Shred Laws

Tens of millions of Americans are victims of Identity Theft each year resulting in billions of dollars in cost. A large percentage (in excess of 60%) of those losses are attributable to off-line methods such as dumpster diving, compared to only slightly more than 10% from on line internet schemes.

A simple, low cost practice is too routinely shred end-of-cycle confidential files is an area where SafeGuard Document Destruction, Inc. will be of value to you.

Negligent mishandling of waste documents has resulted in the enactment of laws designed to protect the privacy of businesses and individuals. A few of those laws are listed below:

Privacy Legislation And Regulatory Guidance

Federal Legislation

The Federal Government has stepped in and aggressively legislated several statutes to protect individual privacy as well as requirements for businesses to take appropriate measures to dispose of sensitive information.

  • The Fair and Accurate Credit Transaction Act (FACTA) applies to all organizations that obtain and maintain private individuals' data including credit reports, credit scores, employment background, check writing history, insurance claims, residential and medical history.
  • The Gramm-Leach-Bliley Act (GLB) specifically addresses financial institutions' and insurance companies' obligations to "respect the privacy of its customers and to protect the security and confidentiality of those customers' non-public information."
  • The Health Insurance Portability and Accountability Act (HIPAA) pertains to the medical field; the privacy of patient health records as well as appropriate safeguards and destruction of those records prior to disposal.

State Legislation

Many of the states have enacted similar laws adopting and further confirming Federal Law, as well as imposing significant fines for violations.

  • The New Jersey Identity Theft Prevention Act of 2006 (ITPA) is designed to protect individual privacy by notifying those whose data has been violated and initiating freezes on consumer reporting functions when necessary. Specifically, data destruction requirements are addressed.
  • The New York Information Security Breach and Notification Act of 2005 applies to any individual or business operating in the state of New York. Requirements are to notify individuals whenever their personal information has been released to unauthorized parties and when such a breach in security has caused a loss. This act addresses the guardianship responsibilities with paper and computerized customer data.
  • The Pennsylvania Breach of Personal Information Notification Act of 2006 states that businesses are required to notify individuals whenever their personal information has been released to unauthorized parties and when such a breach in security has caused a loss to a Pennsylvania resident. This act addresses the guardianship responsibilities with paper and computerized customer data.
  • The Maryland Consumer Protection - Personal Information Protection Act of 2008 is summarized as: "When a business is destroying a customer's records containing the customer's personal information, the business must take reasonable steps to protect against unauthorized access to or use of the personal information, taking specified considerations into account.

Feel free to contact us for more information with regard to any specific state's legislation, classification of business or other legal requirements.