Laws & Regulations
Several federal, state, and local laws have been enacted to mandate businesses implement security to ensure proper disposal of confidential information. These laws have been established to protect the privacy of patients, businesses, and consumers:
Health Insurance Portability & Accountability Act (HIPAA)
The Health Insurance Portability and Accountability Act (HIPPA) enacted in 1996, includes provisions intended to safeguard the privacy of patient health records. The HIPPA rules apply to all protected health information whether it is kept electronically, on paper, or communicated orally. The standard requires that "covered entities put in place administrative, technical, and physical safeguards to protect the privacy of protected health information."
Gramm-Leach-Bliley Act (1999) Financial Services Modernization Act
The Gramm-Leach-Bliley Act of 1999 (also known as the Financial Services Modernization Act) also addresses privacy issues. This legislation went into effect in November of 2000 and will be enforced this summer. The privacy provisions in the law require that financial institutions and insurance companies give consumers prior notice of an intention to share personal information and a chance to opt out of the sharing of such information. The language is this law is general and addresses issues regarding consumer notification. The broad standards outlined in this law were designed to compel financial institutions to "respect the privacy of its customers and to protect the security and confidentiality of those customers' non-public personal information." The language suggests that paper documents containing such personal information should also be protected and safely destroyed.
The Fair and Accurate Credit Transaction Act (FACTA)
A federal rule that went into effect June 1, 2005, that requires businesses and individuals to take appropriate measures to dispose of sensitive information derived from consumer reports. Any business or individual who uses a consumer report for a business purpose is subject to the requirements of the Disposal Rule, a part of the Fair and Accurate Credit Transactions Act of 2003 (FACTA), which calls for the proper disposal of information in consumer reports and records to protect against "unauthorized access to or use of the information."
Economic Espionage Act of 1996 (EEA)
The Economic Espionage Act of 1996 makes the theft or misappropriation of a trade secret a federal crime. This law contains two provisions criminalizing two sorts of activity. The first, criminalizes the theft of trade secrets to benefit foreign powers; the second, criminalizes their theft for commercial or economic purposes. According to this Act, the government will only protect companies who take "reasonable measures" to safeguard their information.
The Privacy Act of 1974
This act provides safeguards against unwarranted invasions of privacy through the misuse of records by Federal agencies by restricting disclosure of personally identifiable records maintained by agencies; granting individuals increased rights of access to records maintained about them; granting individuals the right to seek amendment of records maintained about them upon a showing that the records are not accurate, relevant, timely or complete; and establishing a code of "fair information practices" which requires agencies to comply with statutory norms for collection, maintenance, use and dissemination of records.
