Document Privacy Laws

Fair and Accurate Credit Transactions Act (FACTA)
The Fair and Accurate Credit Transactions Act, 2003 (FACTA) was enacted in December 2003 with more specific document destruction rules coming into effect on June 1, 2005. FACTA amended the existing Fair Credit Reporting Act providing consumers, companies, consumer reporting agencies, and regulators with new tools to expand consumer access to credit, enhance the accuracy of consumer financial information, and help fight identity theft. FACTA is administered by the Federal Trade Commission (FTC).

Family Educational Rights and Privacy Act (FERPA)
The Family Educational Rights and Privacy Act (FERPA) is a federal U.S. law that protects the privacy of student education records.

Gramm-Leach-Bliley Act (GLB Act)
The Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act (GLB Act), protects the privacy of consumer information held by financial institutions and requires companies to give consumers privacy notices that explain the institution’s information-sharing practices. The Act also provides consumers with the right to limit some sharing of their information.

Health Insurance Portability and Accountability Act (HIPAA)
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a United States federal law that requires healthcare organizations to “maintain reasonable and appropriate, technical, and physical safeguards to prevent intentional or unintentional use or disclosure of protected health information.” Protected health information (PHI) includes patient medical records, patient logs, insurance, billing, and other personally identifiable health information.

Sarbanes-Oxley Act (SOX)
Enacted following a series of high-profile accounting scandals in the United States, most notably Enron and Worldcom, the Sarbanes-Oxley Act of 2002 (SOX) is intended to enhance corporate responsibility and financial reporting as well as combat corporate and accounting fraud. It is one of the most complex pieces of legislation passed in the United States in recent years and includes some of the most far-reaching reforms of American business practices since the 1930′s.

US Safe Harbor Program
The European Union’s Directive on Data Protection prohibits the transfer of personal data to US companies that do not meet the Commission’s standards for privacy protection.

USA Patriot Act
The Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act (USA Patriot Act) was enacted in October 2001 in an effort to “deter and punish terrorist acts in the United States and around the world, to enhance law enforcement investigator tools and for other purposes.”

Visit our blog for the latest document shredding requirements. To help you comply with these Federal and State laws, please look at our long list of document and media destruction services.

MA Privacy 201 CMR17

In an effort to protect Massachusetts residents from the rising incidence of fraud and identity theft from data loss, the State of Massachusetts has implemented aggressive regulatory requirements to protect personal information. The state now requires mandatory compliance with 201 CMR 17.00 – Standards for the Protection of Personal Information of Residents of the Commonwealth (also known as just 201 CMR 17, or the Massachusetts Privacy Law). Massachusetts Privacy Law establishes a minimum standard to be met for the protection of Massachusetts residents’ personal information contained in both paper and electronic records.


Our Vast Knowledge Base

Read Frequently Asked Questions and Ask some of your own here!