Shredding Laws

Connecticut Law

Sec. 42-471. Safeguarding of personal information. Social Security numbers. Privacy protection policy. Civil penalty. (a) Any person in possession of personal information of another person shall safeguard the data, computer files, and documents containing the information from misuse by third parties, and shall destroy, erase or make unreadable such data, computer files, and documents prior to disposal.

Federal Laws

Gramm-Leach-Bliley Act (1999) Financial Services Modernization Act

This Federal legislation went into effect in 2000, the privacy provisions in the law require that financial institutions and insurance companies give consumers prior notice of an intention to share personal information and a chance to opt out of the sharing of such information. The law states that these institutions and companies need to “respect the privacy of its customers and to protect the security and confidentiality of those customers’ non-public information.” The language suggested in the Safeguard Rule that paper documents containing such personal information should also be protected and safely destroyed.

The Fair and Accurate Credit Transaction Act (FACTA)

In general, the Act amends the Fair Credit Reporting Act (“FCRA”) to enhance the accuracy of consumer reports and to allow consumers to exercise greater control regarding the type and amount of marketing solicitations they receive. FACT Act also establishes uniform national standards in key areas of regulation regarding the handling and disposal of consumer information in the possession of all companies and organizations.

Health Insurance Portability & Accountability Act (HIPAA)

HIPAA was enacted in 1996 and the mandatory compliance date is April 14, 2003. All hospitals, doctors, pharmacies, health plans, medical billing companies and any other business entity involved in the healthcare industry must comply. The rules apply to all protected health information. The Standard for Privacy of Identifiable Health Information requires that covered entities put in place administrative, technical and physical safeguards to protect the privacy of protected health information. One example given of a safeguard for the proper disposal of paper documents containing protected health information is that the documents be shredded prior to disposal.

Federal Privacy Act of 1974

This law was established in 1974 to insure that government agencies protect the privacy of individuals and businesses with regard to information held by them and to hold these agencies liable for any information released without proper authorization.

The Family Educational Rights and Privacy Act (FERPA)

The Family Educational Rights and Privacy Act (FERPA) is a Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education.

FERPA gives parents certain rights with respect to their children’s education records. These rights transfer to the student when he or she reaches the age of 18 or attends a school beyond the high school level. Students to whom the rights have transferred are “eligible students.”

Economic Espionage Act of 1996 (EEA)

The Economic Espionage Act is a very powerful law which helps with the enforcement of properly handling information. This law is the first federal law that defines and severely punishes misappropriation and theft of trade secrets. However, according to this Act, the government will only protect companies who take “reasonable measures” to safeguard their information.