Compliance Standards
We keep you in line with Identity & Information Security Compliance. Here are the laws and acts involved in fighting identity theft and other document security problems.
Location: New York, NY
HIPAA
The Health Insurance Portability and Accountability Act
The 1996 HIPAA Act regulates the healthcare industry in the United States and assures that healthcare organizations will be responsible for securing patient information as it pertains to:
GLB
The Gramm-Leach-Bliley Act
The GLB Act of 1996 mandates that financial institutions that obtain nonpublic personal information through the normal course of their business must develop precautions to ensure the security and confidentiality of customer records and information, and to protect against unauthorized access to or use of such records.
This includes: Secure storage, disposal and sharing of confidential information
Who must comply with the Gramm-Leach-Bliley Act:
Location: Brooklyn, NY
Location: Bronx, NY
EEA
The Economic Espionage Act
The EEA Act makes the theft or misappropriation of trade secrets a criminal offense.
Taking papers from office dumpsters is called “Dumpster diving” and is a common tactic used by commercial information brokers as well as foreign intelligence services. It involves collecting and going through the trash left out for collection from residences and businesses.
Stealing trash is not illegal. The Supreme Court ruled in 1988 that once an item is left for trash pickup, there is no expectation of privacy or continued ownership. Who is affected by EEA:
FCRA
The Fair and Accurate Credit Transactions Act
The FACT Act of 2003 was signed into law on December 4, 2003.
In general, this Act amends the Fair Credit Reporting Act (“FCRA”), which contain a number of provisions intended to combat consumer fraud and related crimes, including identity theft, and to assist its victims.
Specifically, the act requires the destruction of all papers containing consumer information. It's hard to imagine any business or organization that is not bound by this law.
Location: Queens, NY
Location: Marina, San Francisco
Proposed Disposal Rule
Sec. 682.3 Proper disposal of consumer information.
A) Standard: Any person who maintains or otherwise possesses consumer information, or any compilation of consumer information, for a business purpose must properly dispose of such information by taking reasonable measures to protect against unauthorized access to or use of the information in connection with its disposal.
B) Examples: Reasonable measures to protect against unauthorized access to or use of consumer information in connection with its disposal would include implementing and monitoring compliance with policies and procedures that require the burning, pulverizing, or shredding of papers containing consumer information so that the information cannot practicably be read or reconstructed.