Federal Privacy Act of 1974 (updated DOJ 2015)

https://www.justice.gov/opcl/overview-privacy-act-1974-2015-edition

• Established to insure that government agencies protect the privacy of individuals and businesses with regard to information held by them.
• It holds these agencies liable for any information released without proper authorization.

_______________________________________________________________________________

Family Educational Rights and Privacy Act (FERPA – 1974)

https://www2.ed.gov/policy/gen/guid/fpco/ferpa/index.html

• Federal law that protects the privacy of student education records.
• The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education.

________________________________________________________________________________

Health Insurance Portability & Accountability Act (HIPAA – 1996)

https://www.hhs.gov/hipaa/index.html

• All hospitals, doctors, pharmacies, health plans, medical billing companies and any other business entity involved in the healthcare industry must comply with this act.
• The rules apply to all protected health information.
• The Standard for Privacy of Identifiable Health Information requires that covered entities put in place administrative, technical and physical safeguards to protect the privacy of protected health information.
• One example given of a safeguard for the proper disposal of paper documents containing protected health information is that the documents be shredded prior to disposal.

______________________________________________________________________________

Gramm-Leach-Bliley Act – Financial Services Modernization Act (GLB – 1999)

https://www.ftc.gov/tips-advice/business-center/privacy-and-security/gramm-leach-bliley-act

• The privacy provisions require that financial institutions and insurance companies give consumers prior notice of an intention to share personal information and a chance to opt out of the sharing of such information.
• The law states that these institutions and companies need to “respect the privacy of its customers and to protect the security and confidentiality of those customers’ non-public information.”
• The Safeguard Rule recommends that paper documents containing such personal information should be protected and safely destroyed.
• This Safeguards Rule requires all financial institutions to design, implement and maintain safeguards to protect customer information.
• The Safeguards Rule applies not only to financial institutions that collect information from their own customers, but also to financial institutions — such as credit reporting agencies — that receive customer information from other financial institutions.

________________________________________________________________________________

Sarbanes Oxley Act (SOX – 2002)

 https://www.sec.gov/answers/about-lawsshtml.html#sox2002

• Enacted after Enron and Worldcom financial scandals to increase corporate responsibility and financial reporting to combat fraud.
• Applies to public companies based in the United States or traded on the US stock exchanges.
• Requires a written record information management policy and procedures, including the process and procedures for proper document destruction.
• If convicted of violating, strict fines and imprisonment of up to 20 years.

________________________________________________________________________________

American Recovery and Revitalization Act (ARRA – 2003)

• Includes HITECH modifications to HIPAA; breach notification and fines up to $50,000 per violation.
• Health and Human Services Final Omnibus Rule 2013 – Shredding companies defined as Business Associates.

Link for hitech modifications https://www.hhs.gov/hipaa/for-professionals/special-topics/hitech-act-enforcement-interim-final-rule/index.html

Link for omnibus rule 2013 https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/combined-regulation-text/omnibus-hipaa-rulemaking/index.html

________________________________________________________________________________

The Fair and Accurate Credit Transaction Act (FACTA – 2003)

 https://www.govinfo.gov/content/pkg/PLAW-108publ159/pdf/PLAW-108publ159.pdf 

• Enhance the accuracy of consumer reports.
• Allow consumers to exercise greater control regarding the type and amount of marketing solicitations they receive.
• Establishes uniform national standards in key areas of regulation regarding handling and disposal of consumer information in the possession of all companies and organizations
  • FTC Disposal Rule – 6/1/2005 
  •  
  • Link For FTC Disposal Rules https://www.ftc.gov/tips-advice/business-center/guidance/disposing-consumer-report-information-rule-tells-how
  • Red Flags Rule – 8/1/2009 
  •  
  • LINK for RED Flag Rules https://www.ftc.gov/tips-advice/business-center/privacy-and-security/red-flags-rule

_______________________________________________________________________________

Check Clearing for the 21st Century (Check 21 Act – 2004)

 https://www.fdic.gov/consumers/assistance/protection/check21.html

• Allows banks to make check processing fast and more efficient by handling more checks electronically.
• Bank and other financial institutions must establish a retention and destruction policy for the checks and substitute checks in paper or electronic format.
• Checks are typically retained at the branch-level prior to secure destruction.

_______________________________________________________________________________

Payment Card Industry Data Security Standard (PCI-DSS) – (2006, updated 2015)

 https://www.pcisecuritystandards.org/

• Verify that hard copy materials are crosscut shredded, incinerated, or pulped such that there is reasonable assurance the hard-copy materials cannot be reconstructed.
• Examine storage containers used for information to be destroyed to verify that the containers are secured. For example, verify that a-to-be-shred container has a lock preventing access to its contents.
• Verify that cardholder data on electronic media is rendered unrecoverable via a secure wipe program in accordance with industry-accepted standards for secure deletion, or otherwise physically destroying the media (e.g., degaussing).

STORAGE PLUS SHREDDING – TULSA OK

Off-Site Shredding, On-Site Shredding, Specialty Shredding, Document Storage

(918) 665-2828

Our Recurring Off-Site Mobile Document Shredding Services include: 

• Documents transported in locked commercial trucks.
• Documents will be shredded within 24 hours of arrival at our warehouse.
•  Documents remain under video surveillance once   received at our warehouse.  Customers are always welcome schedule the service so they can witness the off-site destruction at our warehouse.

No Hidden Charges or Long Term Contracts Required

Storage Plus Shredding does not require a long term contract