State and Federal Laws
Fair and Accurate Credit Transactions Act (FACT Act) require any person or company that possesses or maintains "any record about an individual, whether in paper, electronic or other form, (that is a consumer report such as a credit report) to take reasonable measures to protect against unauthorized access to or use of the information in connection to its disposal." Under the new law, all businesses must be in compliance by June 1, 2005 by both adopting and implementing their own document destruction or by contracting with a document shredding company to do so. Penalties for violating the rule include actual damages, statutory damages up to $1,000, punitive damages per violation (with no cap on class action damages), attorneys' fees and civil penalties up to $2,500.
Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996 and includes 2003 provisions. HIPAA is intended to safeguard the privacy of patient health records. Today, it's imperative that medical organizations protect themselves, their patients', and their employees' private and confidential information.
The Federal Privacy Act was enacted to protect the privacy of individuals and businesses. Public agencies and private businesses can be held liable if any personal information is released to unauthorized individuals.
The Gramm-Leach Bliley Act places significant restrictions on the use of customer information by those in the financial industry. These restrictions recognize that non-public personal, financial, and health information must be safe guarded and include proper disposal procedures.
Privacy Law AB2246 states that businesses must now destroy customer records containing personal information by shredding them, erasing them, or making them unreadable. Injured consumers can file lawsuits for civil damages against companies that fail to comply.