Our mission is to maximize the independence &
personal fulfillment of individuals with developmental disabilities through community, business, & family partnerships. We provide this through vocational training
& employment opportunities.

It's the Law

It makes common sense to protect information about your business, your customers, your employees and your family. The federal government (and many state governments) has taken this concept several steps further by incorporating information protection and destruction into many of its laws. In addition, more and more laws containing references to information protection and destruction are on the horizon. Call Weaver-SecurShred and let them help you protect and destroy your confidential information.

There have been laws on the books for decades that have references to information security and identity protection. However, with the huge growth of identity theft and fraud, the government(s) has been much more specific with requirements for the securing and destroying of this information. Below are brief summaries of some of the laws referencing information and security.

Disclaimer

The information below contains brief summaries of laws referencing privacy and the protection of information. Please review the statutes and/or consult a legal professional for more information on how the specifics of these laws may apply to you or your business.

The Family Educational Rights and Privacy Act of 1974 (FERPA)

FERPA is a federal statute that ensures that parents have access to their children's educational records and protects the privacy rights of parents and children by limiting access to these records without parental consent.

FERPA deals with:

  • access to educational records
  • parental right to inspect and review records
  • amendment of records
  • destruction of records

Schools must have written permission from the parent or eligible student in order to release certain information from a student's education record. (FERPA does provide for release of information, without consent, to certain approved individuals or agencies.)

Additional information may be found here.

The Privacy Act of 1974

The Privacy Act protects certain federal government records pertaining to individuals. In particular, the Act covers systems of records that an agency maintains and retrieves by an individual's name or other personal identifier (e.g., social security number, phone numbers, etc.).

The Privacy Act prohibits unauthorized disclosures of the confidential records maintained by the federal government. It does not protect the privacy of your records that are not maintained by the federal government (e.g., credit report, bank account and medical records).

If their confidential records are disclosed to outside parties, even by accident, it could be grounds for a lawsuit.

Additional information may be found here.

The Economic Espionage Act of 1996 (EEA)

The EEA contains two separate provisions that criminalize the theft or misappropriation of trade secrets. The first is directed towards foreign economic espionage. It requires that the theft of the trade secret be done to benefit a foreign government, instrumentality, or agent. The second makes it illegal for the commercial theft of trade secrets, carried out for economic or commercial advantage.

Reflecting the more serious nature of foreign government-sponsored economic espionage, an individual convicted of violating the first provision can be imprisoned for up to 15 years and fined $500,000 or both. If a defendant is convicted for theft of trade secrets under the second provision he/she may be imprisoned for up to 10 years and fined $250,000 or both. Corporations and other entities can be fined up to $5 million.

Additional information may be found here.

The Gramm-Leach-Bliley Act (GLBA) of 1999

The GLBA of 1999 allowed the consolidation of commercial and investment banks. The key rule under the act that references confidential information is the Financial Privacy Rule. This rule requires financial institutions to provide each consumer with a privacy notice at the time the consumer relationship is established and annually thereafter. The privacy notice must explain the information collected about the consumer, where that information is shared, how that information is used and how that information is protected.

The GLBA applies to the following types of organizations:

  • Banks
  • Travel agencies connected with financial services
  • Securities Brokers
  • Retailers that issue heir own credit cards
  • Automobile Leasing Companies
  • Credit Unions
  • Real Estate Appraisers
  • Insurance Companies
  • Other entities involved in financial activities

GLBA Penalties

If your organization is found to be non-compliant to GLBA, it could be subjected to severe fines and class-action lawsuits.

  • Fines up to $100,000 for each violation
  • The officers and directors of the financial institution could be subject to, and personally liable for, a civil penalty of up to $10,000
  • Possible imprisonment for up to five years

Further information can be found here.

The Health Insurance Portability and Accountability Act of 1996 (HIPPA)

HIPAA was passed to protect the health insurance coverage for workers and their families when they change or lose their jobs. The law also ensures that healthcare organizations are responsible for the secure handling and storage of “protected health information”.

