Confidential Data Destruction Company helps businesses such as NASA, JBL, and the Santa Clarita Sheriff’s Department maintain the security and confidentiality of their customer information. Our value is even greater for companies that are regulated by state and federal privacy laws. Below, CDDC provides an overview of some of the legal requirements that may apply to your company. After reviewing this information, get in touch with us to find out how we can help your business remain in compliance.
The Health Insurance Portability and Accountability Act (HIPAA)
The HIPAA of 1996 ensures healthcare organizations in the United States will be held responsible for the secure handling and storage of “protected health information.”
The HIPAA legislation expects to:
Reduce health care fraud and abuse.
Guarantee security and privacy of health information.
Enforce standards for health information.
HIPAA non-compliance can have devastating consequences to non-conforming healthcare organizations. HIPAA applies criminal penalties to anyone violating the law, not just the company. Employees, business associates, and others who handle or deal with “protected health information” are potentially liable for mishandling confidential information. Litigation and public negativity are also consequences along with severe fines and penalties to non-conforming organizations or individuals. Non-compliance can result in the following penalties:
Civil fines up to $25,000/year
Criminal penalties up to $250,000 as well as up to 10 years in priso
HIPPA Laws Require the Following Items to be Destroyed
Patient Medical Records
Personal Health Information
Computer Disks and Hard Drives
The Fair and Accurate Credit Transactions Act (FACTA)
FACTA requires the destruction of all consumer information before it is discarded. It states that any person who maintains or possesses consumer information for a business purpose must dispose of the information by taking reasonable measures to protect against unauthorized access to or use of the information in connection with its disposal. The main objective of this Act is to protect against identity theft.
Reasonable measures are described by the Act as “burning, pulverizing, or shredding of paper containing consumer information.” Another alternative is for a company to enter into an agreement “with another party engaged in the business of record destruction to dispose of material, specifically identified as consumer information, in a manner consistent with this rule.”
Violators can potentially face very severe financial penalties including civil liability issues and class action lawsuits. Additionally, both the Federal and State governments are authorized to bring enforcement actions against these violators.
The Identity Theft and Assumption Deterrence Act of 1998
The Identity and Assumption Deterrence Act of 1998 looks at identity theft in two significant ways
The Act strengthens the criminal laws governing identity theft by making it a federal crime to knowingly transfer or use, without lawful authority, a means of identification of another person with the intent to commit, or to aid or abet, any unlawful activity that constitutes a violation of Federal law, or that constitutes a felony under any applicable State or local law.
The Act also provides a centralized complaint and consumer education service to the victims of identity theft.
With this Act making identity theft a federal crime, penalties can be up to 15 years of prison and a maximum fine of $250,000. It also allows for the identity theft victim to seek restitution if there is a conviction.
The Gramm-Leach-Bliley Act of 1999 (GLBA)
The Act requires that all financial and banking institutions in the United States to describe how they will protect the security and confidentiality of consumer information in their possession.
The GLBA Applies to the Following Types of Organizations:
Real Estate Appraisers
Automobile Leasing Companies
Companies that operate travel agencies in connection with financial services
Retailers that issue their own credit cards directly to consumers
Other entities involved in financial activities
Fines up to $100,000 per violation
Imprisonment up to five years
The officers and directors of the financial institution could be subject to, and personally liable for, a civil penalty of up to $10,000.
The Sarbanes-Oxley Act (PUBLIC COMPANY ACCOUNTING REFORM AND INVESTORS PROTECTION ACT)
The Sarbanes-Oxley Act introduced significant legislative changes to financial practice and corporate governing regulation. The intent of the Act is to force publicly held companies to promptly make available and maintain all meaningful business related information in order to protect the investing public. It also requires the development and maintenance of detailed corporate financial information.
Properly documented disposal of paper is absolutely essential in today’s society. CDDC can provide you with a free evaluation on how you can establish a regularly scheduled document destruction program.
The Sarbanes-Oxley Act Penalties
Violations of this Act are accompanied with very strict fines and jail time. The severest of fines could get up to as high as $5,000,000 and up to 20 years in prison.