The Health Insurance Portability and Accountability Act (HIPAA) of 1996
This act regulates the healthcare industry in the United States and assures that healthcare organizations will be responsible for the secure electronic transmission, secure storage and disposal of patient information. The first conviction for a violation of the Health Insurance Portability and Accountability Act (HIPAA) took place the week of November 19, 2004. Richard W. Gibson was ordered to pay $9,000 in restitution and sentenced to 16 months in jail for taking personal information while employed at a cancer treatment center in Seattle, WA. The information was then used to commit identity theft. Advice: If you handle medical or insurance records, you better have, and practice, a certified document destruction program or you are risking jail time under HIPAA.
The Gramm-Leach-Bliley Act of 1999 (GLB)
Financial institutions that obtain nonpublic personal information through the normal course of their business must develop precautions to ensure the security and confidentiality of customer records and information, and to protect against unauthorized access to or use of such records. This includes secure storage, disposal, and sharing of confidential information.
The Economic Espionage Act (EEA)
The EEA makes the theft or misappropriation of trade secrets a criminal offense. Taking papers from dumpsters outside offices is called "dumpster diving" and is a common tactic used by commercial information brokers as well as foreign intelligence services to gain confidential information from competitor. "Dumpster diving" involves collecting and going through the trash left out for collection from residences and businesses. Stealing trash is not illegal. The Supreme Court ruled in 1988 that once an item is left for trash pickup, there is no expectation of privacy or continued ownership.
The Fair and Accurate Credit Transactions Act of 2003
Also known as the FACT Act, this piece of legislation was signed into law on December 4, 2003. In general, this Act amends the Fair Credit Reporting Act (FCRA). The FACT Act contains a number of provisions intended to combat consumer fraud and related crimes, including identity theft, and to assist its victims. Specifically the act requires the destruction of PAPERS CONTAINING CONSUMER INFORMATION. It is hard to imagine any business or organization that is not bound by this law.
California Senate Bill 1386 (SB 1386)
This law requires businesses that maintain personal data on California residents to disclose security breaches that result in unauthorized access to unencrypted personal data. The law pertains to any organization, whether based in California or in other parts of the country. Personal information may include an individual's name along with their Social Security number, driver's license number, state identification number, or credit or debit card numbers with security codes.
Georgia Senate Bill 475 (SB 475)
The Georgia Senate Bill 475 establishes guidelines for proper disposal of certain business documents containing personal information. According to the law, a business may not discard a record containing personal information.