Privacy Laws That Impact Your Document Shredding Practices
Eliminating clutter and preventing identity theft are two undeniable reasons to shred your unwanted documents. But beyond these practical benefits, document shredding also has a legal component that must not be ignored. In this blog, we outline several privacy laws that impact your document shredding practices.
Gramm-Leach-Bliley Act (GLBA)
GLBA requires financial institutions to develop and maintain a written information security plan for protecting consumer information. The GLBA Safeguards Rule says financial institutions must incorporate practices to ensure the proper disposal of financial information. GLBA non-compliance can result in civil penalties of up to $100,000 for each violation, personal civil liability by officers and directors of up to $10,000, class-action lawsuits, and imprisonment for up to five years.
The Fair and Accurate Credit Transactions Act (FACTA)
Like GLBA, FACTA requires financial institutions to protect personally identifiable information (PII). The FACTA Disposal Rule mandates proper disposal of information to protect against “unauthorized access to or use of the information.” Thus, if your business collects financial data, it must be disposed of when a final disposition date is reached. Failing to comply with FACTA can result in federal fines (up to $2,500 per violation) and state fines (up to $1,000 per violation), civil liability ($1,000 per employee), and class action lawsuits.
The Health Insurance Portability and Accountability Act (HIPAA)
Any organization that creates, handles, or transmits protected health information (PHI) must comply with HIPAA. The HIPPA Privacy Rule and Security Rule includes physical, administrative, and technical safeguards for the destruction of expired protected health information (PHI). Breaches of PHI that result in HIPAA noncompliance can cause criminal penalties reaching $250,000 and up to 10 years in prison as well as civil fines of up to $25,000 a year.
The Sarbanes-Oxley Act (SOX)
Under SOX, publicly-traded US companies must save paper and electronic records for at least five years. Consequences for SOX non-compliance can include fines or imprisonment for corporate officers. This underscores the importance of maintaining record retention and final disposition schedules and being able to prove when records are destroyed. A shredding service that offers a Certificate of Destruction can help you company comply with SOX.
Pennsylvania Senate Bill 713
State laws also have an impact on your document shredding practices. Pennsylvania Senate Bill 713, the Breach of Personal Information Notification Act, requires any business that operates in the state of Pennsylvania and stores confidential consumer data to notify individuals when a security breach results in their personal information being released to unauthorized parties. Breach notification costs can damage your brand and bankrupt your finances.
The best defense against these penalties is prevention. A scheduled shredding service makes sure your unwanted documents are promptly and securely destroyed.
Wiggins Shredding serves Pennsylvania and the Tri-State Area of Maryland, Delaware and New Jersey with secure shredding and destruction services. We are your trusted, locally-owned paper shredding resource!
For more document shredding compliance tips, please call us at 610-692-TEAR(8327) or complete the form on this page.