Red Flag Rules 2009
The Federal Trade Commission (FTC), the federal bank regulatory agencies, and the National Credit Union Administration (NCUA) have issued regulations (the Red Flags Rules) requiring financial institutions and creditors to develop and implement written identity theft prevention programs.
Any company, that provides financing in any way to a customer will be affected by the Red Flag Rules.
HIPAA & HIPAA/HITECH 2009
The Health Insurance Portability and Accounting Act (HIPAA), enacted by the federal government in 1996, is intended to safeguard the privacy of patient health records. The law provides for stiff penalties for companies found to be in violation of HIPAA regulations.
Regardless of size, any organizations or individuals who retain and, or collect health-related information from and individual.
Gramm Leach Bliley Act
Gramm Leach Bliley (GLB), is another federal law with a much broader scope than HIPAA. This law was designed to compel financial institutions to “respect the privacy of its customers and to protect the security and confidentiality of those customers’ non-public personal information.” This language suggests that paper documents containing such personal information should also be protected when in use and safely destroyed when no longer current and usable.
The GLBA applies to virtually every business in the United States that provide financial products and services to consumers.
FACTA
The Fair and Accurate Credit Transaction Act (FACTA), was signed into federal law in December 2003 with more specific document destruction rules coming into effect on June 1, 2005. FACTA amended the existing Fair Credit Reporting Act providing consumers, companies, consumer reporting agencies and regulators with new tools to expand consumer access to credit, enhance the accuracy of consumer financial information, and help fight identity theft. FACTA is administered by the Federal Trade Commission (FTC).
FACTA applies to virtually all persons and businesses in the United States who maintains or otherwise possesses consumer information.
The Fair and Accurate Credit Transactions Act (FACTA) is federal legislation aimed at the prevention and penalization of consumer fraud and identity theft. Administered by the Federal Trade Commission (FTC), the FACTA Disposal Rule has been in effect since June 1, 2005. The Disposal Rule puts in place requirements for proper document disposal and destruction, and recognizes the problems that can and do arise when private information is disposed of in an irresponsible manner.
Who is affected by FACTA?
FACTA applies to virtually all persons and businesses in the United States, mandating that “any person who maintains or otherwise possesses consumer information, or any compilation of consumer information, for a business purpose must properly dispose of such information by taking reasonable measures to protect against unauthorized access to or use of the information in connection with its disposal.”
Under FACTA, consumer information is defined as personal identifying materials which extend beyond just a person’s name, including:
- a social security number
- a driver’s license number
- a phone number or e-mail address
- a physical address
To comply with the FACTA Disposal Rule, businesses and individuals must take “reasonable measures” to ensure such information does not fall into the wrong hands. Reasonable measures include the “burning, pulverizing, or shredding” of paper documents, such as the contracting of a third-party engaged in the document destruction business to dispose of confidential information in a manner consistent with the Act.
Failure to abide by FACTA may result in stiff penalties. Victims are entitled to actual damages sustained due to incompliance; they may also seek statutory damages, and, in some cases, file class-action suits. Federal and state authorities are also empowered to bring legal enforcement actions against businesses that violate the Act.
By purging outdated files or placing one of our locked security consoles in your office, Green Country Shredding and Recycling can assist your company in maintaining a document disposal program that meets FACTA laws. Using state-of-the-art technology, our customer service oriented and bonded security professionals efficiently shred all documents right on your premises. We give you the option to watch the shredding process, and also provide you with a Certificate of Destruction. Trust Green Country Shredding and Recycling as your partner in FACTA compliance for maintaining your document security program.
For more information on the Fair and Accurate Credit Transactions Act (FACTA), visit:
http://www.treasury.gov/offices/domestic-finance/financial-institution/cip/pdf/fact-act.pdf
The Gramm-Leach-Bliley Act (GLBA)
What is GLBA?
Also known as the Financial Services Modernization Act, the Gramm-Leach-Bliley Act (GLBA) was enacted in 1999 to protect private consumer information held by financial institutions. The GLBA requires banks to develop privacy notices and to provide customers with the option of prohibiting the sharing of their confidential information with non-affiliated third parties. On July 1, 2001, the Act was amended, requiring financial organizations to have a comprehensive, written information security program in place.
Who is affected by GLBA ?
The GLBA applies to virtually every business in the United States engaged in the “financial services” industry: institutions that provide financial products and services to consumers. This applies to all national banks and federal branches of foreign banks that are required to follow US banking regulations.
According to the Act, financial institutions are required to implement a comprehensive, written information security program that includes proper administrative, technical and physical safeguards, the nature of which are dependent upon the size and complexity of the organization. This requirement extends to any subsidiaries of the parent financial organization. The program must be designed to protect consumers’ non-public, personally-identifiable information by ensuring security and confidentiality of data, by preventing potential risks and threats to data, and by protecting against unauthorized access to or use of consumers’ private information.
