FACTA:

FAIR AND ACCURATE CREDIT TRANSACTIONS ACT:
The Fair and Accurate Credit Transactions Act (FACTA) is a broad-sweeping consumer rights bill: A ruling (issued in November 2004) from FACTA addressed the disposal of consumer information, such as name, address, SSN and credit information.

A new rule of Fair and Accurate Credit Transactions Act (FACTA) went into effect on June 1, 2005. This provision addresses the proper storage and disposal of certain consumer information. FTC issued this rule as part of its jurisdiction under the Fair and Accurate Credit Transactions Act (FACTA).

The FTC’s latest FACTA rule requires any person who maintains or otherwise possesses consumer information for a business purpose, to properly dispose of such information or compilation. FACTA requires disposal to be done properly by burning, pulverizing or shredding.

FACTA and the new rule are suppose to cut down on the incidences of identity theft, as well as other methods, restricting the ability of thieves to go “dumpster diving” for valuable consumer information contained in discarded business records.

FACTA Violations:
Noncompliance can result in severe fines as well as class-action lawsuits. The following are the results of noncompliance:

1. State fines up to $1,000 for each violation
2. Civil liability for actual damages sustained if identity is stolen as a result of corporate inaction or statutory damages up to $1,000 per employee
3. Federal fines up to $2,000 for each violation
4. Class-action lawsuits if a large number of employees are affected. They may be able to bring class-action suits and get punitive damages from employers

HIPAA:

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT:
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 ensures that healthcare organizations in the United States will be responsible for the secure electronic transmission of patient information and the secure storage and disposal of that information

Four primary HIPAA legislation objectives:

1. Ensure health insurance portability by eliminating job lock due to pre-existing medical conditions
2. Reduce healthcare fraud and abuse
3. Enforce standards for health information
4. Guarantee security and privacy of health information

HIPAA Penalties:
HIPAA noncompliance can have devastating consequences. It subjects you not only to severe fines and penalties, but also to litigation and negative publicity. Noncompliance can result in the following

1. Civil fines of up to $25,000 a year
2. Criminal penalties reaching $250,000 and up to 10 years in prison

Examples of items to shred due to HIPAA:

1. Patient medical records
2. Billing records
3. Prescriptions
4. Insurance records
5. X-rays
6. Computer disks
7. Sign-in / Registration forms
8. Hard Drives

GLB:

GRAMM-LEACH BLILEY Act:
The Gramm-Leach Bliley Act (GLB Act), also known as the Financial Modernization Act of 1999, is a federal law enacted in the United States to control the ways that financial institutions deal with the private information of individuals.

The Act consists of three sections: The Financial Privacy Rule, which regulates the collection and disclosure of private financial information; The Safeguards Rule, which stipulates that financial institutions must implement security programs to protect such information; and the pretexting provisions, which prohibit the practice of pretexting (accessing private information using false pretenses).

The Act also requires financial institutions to give customers written privacy notices that explain their information-sharing practices.

Banking and financial institutions across the United States show how Gramm-Leach Bliley (GLB) will protect the confidentiality and security of consumer information.

GLB Violations:
Noncompliance can result in severe fines as well as class-action lawsuits. The following are the results of noncompliance:

1. Up to five years of imprisonment
2. Institutions can be subjected to civil penalties of up to $1000,000 for each violation
3. Financial institution’s officers and directors can be subjected to and personally liable for a civil penalty of up to $10,000

EEA:

The Economic Espionage Act:
The Economic Espionage Act (EEA) is a powerful law that helps with the enforcement of properly handling information. This is the first federal law that defines and severely punishes misappropriation and theft of trade secrets.

According to this Act, the government will only protect companies who take “reasonable measures” to safeguard their information

EEA Violations:
Under Section 1832, defendants convicted for theft of Trade Secrets (that makes the commercial theft of trade secrets a criminal act regardless of who benefits) can be imprisoned for up to 10 years and fined $500,000.
Corporations and other establishments can be fined up to $5 million

SUPERFUND:

Superfund is the federal government’s environmental program established to clean up and protect the nation’s uncontrolled or abandoned hazardous waste sites. Superfund is also the name of the fund established by the Comprehensive Environmental Response, Compensation and Liability Act of 1980 (CERCLA). In the 1970s this law was enacted in the wake of the discovery of toxic waste dumps. It allows the EPA to clean up certain sites and to compel responsible parties to perform cleanups or reimburse the government for EPA-lead cleanups

SOX:

The Sarbanes-Oxley Act:
The (SOX) act sponsored by US Senator Paul Sarbanes and US Representative Michael Oxley, represented a major change to federal securities laws.

SOX continues to challenge and befuddle IT shops and risk/compliance management organizations. The scope of SOX has initially been interpreted more broadly than intended by the Securities and Exchange Commission (SEC) as a result of a lack of clarity on the role of IT in meeting the regulation

IT has now come to a greater focus and understanding of the specific requirements of SOX, but also needs to consider ways in which SOX compliance can be combined with similar governance policies and compliance obligations.

top