Identity theft has become one of the fastest growing crimes in the U.S. As a result, many new laws have been passed to insure the security of personal information. Recent Federal and State legislation holds businesses to higher standards of confidentiality. These laws, regulations, fines and breach notifications provide even more incentives for proper information destruction procedures. Failure to comply means fines and litigation. Some of these laws include:

   • Health Insurance Portability and Accountability Act (1996)  (HIPPA)

   • Gramm-Leach-Bliley Financial Services Modernization Act (1999)  (GLB)

   • Fair and Accurate Credit Transactions Act  (FACTA)

   • Regulation S-P (Security and Exchange Commission)

   • Health Information Technology of Economic and Clinical Health Act (2009) (HITECH)

   • The Red Flags Rule (2010)

   • Privacy Act (1974)

   • Exchange Espionage Act (1996)

   • Identity Theft Laws

   • Sarbenes-Oxley Act (2002)

   • Georgia Law SB-475

   • State Laws related to Data Protection

   • Fines: There have recently been millions of dollars in fines for discarding undestroyed information.

   • Breach Notification: Laws now require your public organization to publicly disclose when information has been potentially disclosed
     to unauthorized individuals.

NOTE: Every data protection regulation in the United States requires that organizations train employees to protect confidential
customer and employee information.

The list above was obtained partially from the NAID Publication "The Facts of Life (about proper information destruction)."