Complying with an Alphabet Soup of Privacy Laws
Keeping track of a plethora of acronyms is hard enough. Making sure your business complies with an alphabet soup of privacy laws is even harder. In this blog, we help you make sense of various state and federal regulations.
The Economic Espionage Act of 1996 (EEA) establishes monetary fines for the misappropriation and theft of trade secrets for companies who do not take “reasonable measures,” such as secure document destruction, to safeguard their information. A defendant convicted for theft of trade secrets under Section 1832 of the EEA can be imprisoned for up to 10 years and fined $500,000. Non-compliant corporations can be fined up to $5 million.
The Fair and Accurate Credit Transactions Act (FACTA) protects safe disposal of consumer information. Any business that maintains consumer information must “take reasonable measures to protect against unauthorized access or use of the information in connection with its disposal.” FACTA requires burning, pulverizing, or shredding, with noncompliance resulting in federal (up to $2,500 per violation) and state (up to $1,000 per violation) fines, civil liability ($1,000 per employee), and class action lawsuits.
The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to develop and maintain a written information security plan for protecting consumer information. GLB noncompliance can result institutional civil penalties of up to $100,000 for each violation, personal civil liability by officers and directors of up to $10,000, class-action lawsuits and imprisonment for up to five years.
The Health Insurance Portability and Accountability Act (HIPAA) requires healthcare providers and organizations that handle and transmit protected health information (PHI) to safeguard that information. HIPAA noncompliance can result in criminal penalties reaching $250,000 and up to 10 years in prison as well as civil fines of up to $25,000 a year.
Pennsylvania Senate Bill 713
Pennsylvania Senate Bill 713, the Breach of Personal Information Notification Act, requires any business that operates in the state of Pennsylvania and stores confidential consumer data to notify individuals when a security breach results in their personal information being released to unauthorized parties.
The Sarbanes-Oxley Act (SOX) requires US companies to maintain information and records management policies and procedures and to halt regular document destruction if they expect the company will face a government investigation, audit, or other official proceedings. As a result, SOX requires publicly traded organizations to maintain record retention and final disposition schedules.
For help complying with these laws and other state and federal regulations, please call us at 610-692-TEAR (8327) or complete the form on this page.
Wiggins Shredding serves Pennsylvania and the Tri-State Area of Maryland, Delaware and New Jersey. We are your trusted, locally-owned paper shredding resource!