Laws and Regulations

Keeping information secure is our business, and we help businesses like yours protect their customer, employee and corporate data. Shredding/document destruction is the leading way to help comply with privacy legislation. The legal requirements on businesses continues to grow and are now being strictly enforced. Despite the push for a paperless office, companies are using more paper and electronic storage media (think CDs, DVDs, mag tape, etc.) in the office.  Even now, more than 90% of corporate information is paper-based.

Identity theft is a serious and growing crime.  Each year, there are more than 10 million victims resulting in over $50 Billion in costs.  Several laws, such as FACTA, HIPAA, FCRA and Sarbanes-Oxley cover virtually every business in America.  FACTA requires destroying ALL consumer/employee information prior to disposal before it is discarded.  Recycling is not enough.  With our secure shredding services, you can rest assured that your clients’ and company’s information is legally and safely handled protecting both your reputation and your bottom line.

 

There are a variety of federal, state and local regulations that businesses must comply with on a daily basis. Safeguarding data is just one of them. Recycling is not enough. Using the document destruction services of Master Shred will help you comply with some of the requirements of the following regulations:

HITECH Act (Health Information Technology for Economic and Clinical Health Act)

FACTA (Fair and Accurate Credit Transactions Actof 2003)

FCRA (Fair Credit Reporting Act of 1999)

GLBA (Gramm-Leach-Billey Financial Services Modernization Act of 1999)

ITPEA (Identity Theft Penalty Enhancement Act)

SOX (Sarbanes-Oxley Act)

HIPAA (Health Insurance Portability and Accountability Act)

Red Flags Rule

 

While there are regulations you must comply with, the main reason you want to use Master Shred is to reduce your exposure to risk. Like insurance, this is a very cost effective way to not only be in compliance to avoid fines but to preserve your competitve edge. Think of it this way -- do you want your clerk, manager, executive deciding what to throw away or recycle versus using our shredding recepticle? Would you feel comfortable letting your competitor sort through your waste or recycling bins? Absolutely not! From the highest level, document destruction needs to be a priority and by making it easy and affordable, it's easier to gain wide acceptance throughout the organization -- whether it's a small shop or large organization.

 

Expand All | Close All

What is FACTA?

The Fair and Accurate Credit Transactions Act, also known as the FACT Act. This was signed into law in 2003. In general, the act amends the Fair Credit Reporting Act (FCRA). It contains a numer of provisions intended to combat consumer fraud and related crimes, including identity theft, and to assist its victims. FACTA requires the destruction of papers containing consumer information. It is hard to imagine any business or organization that is not bound by this law.

What is HIPAA?

Congress recognized the need for national patient record privacy standards in 1996 when they enacted the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The law included provisions designed to save money for health care businesses by encouraging electronic transactions, but it also required new safeguards to protect the security and confidentiality of that information.

What is FCRA?

The Fair Credit Reporting Act (FCRA) is United States federal legislation that promotes accuracy, fairness and privacy for data used by consumer reporting agencies. Consumer reporting agencies include credit bureaus and financial agencies -- such as those that sell information about rental history records.

What is HITECH?

On February 17, 2009, the American Recovery and Reinvestment Act (ARRA) was signed into law. Among many other things, the ARRA dedicates substantial resources to health information technology that supports the secure electronic exchange and use of health infor­mation. Title XIII of Division A and Title IV of Division B of the Act are referred to as the Health Information Tech­nology for Economic and Clinical Health Act or HITECH Act. The HITECH Act includes a number of measures designed to broaden the scope and increase the rigor of HIPAA compliance.

The HITECH Act expands the reach of HIPAA data privacy and security requirements to include the Business Associates of those entities (health care providers, pharmacies, and the like) that are subject to HIPAA. Business Associates are companies like accounting firms, billing agencies, law firms or others that provide services to the entities covered under HIPAA.

What is ITPEA?

The ITPEA (Identity Theft Penalty Enhancement Act) establishes as a federal crime and imposes penalties for aggravated identity theft, defined as knowingly transferring, possessing, or using a means of identification of another person without lawful authority. This affects virtually all US residents because it is designed to safeguard information, protect privacy and reduce the risk of identity theft.

To help ensure compliance with the Act, penalties and fines were established and violations were deemed felonies to show the seriousness of the intent.

Since the purpose of the Identity Theft Penalty Enhancement Act is to deter identity theft by imposing harsher punishments, no specific compliance regulations exist to support the Act; however, companies should review their information protection policies and procedures to ensure safe information handling and storage

What is Gramm-Leach Bliley Act?

The Gramm-Leach-Bliley Act (GLB Act or GLBA), also known as the Financial Modernization Act of 1999, is a federal law enacted in the United States to control the ways that financial institutions deal with the private information of individuals. The Act consists of three sections: The Financial Privacy Rule, which regulates the collection and disclosure of private financial information; the Safeguards Rule, which stipulates that financial institutions must implement security programs to protect such information; and the Pretexting provisions, which prohibit the practice of pretexting (accessing private information using false pretenses). The Act also requires financial institutions to give customers written privacy notices that explain their information-sharing practices.

What is the Red Flags Rule?

The Red Flags Rule was based on section 114 and 315 of the Fair and Accurate Credit Transactions Act of 2003. The Red Flags Rule sets out how certain businesses and organizations must develop, implement, and administer their Identity Theft Prevention Programs. The program must include four basic elements, which together create a framework to address the threat of identity theft.

What is SOX (Sarbanes - Oxley?

The Sarbanes-Oxley Act of 2002 (often shortened to SOX) is legislation enacted in response to the high-profile Enron and WorldCom financial scandals to protect shareholders and the general public from accounting errors and fraudulent practices in the enterprise. The act is administered by the Securities and Exchange Commission (SEC), which sets deadlines for compliance and publishes rules on requirements. Sarbanes-Oxley is not a set of business practices and does not specify how a business should store records; rather, it defines which records are to be stored and for how long.