The Health Insurance Portability and Accountability Act (HIPAA) of 1996 mandates that healthcare facilities across the US act responsible in the secure electronic transmission of patient data, and the secure storage and disposal of that data.
The Fair and Accurate Credit Transaction Act (FACTA) of 2003 added new details to the federal Fair Credit Reporting Act, designed primarily to assist consumers combat the growing crime of identity theft. Accuracy, privacy, restrictions on information sharing, and new consumer rights to disclosure are included in FACTA.
The Gramm-Leach-Bliley Act (GLBA) Established in 1999, this law requires financial institutions throughout the U.S to safeguard the confidentiality and security of consumer data.
HITECH Business Associates Agreement This agreement ensures medical offices, doctor’s offices and hospitals are required to have an agreement with their document shredding company, in regards to the disposal of PHI (Protected Health Information). The other key piece of the Business Associates Agreement is the agreement that organizations will take the necessary steps to implement suitable administrative, physical and technical safety processes.
The Economic Espionage Act (EEA) Established in 1996, this states that the theft of “all types of financial, business, scientific, technical, economic, or engineering information” from a business is deemed a crime. While compliance is not obligatory, should an occurrence take place, your business will be held liable if it cannot prove you took preventative measures in protecting sensitive information.
The Sarbanes-Oxley Act (SOX) Enforced in 2002, this act (Also known as SOX) states that paper and electronic files must be stored for five years. It also requires that public organizations disclose and evaluate their internal procedures. As a result, this implies that an internal document retention and document destruction policy is vital to compliance.