Regulations

Data Privacy Regulations

19666995_sDocument destruction is not just throwing paper in the garbage, it means destroying the paper in a way that it is not usable or readable.  Due to widespread document, data and ID theft governments across the globe have put data privacy laws into play. Below you can learn about some of the privacy laws that are in place in regard to paper shredding and hard drive destruction.

Facta – The Fair and Accurate Credit Transaction Act – mandates that businesses properly dispose of documents containing consumer information. Businesses are required to take measures to destroy all consumer reports to the point that they will not be reconstructed or reread.  Not complying with FACTA may result in fines, class action lawsuits, as well as federal and state authorities bringing legal enforcement actions for violation of this law.

GLBA – The Gramm-Leach-Bliley Act – includes provisions to protect consumers’ personal financial information held by financial institutions, which includes not only banks, securities firms, and insurance companies, but also companies providing other types of financial services and products to consumers.  The GLBA requires banks to develop privacy notices and provide customers with the option of prohibiting the sharing of their confidential information with outside third parties.  In 2001, the GLBA was amended, requiring financial institutions to have in place a comprehensive, written information security program which includes the proper destruction of documents.

HIPAA – Health Insurance Portability and Accessibility Act – puts very strict guidelines on the healthcare industry, assuring that healthcare organizations be responsible for the secure disposal of patient information.Regulations regarding who accesses the data and how its accessed is regulated as well.  If a covered entity fails to apply destruction policies uniformly or where destruction is contrary to policy, courts will allow juries to find doctors’ offices and medical facilities negligent for their failure to destroy documents containing a patient’s confidential medical information. LionCage provides HIPAA-compliant destruction of a patient’s confidential medical information.

HiTech – Health Information Technology for Economic and Clinical Health Act Effective September 23, 2009, Health and Human Services (HSS) implemented the requiring covered practices  that are regulated by (HIPAA) and their Business Associates to provide notification in the event of a breach of “unsecured Protected Health Information”(PHI). In addition HiTech specifies the methods under which render PHI unusable, unreadable for relief from the breach notification requirement. A covered entity must notify each individual whose unsecured PHI has been thought to have potential  been compromised,  accessed, acquired, used or revealed as a result of the breach. Should the breach  involve more than 500 residents of a given  state, the covered entity must notify HSS and publicize the security breach in the media.

BIC – Due to widespread corruption at the close of the last century in regard to garbage and recycling companies the Guiliani team put into place BIC , The Buisness Integrity Commission , LionCage is licensed in NYC by the Business Integrity Commission, Lic. # 4480 – a certification requirement which many shredding companies lack. Our security experts undergo continuing education to ensure they are top of data security and privacy laws so that they continue to serve you in a confidential professional manner.

The Red Flags Rule requires businesses and organizations that contain confidential data, specifically but not uniquely in  banking related industries  to implement a written Identity theft prevention program. These program are designed to detect the potential warning signs  also known as  “red flags” of identity theft in their day-to-day operations.  By identifying red flags ahead of time, businesses and organizations will be better equipped to spot suspicious patterns that may arise and take steps to prevent a red flag from escalating into actual  costly episode of identity theft. Click here to learn more