National Association for Information Destruction (NAID) Certification
While not a government entity, NAID has been instrumental in helping government officials and lawmakers write the laws on this page. NAID certification is a program that is designed to assure the public that a shredding company that is NAID certified is held to certain standards of operating and compliance. NAID conducts annual and random 3rd party audits of certified companies to ensure they are doing what they say they are doing. Companies not in compliance face fines and customers of certified shredding companies can even be notified in the event that there is a non-compliance issue.
For more information regarding NAID Certification: click here.
Fair and Accurate Credit Transactions Act (FACTA)
2005, The Fair and Accurate Credit Transactions Act of 2003 was designed to protect consumers from the increasingly common crime of identity theft. This particular law applies to every business in America that collects customer information to ensure that the information is protected from “unauthorized access or use.” In addition, the Disposal Rule requires that when such information is discarded. It must be appropriately destroyed by shredding, burning or pulverizing.
For more information about FACTA click here.
The Gramm-Leach-Bliley Act (GLB)
This 1999 act was instituted to modernize financial institutions, and businesses that receive personal information in the course of conducting business. This law contains the Financial Privacy Rule, which requires financial institutions to provide their clients with comprehensive privacy notices. The act also includes the Safeguards Rule, which requires financial institutions to establish thorough standards and safeguards for the handling and disclosure of that information.
For more information about GLB click here.
The Sarbanes-Oxley Act (SOX)
This act was passed in 2002 in response to many of the corporate and securities fraud violations that were making news at the time. It is extremely detailed, and implements a wide range of requirements that companies must abide by. Within these rules it is clearly defined that the “destruction, alteration, or falsification of records in Federal investigations and bankruptcy,” along with the “destruction of corporate audit records” are illegal, and could possibly result in large fines and as many as 10 years of imprisonment.
For more information about Sarbanes-Oxley Act click here.
Health Insurance Portability & Accountability Act (HIPAA)
This Federal Law passed by Congress in 1996 and the accompanying 2002 regulation known as the Privacy Rule, applies to all health care entities and restricts how health care providers may handle and disclose personal Protected Health Information (PHI). PHI is defined as any identifiable health, medical or demographic information that describes the individual’s personal identity. This includes but is NOT limited to name, address, phone number, e-mail, photographs, charts, tests, records etc. In general, health care entities must ensure that only approved personnel handle protected health information and then only for purposes specified in the law and regulation. As of Feb 2010, the administrative, physical, and technical standards and implementation specifications of the Security Rule apply to the Business Associate in the same manner that they apply to the Covered Entity.
For more information about HIPAA click here.
The Health Information Technology for Economic and Clinical Health (HITECH) Act
The U.S. Department of Health and Human Services (HHS) issued an interim final rule with request for comments today to strengthen its enforcement of the rules promulgated under the Health Insurance Portability and Accountability Act (HIPAA). The Health Information Technology for Economic and Clinical Health (HITECH) Act, which was enacted as part of the American Recovery and Reinvestment Act of 2009, modified the HHS Secretary’s authority to impose civil money penalties for violations occurring after Feb. 18, 2009. These HITECH Act revisions significantly increase the penalty amounts the Secretary may impose for violations of the HIPAA rules and encourage prompt corrective action.
For more information about HITECH click here.
These are just some of the more important Legal Regulations that may affect your business.