Laws & Compliance

Federal Legislation

The Federal Government has stepped in and aggressively legislated several statutes to protect individual privacy as well as requirements for businesses to take appropriate measures to dispose of sensitive information.

• The Fair and Accurate Credit Transaction Act (FACTA) applies to all organizations that obtain and maintain private individuals’ data including credit reports, credit scores, employment background, check writing history, insurance claims, residential and medical history.
• The Gramm-Leach-Bliley Act (GLB) specifically addresses financial institutions’ and insurance companies’ obligations to "respect the privacy of its customers and to protect the security and confidentiality of those customers’ non-public information."
• The Health Insurance Portability and Accountability Act (HIPAA) pertains to the medical field; the privacy of patient health records as well as appropriate safeguards and destruction of those records prior to disposal.

State Legislation

Many of the states have enacted similar laws adopting and further confirming Federal Law, as well as imposing significant fines for violations.

• The New Jersey Identity Theft Prevention Act of 2006 (ITPA) is designed to protect individual privacy by notifying those whose data has been violated and initiating freezes on consumer reporting functions when necessary. Specifically, data destruction requirements are addressed.
• The New York Information Security Breach and Notification Act of 2005 applies to any individual or business operating in the state of New York. Requirements are to notify individuals whenever their personal information has been released to unauthorized parties and when such a breach in security has caused a loss. This act addresses the guardianship responsibilities with paper and computerized customer data.
• The Pennsylvania Breach of Personal Information Notification Act of 2006 states that businesses are required to notify individuals whenever their personal information has been released to unauthorized parties and when such a breach in security has caused a loss to a Pennsylvania resident. This act addresses the guardianship responsibilities with paper and computerized customer data.
• The Maryland Consumer Protection – Personal Information Protection Act of 2008 is summarized as: "When a business is destroying a customer’s records containing the customer’s personal information, the business must take reasonable steps to protect against unauthorized access to or use of the personal information, taking specified considerations into account.
• Florida Information Protection Act of 2014 has expanded the definitions of what constitutes a reportable data breach and greatly increased the number of organizations that must comply. This act now obligates any company, association, commercial or governmental entity that acquires, maintains, stores, or uses "Personal Identifiable Information" of Florida residents to comply

Feel free to contact us for more information with regard to any specific state’s legislation, classification of business or other legal requirements.

NAID AAA Certified

The National Association for Information Destruction, or NAID, is a trade group that assists in creating privacy legislation to limit identity theft and fraud. SafeGuard is a NAID AAA Certified company, meaning we comply with the strict guidelines set forth by NAID. This security criterion, which follow from federal legislation such as HIPPA, FACTA, and GLB ensure document shredding companies are adhering to the privacy laws that were adopted by Congress.

This set of guidelines requires: annual employee background screenings, equipment standards, strict procedural processes, shred size policy, etc. NAID additionally completes random audits amongst the companies it has certified, in order to confirm that proper procedure is being followed.

SafeGuard Document Destruction has proudly been a NAID member since 2007, and continues to adopt new procedural mechanisms to stay ahead of industry regulation.

Identity Theft

A 2016 report reveals that over 13.1 million U.S. consumers were affected by identity theft, which amounted in over $15 billion in losses for these individuals. Over the past 6 years the amount stolen from identity theft has risen to over $112 billion. Who are these identity thieves? Anyone from company employees, competitors, suppliers, or other third-party members.

Although the Identity Theft and Assumption Deterrence Act of 1998 was adopted by Congress to fight the growing issue of identity theft, this problem is still extremely prevalent. Theft occurs today from traditional methods such as dumpster-diving and stealing files left out in the open. But, even more complex methods of stealing information are present, like stealing hard-drives and other electronically stored data.

Some ways to protect your company and clients here are some helpful tips:

• Create internal protocols for your employees that entail secure document storage and document disposal practices
• Engage in recurring shredding practices, the quicker unneeded documents are shredded the less likely they can be stolen.
• Make sure hard drives and other electronic data are shredded as well

Materials to Destroy

Executive Level

Strategic Reports, Budget, Legal contract, Correspondence

Accounting & Information Technology

Payroll statement, Budget schedule, Internal report, Supplier information

Research & Development

New product information, Reports, Formulas, Product plans and test, Specification drawings

Human Resources

Payroll information, Performance appraisals, Application, Disciplinary reports and promotions, Medical records