New and stricter federal and state laws are now in place for protecting customer, patient and consumer personal information. Businesses, both large corporations and small business owners, are being held accountable to properly handle and dispose of sensitive or confidential documents or media regardless of industry.

FACTA: Fair and Accurate Credit Transaction Act of 2005

The FTC's Fair and Accurate Credit Transaction Act (FACTA) Disposal Rule was enacted in June of 2005. It was the first national law regarding shredding and remains most extensive piece of shred legislation.

Who must comply? Everyone. FACTA requires "any person who maintains or otherwise possesses consumer information for a business purpose" to properly destroy consumer information before it is discarded.

FACTA requires the destruction of all discarded personal information on or derived from credit reports.  This process can be completed through the execution of in-house secure document destruction policies or by partnering with a company that specializes in secure document shredding. 

Penalties for violating FACTA rules include actual damages resulting from the violation, up to $1,000 of statutory damages, punitive damages per violation, and up to $3,500 attorneys' fees and civil penalties.  Punitive damages awarded include no cap on class action damages.

Sarbanes-Oxley Act of 2002

Sarbanes-Oxley affects corporate governance, disclosure of financial information, and the practice of public accounting.  It is aimed at protecting investors by improving the precision and conisstency of disclosures made pursuant to the securities laws.

Who must comply? Most public companies report financials to consumers.

Gramm-Leach-Bliley Act: GLB Act, Financial Modernization Act of 1999

Protects consumers' personal financial information held by financial institutions.

Who must comply? Any company providing financial products and services to consumers.

HIPAA: Health Insurance Portability & Accountability Act of 1996

HIPAA prevents the abuse of personal health information (PHI).  This includes unauthorized access to this information. The law is administered by the U.S. Department of Health and Human Services, and is enforced by the U.S. Office of Civil Rights.

Who must comply? Every  United States employer with completed health insurance applications or injury reports on file.  Under HIPAA, these employers are classified as "Covered Entities".

Greenstar stays up to date with the most current regulations to ensure that our customers are well protected. Contact Greenstar and let us help you comply with identity protecting legislation.