The HIPAA legislation has four objectives:

  • Assure health insurance portability when changing jobs
  • Reduce healthcare fraud and abuse
  • Guarantee security and privacy of health information
  • Enforce standards for health information

What information needs protected:

  • Patient Medical Records
  • Billing Records
  • Personal Health Information
  • Insurance Records
  • X-rays
  • Prescriptions

Penalties

HIPAA Non-compliance can have devastating consequences to non-conforming healthcare organizations. HIPAA applies criminal penalties to ANYONE violating the law – not just the company. Employees, business associates and others who handle “protected health information” are all potentially liable for mishandling confidential information. A non-conforming organization, or individual, can be subject to severe fines and penalties, litigation and negative publicity. Non-compliance can result in the following penalties:

  • Civil fines up to $25,000 / year
  • Criminal penalties up to $250,000 as well as, up to 10 years in prison

Additional information may be found here.

The Fair & Accurate Credit Transactions Act (FACTA)

FACTA was passed to help assure that all Americans, of every income level and background, are able to build good credit and confront the problem of identity theft. The law has two main provisions; 1) Ensure that lenders make decisions on loans based on full and fair credit histories and not on discriminatory stereotypes and 2) Improving the quality of credit information and protecting consumers against identity theft. It’s the latter provision that impacts confidential information and security and affects nearly every person and business in the United Sates.

Irresponsible handling of confidential and sensitive consumer data has long been cited as a contributing factor to identity theft. Confidential and sensitive data discarded by a business or institution provides a prime opportunity for a thief to access personal data. FACTA provides for protection of the information and goes further by stating that “every person and/or business must properly dispose of such information by taking “reasonable measures” (further defined by the FTC as “burning, pulverizing or shredding”) to protect against unauthorized access to or use of the information in connection with its disposal.” The act uses the words “any person” and this in affect requires virtually every person and business in the United States is responsible for abiding by this law.

What information needs protected:

  • Credit Reports
  • Bank Statements
  • Credit Applications
  • SS numbers
  • Credit Card Information
  • Birth records
  • Loan Applications
  • Insurance information
  • Employment Records

The law covers virtually everything that has personal information recorded on it.

Penalties

Violations of the FACTA provisions can result in severe penalties. Both the Federal and State government are authorized to bring enforcement actions against violators of FACTA.

  • Civil penalties with fines of $1,000 for each individual violation. (Imagine losing a hard rive with 5,000 clients information)
  • Federal action in district court of up to $2,500 for each individual violation
  • Recovery of actual damages by individuals harmed by the information breach
  • The costs to inform people of security breaches
  • The cost of protecting and repairing individuals whose information has been breached

Additional information may be found here.

The Sarbanes-Oxley Act (SOX)

SOX introduced highly significant legislative changes to financial practice and corporate governance regulation. The act followed a series of very high profile scandals and was intended to "deter and punish corporate and accounting fraud and corruption, ensure justice for wrongdoers, and protect the interests of workers and shareholders" (Quote: President Bush).

Although related to secure and confidential information, this law has more to do with what and when not to shred. Its intent is to force publicly held companies to promptly make available and maintain all meaningful business related information in order to protect the investing public. While Sarbanes-Oxley requires the development and maintenance of detailed corporate financial information, cleansing you files and computer systems of unnecessary information is an essential task.

If during the course of a lawsuit or trial, a request is made such as: "Give me all your data…” You have to give them all your data – both paper and electronic. The plaintiffs use these discovery processes to find out as much information as possible. However, if records are destroyed in the normal course of business (regularly scheduled service), it is very difficult to prove that anyone is trying to obstruct justice.

Properly documented (Certificates of Destruction) disposal of paper and electronic records is absolutely essential in today's litigious society.

Additional information may be found here.

High Quality Is Our Goal

Continuing our commitment to excellence, Weaver Industries' ProPak division is proud to have obtained ISO 9001:2008 certification!

The ISO 9001:2008 quality management standard establishes an effective quality management program for manufacturing companies and includes such important components as customer satisfaction and establishing processes for continuous improvement.