HELP U Shred - Security & Regulations
FACTA Compliance
FACTA: Basic Facts For Businesses
The Fair and Accurate Credit Transactions Act (FACTA) is a consumer rights bill that became effective June 1, 2005.
All companies in the United States are affected by this legislative act.
FACTA was designed to lower the risk of identity theft and consumer fraud. It enforces the proper destruction of consumer information, such as name, address, SSN and credit information. Also included in this bill is the necessity to destroy data compiled from this information.
FACTA basically requires that all businesses - regardless of size and industry - properly protect and dispose of the personal information they collect about their customers and employees.
"Any person who maintains or otherwise possesses consumer information, or any compilation of consumer information, derived from consumer reports for a business purpose" in electronic or paper form must "take reasonable measures to protect against unauthorized access or use of the information in connection with its disposal" - or to "properly dispose of such information or compilation.” The bill is available at www.ftc.gov/os/2004/11/041118disposalfrn.pdf.
The Red Flags Rule went into effect December 31, 2010.
The Red Flags Rule is one of the nineteen provisions of FACTA. The rule states that any organization extending payment terms to customers and has personal information on file must have a written document destruction program. This written program must detail where this information is susceptible to the risk of unauthorized access and/or identity theft, preventative measures that address identity theft vulnerabilities and state that authorities must be alerted as well as those in danger of identity theft. The owners of the company or board of directors must sign the written program annually, and it requires audits of data-related vendors with access to customers’ personal information.
The Red Flags Rule affects roughly 40% of U.S. businesses, nearly 11 million organizations.
The Health Insurance Portability and Accountability Act (HIPAA) is a federal law to prevent abuses of personal health information (PHI), including unauthorized access. It is administered by the U.S. Department of Health and Human Services (HHS) and it is enforced by the U.S. Office of Civil Rights.
Technically, EVERY EMPLOYER in the United States with completed health insurance applications or injury reports on file is considered a SMALL COVERED ENTITY under HIPAA.
Some businesses that would be considered SMALL COVERED ENTITIES are:
- Doctors
- Dentists
- Chiropractors
- Psychiatrists
- Psychologists
- Counselors
- Urgent Care Centers
- Billing Centers
- Physical Therapists
- Collection Agencies
- Orthodontists
- Medical Clinics
The Gramm-Leach-Bliley ACT (GLBA) made the affiliation of banks, investments firms and insurance companies possible. In turn for granting greater freedom to the financial industry, the Act put regulations in place to protect customer privacy.
Title V, Privacy Provisions:
Section 501: Mandates that the financial industry's governing bodies create guidelines for the safeguarding of customer information.
Section 502: Forces companies to allow customers the option of prohibiting their personal information from being shared with non-affiliated third parties.
Section 503: Requires the disclosure of privacy policies to customers on at least an annual basis.
Section 521: Criminalizes fraudulent access to customer information, specifically via telephone, A practice known as "pretexting."
For more information on the GLBA, please visit theGLBA Resource Library.