Information Security Compliance Regulations

Various state and federal laws govern the protection of private information. These rules and regulations restrict particular industries or sectors from disclosing confidential data. A data breach, whether malicious or accidental, can be grounds for a lawsuit and can cost an organization millions of dollars. A secure, reliable shredding program can protect documents containing sensitive and confidential information from theft and keep your business compliant with these privacy laws.

Security Regulations for the Healthcare Industry


The Health Insurance Portability and Accountability Act of 1996 (HIPAA) includes a Privacy Rule establishing national standards to protect individuals’ medical records and personal health information. The rule institutes safeguards and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization.

Document Disposal Rules for Businesses

Federal Rule 26

Rule 26 of the Federal Rules of Civil Procedure states that by not adhering to a routine document destruction program, a company exhibits suspicious disposal practices that could be negatively construed in the event of litigation or audit. Destroying older documents on a set schedule limits your legal risks.

Consumer Credit and Identity Protections


The new Fair and Accurate Credit Transactions Act of 2003 (FACTA) amended the Fair Credit Reporting Act (FCRA) to “prevent identity theft, improve resolutions of consumer disputes, improve accuracy of consumer records, make improvements in the use of, and consumer access to credit information, and for other purposes.” According to the FTC’s FACTA disposal rule “any person who maintains or otherwise possesses consumer information for a business purpose” must properly destroy discarded consumer information. A reasonable measure as defined in FACTA is securely shredding of paper documentation containing consumer information.

Information Security Laws for Financial Institutions


The Gramm-Leach-Bliley (GLB) Act requires that financial institutions ensure the security and confidentiality of its customers’ non-public personal information including personally identifiable data such as Social Security numbers, passwords or access codes for bank accounts, cards, ATM cards, financial assets, consumer credit reports, financial account numbers, and other similar information. The harm caused by identity theft has led the federal government to create mandates such as this in order to prevent even the negligent disclosure of sensitive personal information.


The Securities Exchange Commission (SEC) Regulation S-P was created to bring businesses regulated by the SEC into compliance the GLB Act. This act applies to broker-dealers, funds, registered advisors, those who deal with variable annuity or variable life insurance, and any other entities dealing in Securities.

Sarbanes Oxley Act

The Sarbanes Oxley Act (2002) was passed to implement changes in federal securities regulation, corporate governance, and the regulation or auditors. It expanded federal white-collar laws criminalizing the destruction of certain corporate communications and documents.

Economic Espionage Act

Economic Espionage Act makes the theft or misappropriation of trade secrets a criminal offense, and is the first federal law that purports to both broadly define and severely punish such misappropriation and theft.

Rules Regarding Data Security for Government Agencies

Federal Privacy Act

The 1974 Federal Privacy Act was established to insure that government agencies protect the privacy of individuals and businesses with regard to information held by them and to hold these agencies liable if any information is released without authorization.

Privacy Regulations for the Education System


The Family Educational Rights and Privacy Act (FERPA) is a federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education. FERPA gives parents certain rights with respect to their children’s education records. These rights transfer to the student when he or she reaches the age of 18 or attends a school beyond the high school level.