When using service providers such as an outsourced document destruction company, financial institutions have a duty to safeguard their customers’ information while it is in the possession of the outsourced company. To adhere to this, the financial organization must use due diligence in selecting, managing and monitoring the service provider to ensure consumers’ private information is protected. This includes entering into contracts with an outsourcer when appropriate.
By purging outdated files or placing one of our locked security consoles in your office, Green Country Shredding and Recycling can assist your company in maintaining a document disposal program that meets GLBA regulations. Using state-of-the-art technology, our customer service oriented and bonded security professionals efficiently shred all documents right on your premises. We give you the option to watch the shredding process, and also provide you with a Certificate of Destruction. Green Country Shredding and Recycling can assist your company to maintain your document security program and remain compliant with GLBA.
For more information on the Gramm-Leach-Bliley Act (GLBA), please visit:
http://www.ftc.gov/privacy/glbact
The Health Insurance Portability and Accountability Act (HIPAA)
What is HIPAA?
Signed into federal law in 1996, HIPAA was created to combat fraud and abuse in the health insurance industry. The Act stipulates that all United States health care organizations must “maintain reasonable and appropriate, technical, and physical safeguards to prevent intentional or unintentional use or disclosure of protected health information.”
HIPAA protection attaches to all information relating “to the past, present, or future physical or mental health or condition of an individual, or the past, present, or future payment for the provision of healthcare.” Materials that would contain such protected information include patient histories, logs, notes, forms, billing and insurance information, and any other records containing personal information in the possession of healthcare providers.
Who is affected by HIPAA?
Regardless of size, all healthcare providers in the United States must have documented policies defining reasonable measures that are being taken to protect personal health information and ensure the organization is protecting against unauthorized access to personal information.
This includes all organizations or individuals who retain and/or collect health-related information, such as: hospitals, medical centers, insurance companies, billing centers, collection agencies, doctors, dentists, chiropractors, psychiatrists, psychologists and any other institutions or individuals responsible for personal health-related information.
By purging outdated files or placing one of our locked security consoles in your office, Green Country Shredding and Recycling can assist your company in maintaining a document disposal program that meets HIPAA regulations. Using state-of-the-art technology, our customer friendly and bonded security professionals, efficiently shred all documents right on your premises. We give you the option to watch the shredding process, and also provide you with a Certificate of Destruction. Green Country Shredding and Recycling wants to be your partner in compliance with HIPAA and maintaining your document security program.
For more information on the Health Insurance Portability and Accountability Act (HIPAA), visit:
Additional Acts
Check Clearing for the 21st Century Act (Check 21) The United States Check Clearing for the 21st Century Act (Check 21), effective October 2004, enables banks to improve check processing by allowing them to handle more checks electronically, making check processing faster and more efficient. The Act allows banks to issue substitute checks in place of original checks. For example, customers who receive cancelled checks with their monthly account statement may begin to receive substitute checks. Substitute checks are considered proof of payment.
Economic Espionage Act (EEA) The Economic Espionage Act of 1996 (EEA) made it a criminal offence to steal trade secrets, defined as “all forms and types of financial, business, scientific, technical, economic or engineering information” that the owner has taken reasonable measures to keep secret and that is not known to the public. The legislation applies to information in any form.
Gramm-Leach-Bliley Act (GLB Act) The Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act (GLB Act), protects the privacy of consumer information held by financial institutions and requires companies to give consumers privacy notices that explain the institutions information-sharing practices. The Act also provides consumers with the right to limit some sharing of their information.
Identity Theft Penalty Enhancement Act The Identity Theft Penalty Enhancement Act of 2004. The law established a new federal crime, aggravated identity theft, outlined under “offenses” in the Act: Offenses – (1) In general – Whoever, during and in relation to any felony violation enumerated in subsection (c), knowingly transfers, possesses, or uses, without lawful authority, a means of identification of another person shall, in addition to the punishment provided for such felony, be sentenced to a term of imprisonment of 2 years. (2) Terrorism offense – Whoever, during and in relation to any felony violation enumerated in section 2332b(g)(5)(B), knowingly transfers, possesses, or uses, without lawful authority, a means of identification of another person or a false identification document shall, in addition to the punishment provided for such felony, be sentenced to a term of imprisonment of 5 years.
Sarbanes-Oxley Act (SOX) Enacted following a series of high-profile accounting scandals in the United States, most notably Enron and Worldcom, the Sarbanes-Oxley Act of 2002 (SOX) is intended to enhance corporate responsibility and financial reporting as well as combat corporate and accounting fraud. It is one of the most complex pieces of legislation passed in the United States in recent years and includes some of the most far reaching reforms of American business practices since the 1930′s.
US Safe Harbor Program The European Union’s Directive on Data Protection prohibits the transfer of personal data to US companies which do not meet the Commission’s standards for privacy protection.
USA Patriot Act The Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act (USA Patriot Act) was enacted in October 2001 in an effort to “deter and punish terrorist acts in the United States and around the world, to enhance law enforcement investigator tools and for other purposes.”
Additional Links
National Association of Information Destruction – www.naidonline.org
Fair and Accurate Credit Transactions Act (FACTA)
