Identity theft is one of the fastest growing crimes of this century, according to the National Crime Prevention Council. Contrary to popular belief, the primary cause of it is not because more people are online since the crime of identity theft is not limited to online transactions or online banking. But it is caused by people not paying attention to the contents of sensitive information that they receive, online or offline, and not guarding that information with the care that it deserves. Research shows that the easiest way for identity thieves to obtain sensitive information is through traditional paper based sources. Identity theft has grown over 600% since 2000, leaving thousands of people with destroyed credit ratings. The crime has also damaged the reputations of the companies which mishandled the information and subjected them to civil lawsuits. The rising theft and fraud forced federal and state legislators to pass several laws to protect privacy and mandate secure handling of sensitive documents.
Additional Info: http://www.identitytheftarticles.net
The Fair and Accurate Credit Transactions Act, (FACTA.)
The Act contains a number of provisions intended to combat consumer fraud and related crimes, including identity theft, and to assist its victims. Specifically the act requires the destruction of papers containing consumer information before it is discarded.
- Identity theft is one of the fastest growing crimes in modern time
- The Act states "any person who maintains or otherwise possesses consumer information for a business purpose" must "properly dispose of such information by taking reasonable measures to protect against unauthorized access to or use of the information in connection with its disposal". Reasonable measures are defined by the Act as "burning, pulverizing, or shredding of papers containing consumer information". Another alternative is for a company to enter into an agreement "with another party engaged in the business of record destruction to dispose of material, specifically identified as consumer information, in a manner consistent with this rule".
Additional Info: http://www.ftc.gov/os/statutes/031224fcra.pdf
Health Insurance Portability and Accountability Act, (HIPPA.)
The Act regulates the healthcare industry and assures that healthcare organizations will be responsible for the disposal of "protected health care information." HIPAA applies criminal penalties to anyone violating the law - not just the company. Employees, business associates, and others who handle "protected health information" are all potentially liable for mishandling confidential information. Non-compliance can result in the following penalties:
- Civil fines up to $25,000 / year
- Criminal penalties up to $250,000 as well as, up to 10 years in prison (Information Management Journal 2003)
HIPAA applies to Institutions and the following documents:
- Patient Medical and Billing Records
- Insurance Records
- Personal Health Information
Additional Info: http://www.cms.hhs.gov/HIPAAGenInfo/
The Gramm-Leach-Bliley Act (GLBA.)
The Act mandates all financial institutions that obtain nonpublic personal information through the normal course of their business must develop precautions to ensure the security and confidentiality of customer records and information, and to protect against unauthorized access to or use of such records. This includes secure storage, disposal, and sharing of confidential information. Non-compliance can result in the following:
- Fines up to $100,000 for each violation
- Officers and Directors of the financial institution may be personally liable for a civil penalty of up to $10,000
- Possible imprisonment for up to five years
Gramm-Leach-Bliley Act applies to the following types of organizations:
- Companies that operate travel agencies in connection with financial services
- Credit Unions
- Securities Brokers
- Real Estate Appraisers
- Retailers that issue their own credit cards directly to consumers
- Insurance Companies
- Automobile Leasing Companies
Additional Info: http://www.ftc.gov/privacy/privacyinitiatives/glbact.html
The Economic Espionage Act (EEA).
The Act makes the theft or misappropriation of trade secrets a criminal offense.
This Act applies to all U. S. Citizens, and general businesses handling sensitive data in hardcopy.
Additional Info: http://www.dm.usda.gov/ocpm/SecurityGuideEmployees/Espionage.htm
DISCLAIMER: This is only a brief summary of the aforementioned laws. Please consult a legal professional for more information on how the specifics of these laws may apply to your business.