Health Insurance Portability and Accountability Act of 1996
- This act provides standardized guidelines to protect identifiable health information.
- It requires covered entities to have reasonable administrative, technical, and physical safeguards in place to prevent unauthorized use or disclosure of protected health information. This covers electronic and physical health information.
- Reasonable safeguards include keeping records locked for storage and shredding for the destruction.
Gramm-Leach-Bliley Act
- Enacted as The Financial Modernization Act of 1999
- This act provides guidance to protect and to safeguard the privacy of non-public personal financial information.
- A financial service provider or financial institution is defined as “any institution the business of which is engaging in financial activities as described in section 4(k) of the Bank Holding Company Act of 1956”. [509(3)(A)] These include lenders, consumer reporting agencies, debt collectors, data processors, courier services, retailers issuing consumers credit cards, personal property or real estate appraisers, check-cashing businesses, mortgage brokers, and more.
- In regards to information security and management the act requires financial institutions to take reasonable measures in the security and confidentiality of customer information and protect against any threats to security and unauthorized access or use of.
Sarbanes-Oxley Act of 2002
- This act provides guidelines for corporations in reporting their financial reports to give investors an accurate view of the corporation. It holds corporate executives accountable and provides strict civil and criminal punishment for fraud.
- In regards to information management, it provides timetables for the destruction of paper work used in audits on corporations, also giving timetables for retention of records. It will require corporations to develop a comprehensive information management policy to support their financial reports.
Fair and Accurate Credit Transactions Act of 2003
- This act amends the Fair Credit Reporting Act to protect consumers against identity theft. It improves the reporting and dispersing of consumer credit information.
- The Disposal Rule requires the proper disposal of consumer information “by taking reasonable measures to protect against unauthorized access to or use of the information in connection with its disposal”. The Disposal Rule lists shredding as a suggested means of reasonable disposal.
