Health insurance portability and Accountability Act (HIPAA) 1996
All health care organizations must have documented policies...more...

Gramm-Leach-Bliley 1999 (GLB)
Requires financial institutions to provide privacy notices...more...

SARBANES-OXLEY Act 2002
Was enacted after prominent corporate scandals WorldCom, Enron...more...

FACTA Disposal Rule (Fair and Accurate Credit Transactions act) 2005
This is a federal law designed to minimize the risk of identity theft...more...

For Companies:

• 1. Every Business Has Information That Requires Destruction.
  Without the proper safeguards, information (customers lists, price lists, sales statistics, drafts of bids and correspondence, memos) ends up in the dumpster where it is readily, and legally, available to anybody. The trash is considered by business espionage professionals as the single most available source of competitive and private information from the average business. Any establishment that discards private and proprietary data without the benefit of destruction, exposes itself to the risk of criminal and civil prosecution, as well as the costly loss of business.
• 2. Recycling Is Not An Adequate Alternative For Information Destruction
  There is no fiduciary responsibility inherent in the recycling scenario. Paper is given away or sold and, by doing so, a company gives up the right say in how it is handled. There is, also, no practical means of establishing the exact date that a record is destroyed. In the event of an audit or litigation, this could be a legal necessity. And, further, if something of a private nature does surface, the selection of this unsecured process could be interpreted as negligent. For all these reasons, the choice of recycling as a means of information destruction is undesirable from a risk management perspective.
• 3. A Certificate Of Destruction Does Not Relieve A Company From Its Obligation To Keep Information Confidential
  Since a business cannot transfer its responsibility to maintain confidentiality, it must be certain that it is dealing with a reputable company with superior security procedures. Unfortunately, there are those information destruction services that provide certificates of destruction while having no semblance of security and, in some cases, no destruction process available to them. Anyone interested in contracting a data destruction service is advised to thoroughly review their policies and procedures, conduct an initial site audit and conduct subsequent unannounced audits. On-site document destruction is also an option in most cities.

For Individuals:

Identity theft is one of the fastest growing crimes in the World. Approximately, 11.8 million Americans (one in twenty adults) have been victimized by identity theft as of April 2003, according to research by Star Systems. Credit card numbers, driver’s license numbers, social security numbers, date of birth, and other personal identification can net criminals thousands of dollars in a very short period of time.

• 1. Before disposal, shred paycheck stubs and W-2 forms that contain your social security number and often your name and address. This is a common way for dumpster divers to obtain important identification
• 2. Shred your bank statements and any tax documents when you dispose of them
• 3. Safeguard your credit, debit, and ATM card receipts and shred them before disposing of them
• 4. Destroy all checks immediately when you close a checking account. Destroy or keep in a secure place, any courtesy checks that your bank or credit card company may mail to you
• 5. Destroy all unused pre-approved credit card and loan applications. The mailbox thief only has to fill them out and redirect the return address to start using your credit

Facts provided by: Crime Doctor, NAID