New and stricter federal and state laws are now in place for protecting customer, patient and consumer personal information. Businesses, both large corporations and small business owners, are being held accountable to properly handle and dispose of sensitive or confidential documents or media regardless of industry.

FACTA: Fair and Accurate Credit Transaction Act of 2005

The Federal Trade Commission's FACTA (Fair and Accurate Credit Transaction Act) Disposal Rule went into effect June 1, 2005. It is the most recent, widespread and comprehensive piece of such legislation to date, and the first national shred law of any kind.

Who must comply? Everyone. The law states that "any person who maintains or otherwise possesses consumer information for a business purpose" must properly destroy discarded consumer information. This new rule applies to virtually every person and business in the United States!

FACTA requires the destruction of all discarded personal information contained on a credit report or derived from a credit report either through the implementation of their own document destruction policies or by contracting with a document shredding company. 

Penalties for violating the rule include actual damages, statutory damages up to $1,000, punitive damages per violation (with no cap on class action damages), attorneys' fees and civil penalties up to $2,500.

Sarbanes-Oxley Act of 2002

Legislation affecting corporate governance, financial disclosure and the practice of public accounting that protects investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws.

Who must comply? Most public companies report financials to consumers.

Gramm-Leach-Bliley Act: GLB Act, Financial Modernization Act of 1999

Protects consumers' personal financial information held by financial institutions.

Who must comply? Banks, securities firms, insurance companies and any other company that provides financial products and services to consumers.

HIPAA: Health Insurance Portability & Accountability Act of 1996

Federal law to prevent abuses of personal health information (PHI). including unauthorized access. The law is administered by the U.S. Department of Health and Human Services, and is enforced by the U.S. Office of Civil Rights.

Who must comply? "Covered Entities," which is every employer in the U.S. with completed health insurance applications or injury reports on file.

HITECH Act: Health Information Technology for Economic and Clinical Health Act

The HITECH Act was signed into law  on February 17, 2009 as part of the American Recovery and Reinvestment Act of 2009 (ARRA). ARRA contains incentives related to health care information technology in general (such as the creation of a national health care infrastructure) and contains specific incentives designed to accelerate the adoption of electronic health record systems among providers.

Because this legislation anticipates a massive expansion in the exchange of electronic protected health information, the HITECH Act also widens the scope of privacy and security protections available under HIPAA. Furthermore, it increases the potential legal liability for non-compliance and it provides for stricter enforcement.

Greenstar stays up to date with the most current regulations to ensure that our customers are well protected. Contact Greenstar and let us help you comply with identity protecting legislation.