Information Security Laws
Identity theft has become one of the fastest growing crimes in the U.S. As a result, many laws have been passed to insure the security of personal information. Recent Federal and State legislation holds businesses to higher standards of confidentiality. These laws, regulations, fines and breach notifications provide even more incentives for proper information storage and destruction procedures. Failure to comply means fines and litigation. Some of these laws include:
- Health Insurance Portability and Accountability Act (1996) (HIPPA)
- Gramm-Leach-Bliley Financial Services Modernization Act (1999)
- Fair and Accurate Credit Transactions Act (FACTA)
- Regulation S-P (Security and Exchange Commission)
- Health Information Technology of Economic and Clinical Health Act (2009) (HITECH)
- The Red Flags Rule (2010)
- Privacy Act (1974)
- Sarbenes-Oxley Act (2002)
- Ohio Privacy & Security Information Center
Fines: There have recently been millions of dollars in fines for discarding undestroyed information.
Breach Notification: Laws now require your public organization to publicly disclose when information has been potentially disclosed to unauthorized individuals.
NOTE: Every data protection regulation in the United States requires that organizations train employees to protect confidential customer and employee information.
The list above was obtained partially from the NAID Publication "The Facts of Life (about proper information destruction)."