Document Shredding & The Law: Do These Laws Affect Your Organization?
Part of operating a business or organization in the United States is knowing and adhering to federal and state legislation that serve to protect consumers and businesses. Some of these legislation concern the security of information; including how it should be identified, handled and disposed of. Is your organization keeping in line with the law?
Federally, there are actually a few different pieces of legislation that concern information management with the intent of curbing information theft and fraud. Depending on your organization’s scope of operations, different legislation may or may not affect you.
When was it passed? November, 2003
Who does it affect? All businesses and consumers in the USA
The Fair & Accurate Credit Transactions Act (FACTA) is a federal law passed in 2003 by congress. It was created with many intents in mind, one of which being to curb the incidence of identity theft and fraud. The act requires any and all persons or organizations that possess consumer information to take reasonable measures to protect against theft or unauthorized access of information associated with disposal. Such reasonable measures including burning, pulverizing or shredding of paper documents. Victims are considered to be entitled to damages sustained from non-compliance, and federal and state governments can also impose penalties and punishments for act violations.
When was it passed? August, 1996
Who does it affect? Healthcare providers and organizations
The Health Insurance Portability & Accountability Act (HIPAA) was created in part to modernize the way that information flows through healthcare organizations, and to identify the criteria for identifying information that should be protected. The act says that healthcare organizations in the US must maintain reasonable and appropriate safeguards to minimize the risk of unauthorized access to protected health information. The law includes details of sorts of documents constitute “protected health information”. Some examples include x-ray images, billing and insurance documents, and patient logs.
Red Flags Rule
When was it passed? January, 2008
Who does it affect? Financial institutions and creditors (as defined within the legislation)
The Red Flags Rule was created based on a section of FACTA, with the intent of requiring creditors and financial institutions to implement and maintain an internal system whereby red flags of information theft are detected, identified and prevented. This system must also be updated as required. “Red flags” can include alerts or warnings from consumer reporting agencies, suspicious documents, and suspicious identifying information, among others.
These are just some of the many legislation that businesses, residents and organizations across the United States may be affected by which include protocols and regulations for information management. Visit our legislation page to see more, including some that operate at the state level.
A Shredding Partner You Can Trust
As a member of NAID, our team is always up to date on the latest industry standards and protocols. Abraham’s offers on-site services on a scheduled or one-time basis. No matter whether you are looking for document or hard drive destruction, or are a business or a resident, we can help.
If you’re looking for a shredding partner that understands the importance of meeting your legal obligations and protecting your information, talk to us today!