Theft, Vandalism and industrial Espionage are becoming ever increasing security problems. Today’s information explosion can be devastating to your business. With the increased use of office copiers and computers, staggering amounts of sensitive information are being generated and carelessly discarded.
Dun’s Review estimates that corporate espionage costs US businesses over $7 billion in losses yearly. It’s believed that one in four American adults have been defrauded in various identity theft schemes.
Your trash, your credit card, phone card, even your junk mail may be the source of a financial and personal catastrophe. It’s an unimaginable nightmare for most people, and a nefarious windfall for the growing ranks of corporate scavengers and identity thieves currently farming America’s trash.
Federal Privacy Laws
Document shredding really is not an option for a business anymore – it’s the law. Numerous federal laws impose a duty on a company to maintain the privacy and confidentiality of various documents and information. This duty includes the safe and secure destruction of information held by the company. Failure to insure proper and reliable document disposal could subject a business to substantial penalties, including fines, civil damages, or even criminal liability.
The following lists some of the relevant privacy laws impacting document destruction practices:
- Fair and Accurate Credit Transaction Act (FACTA) of 2003. This is designed to reduce the risk of consumer fraud & identity theft created by improper disposal consumer information. According to FACTA “any person who maintains or otherwise possesses consumer information for a business person” must properly destroy discarded consumer information. Find out more
- Gramm-Leach-Bliley Act of 1999. Companies within the financial industry (e.g. insurance, banks, mortgage, securities, etc. ) must insure the security and confidentiality of their customers’ personal information, and they must protect against any anticipated threats or hazards to such information and any unauthorized access or use of this important information. There are severe penalties for noncompliance, including heavy fines and even imprisonment (for up to 5 years). Financial institutions can be subject to civil penalties up to $100,000 for each violation, and officers and directors can be personally liable up to $10,000.
- Health Insurance Portability and Accountability Act of 1996 (HIPAA). This law protects the privacy of patient health records by imposing limitations on the use and disclosure of these records for health care providers (hospitals, clinics, pharmacies, doctors, etc.), health care insurance plans, health care billing services, and many companies doing business with one of these entities (attorneys, actuaries, accountants, etc.). Failure to keep patient information secure through improper document disposal could expose a company to civil penalties of up to $25,000 for each violation or criminal fines ($50,000 – $250,000) and imprisonment (1-10 years), depending on the severity.
- Americans with Disabilites Act and Federal Family and Medical Leave Act. The ADA and FMLA mandate that medical-related records in the possession of an employer be kept confidential. A company’s failure to ensure the confidentiality of this information could result in significant civil liability.
- Identity Theft and Assumption Deterrence Act of 1998. This law attempts to address the problem of identity theft by making it a federal crime (with severe penalties) for anyone to knowingly transfer or use a means of identifying another person with the intent to engage in – or assist – unlawful activity. A company, therefore, could expose itself to liability if its business practices make it easier to steal someone’s identity (i.e. through improper document disposal).
- Economic Espionage Act of 1996. The federal government will protect a company’s trade secrets by imposing stiff civil and criminal penalties against any person or entity that steals or discloses the trade secrets. These significant protections, however, are only available if the company takes reasonable measures to preserve and protect its own trade secrets. Improper document disposal, therefore, could result in a loss of this Act’s protections.