The Fair and Accurate Credit Transactions Act (FACTA)
What is FACTA?
Signed into law on December 4, 2003, the Fair and Accurate Credit Transactions Act (FACTA) is federal legislation aimed at the prevention and penalization of consumer fraud and identity theft. Administered by the Federal Trade Commission (FTC), the FACTA Disposal Rule has been in effect since June 1, 2005. The Disposal Rule puts in place requirements for proper document disposal and destruction, and recognizes the problems that can and do arise when private information is disposed of in an irresponsible manner.
Who is affected by FACTA?
FACTA applies to virtually all persons and businesses in the United States, mandating that “any person who maintains or otherwise possesses consumer information, or any compilation of consumer information, for a business purpose must properly dispose of such information by taking reasonable measures to protect against unauthorized access to or use of the information in connection with its disposal.”
Under FACTA, consumer information is defined as personal identifying materials which extend beyond just a person’s name, including:
- a social security number
- a driver’s license number
- a phone number or e-mail address
- a physical address
To comply with the FACTA Disposal Rule, businesses and individuals must take “reasonable measures” to ensure such information does not fall into the wrong hands. Reasonable measures include the “burning, pulverizing, or shredding” of paper documents, such as the contracting of a third-party engaged in the document destruction business to dispose of confidential information in a manner consistent with the Act.
Failure to abide by FACTA may result in stiff penalties. Victims are entitled to actual damages sustained due to incompliance; they may also seek statutory damages, and, in some cases, file class-action suits. Federal and state authorities are also empowered to bring legal enforcement actions against businesses that violate the Act.
The Gramm-Leach-Bliley Act (GLBA)
What is GLBA?
Also known as the Financial Services Modernization Act, the Gramm-Leach-Bliley Act (GLBA) was enacted in 1999 to protect private consumer information held by financial institutions. The GLBA requires banks to develop privacy notices and to provide customers with the option of prohibiting the sharing of their confidential information with non-affiliated third parties. On July 1, 2001, the Act was amended, requiring financial organizations to have a comprehensive, written information security program in place.
Who is affected by GLBA ?
The GLBA applies to virtually every business in the United States engaged in the “financial services” industry: institutions that provide financial products and services to consumers. This applies to all national banks and federal branches of foreign banks that are required to follow US banking regulations.
According to the Act, financial institutions are required to implement a comprehensive, written information security program that includes proper administrative, technical and physical safeguards, the nature of which are dependent upon the size and complexity of the organization. This requirement extends to any subsidiaries of the parent financial organization. The program must be designed to protect consumers’ non-public, personally-identifiable information by ensuring security and confidentiality of data, by preventing potential risks and threats to data, and by protecting against unauthorized access to or use of consumers’ private information.
When using service providers such as an outsourced document destruction company, financial institutions have a duty to safeguard their customers’ information while it is in the possession of the outsourced company. To adhere to this, the financial organization must use due diligence in selecting, managing and monitoring the service provider to ensure consumers’ private information is protected. This includes entering into contracts with an outsourcer when appropriate.
The Health Insurance Portability and Accountability Act (HIPAA)
What is HIPAA?
Signed into federal law in 1996, HIPAA was created to combat fraud and abuse in the health insurance industry. The Act stipulates that all United States health care organizations must “maintain reasonable and appropriate, technical, and physical safeguards to prevent intentional or unintentional use or disclosure of protected health information.”
HIPAA protection attaches to all information relating “to the past, present, or future physical or mental health or condition of an individual, or the past, present, or future payment for the provision of healthcare.” Materials that would contain such protected information include patient histories, logs, notes, forms, billing and insurance information, and any other records containing personal information in the possession of healthcare providers.
Who is affected by HIPAA?
Regardless of size, all healthcare providers in the United States must have documented policies defining reasonable measures that are being taken to protect personal health information and ensure the organization is protecting against unauthorized access to personal information.
This includes all organizations or individuals who retain and/or collect health-related information, such as: hospitals, medical centers, insurance companies, billing centers, collection agencies, doctors, dentists, chiropractors, psychiatrists, psychologists and any other institutions or individuals responsible for personal health-related information.
California v. Greenwood, 486 U.S. 35 (1988)
Was a case in which the Supreme Court of the United States held that the Fourth Amendment does not prohibit the warrantless search and seizure of garbage left for collection outside the curtilage of a home.
Ready to find out more?
Find out more about our secure & confidential document destruction services.