft of paper mail are among the most common methods.


Connect with Us

Join Email List

We Recycle
recycle.jpg
Our TV Commercial
as seen on tv logo.jpg