Laws and Regulations
Certification. Compliance. Training.
TITAN helps you comply with all laws and regulations – NAID AAA Certification, Compliance Toolkit, Employee Training and CSDS® on staff. Call us now for compliance assistance – 866-TITAN-99
• Enhance the accuracy of consumer reports.
• Allow consumers to exercise greater control regarding the type and amount of marketing solicitations they receive.
• Establishes uniform national standards in key areas of regulation regarding handling and disposal of consumer information in the possession of all companies and organizations
• FTC Disposal Rule – 6/1/2005
• Red Flags Rule – 8/1/2009
• The privacy provisions require that financial institutions and insurance companies give consumers prior notice of an intention to share personal information and a chance to opt out of the sharing of such information.
• The law states that these institutions and companies need to “respect the privacy of its customers and to protect the security and confidentiality of those customers’ non-public information.”
• The Safeguard Rule recommends that paper documents containing such personal information should be protected and safely destroyed.
• This Safeguards Rule requires all financial institutions to design, implement and maintain safeguards to protect customer information.
• The Safeguards Rule applies not only to financial institutions that collect information from their own customers, but also to financial institutions — such as credit reporting agencies — that receive customer information from other financial institutions.
• All hospitals, doctors, pharmacies, health plans, medical billing companies and any other business entity involved in the healthcare industry must comply with this act.
• The rules apply to all protected health information.
• The Standard for Privacy of Identifiable Health Information requires that covered entities put in place administrative, technical and physical safeguards to protect the privacy of protected health information.
• One example given of a safeguard for the proper disposal of paper documents containing protected health information is that the documents be shredded prior to disposal.
American Recovery and Revitalization Act (ARRA – 2003)
• Includes HITECH modifications to HIPAA; breach notification and fines up to $50,000 per violation.
• Health and Human Services Final Omnibus Rule 2013 – Shredding companies defined as Business Associates.
New Jersey Identity Theft Prevention Act (2006)
• Applies to businesses and public agencies, they are required to minimize the risk of identity theft.
• Must destroy customer records that contain private personal information that are no longer retained.
• Records must be shredded, erased or otherwise modified to make personal information unreadable.
• Established to insure that government agencies protect the privacy of individuals and businesses with regard to information held by them.
• It holds these agencies liable for any information released without proper authorization.
• This law is the first federal law that defines and severely punishes misappropriation and theft of trade secrets.
• According to this Act, the government will only protect companies who take “reasonable measures” to safeguard their information.
• The United States Supreme Court has ruled that, once discarded, items left for waste collection are no longer protected as private property.
• Federal law that protects the privacy of student education records.
• The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education.
• Enacted after Enron and Worldcom financial scandals to increase corporate responsibility and financial reporting to combat fraud.
• Applies to public companies based in the United States or traded on the US stock exchanges.
• Requires a written record information management policy and procedures, including the process and procedures for proper document destruction.
• If convicted of violating, strict fines and imprisonment of up to 20 years.
• Verify that hard copy materials are crosscut shredded, incinerated, or pulped such that there is reasonable assurance the hard-copy materials cannot be reconstructed.
• Examine storage containers used for information to be destroyed to verify that the containers are secured. For example, verify that a-to-be-shred container has a lock preventing access to its contents.
• Verify that cardholder data on electronic media is rendered unrecoverable via a secure wipe program in accordance with industry-accepted standards for secure deletion, or otherwise physically destroying the media (e.g., degaussing).
• Allows banks to make check processing fast and more efficient by handling more checks electronically.
• Bank and other financial institutions must establish a retention and destruction policy for the checks and substitute checks in paper or electronic format.
• Checks are typically retained at the branch-level prior to secure destruction.