Federal Laws

Government regulations and legislation have enacted laws that require documents containing sensitive customer information be completely destroyed rather than merely disposed of. Strongbox Document Destruction makes it very simple and affordable to comply with these laws by providing you with confidential paper shredding services.

Below is a list of current legislation that outlines the laws regarding proper disposal of certain documents.

HIPAA Compliant

Health Insurance Portability and Accountability Act (HIPAA)

The HIPAA Privacy Rule requires that covered entities apply appropriate administrative, technical, and physical safeguards to protect the privacy of protected health information (PHI), in any form. This means that covered entities must implement reasonable safeguards to limit incidental, and avoid prohibited, uses and disclosures of PHI, including in connection with the disposal of such information. In addition, the HIPAA Security Rule requires that covered entities implement policies and procedures to address the final disposition of electronic PHI and/or the hardware or electronic media on which it is stored, as well as to implement procedures for removal of electronic PHI from electronic media before the media are made available for re-use. Failing to implement reasonable safeguards to protect PHI in connection with disposal could result in impermissible disclosures of PHI

Strongbox Document Destruction provides HIPAA compliant destruction of medical records, patient documents, etc.  It is recommended that all sensitive information be shredded using an On-Site paper shredding company.

For more information on HIPAA, Click the link below

GLBA Compliant

Gramm-Leach-Bliley Act (GLBA)

The FTC says that financial institutions that are subject to both the Disposal Rule and the Gramm-Leach-Bliley (GLB) Safeguards Rule should incorporate practices dealing with the proper disposal of consumer information into the information security program that the Safeguards Rule requires

Protecting the privacy of consumer information held by “financial institutions” is at the heart of the financial privacy provisions of the Gramm-Leach-Bliley Financial Modernization Act of 1999. The GLB Act requires companies to give consumers privacy notices that explain the institutions’ information-sharing practices. In turn, consumers have the right to limit some – but not all – sharing of their information.

The GLB Act applies to “financial institutions” – companies that offer financial products or services to individuals, like loans, financial or investment advice, or insurance. The Federal Trade Commission has authority to enforce the law with respect to “financial institutions” that are not covered by the federal banking agencies, the Securities and Exchange Commission, the Commodity Futures Trading Commission, and state insurance authorities. Among the institutions that fall under FTC jurisdiction for purposes of the GLB Act are non-bank mortgage lenders, loan brokers, some financial or investment advisers, tax preparers, providers of real estate settlement services, and debt collectors. At the same time, the FTC’s regulation applies only to companies that are “significantly engaged” in such financial activities.

Strongbox Document Destruction provides GLBA compliant destruction of medical records, patient documents, etc.  It is recommended that all sensitive information be shredded using an On-Site paper shredding company.

Click the link below for more information on The Gramm-Leach-Bliley Act.

FACTA Compliant

The Fair and Accurate Credit Transaction Act (FACTA)

In an effort to protect the privacy of consumer information and reduce the risk of fraud and identity theft, a new federal rule is requiring businesses to take appropriate measures to dispose of sensitive information derived from consumer reports.

Any business or individual who uses a consumer report for a business purpose is subject to the requirements of the Disposal Rule. The Rule requires the proper disposal of information in consumer reports and records to protect against “unauthorized access to or use of the information.” The Federal Trade Commission, the nation’s consumer protection agency, enforces the Disposal Rule. According to the FTC, the standard for the proper disposal of information derived from a consumer report is flexible, and allows the organizations and individuals covered by the Rule to determine what measures are reasonable based on the sensitivity of the information, the costs and benefits of different disposal methods, and changes in technology.

Although the Disposal Rule applies to consumer reports and the information derived from consumer reports, the FTC encourages those who dispose of any records containing a consumer’s personal or financial information to take similar protective measures.

Strongbox Document Destruction provides FACTA compliant destruction of medical records, patient documents, etc.  It is recommended that all sensitive information be shredded using an On-Site paper shredding company.

Click the link below for more information on The Fair and Accurate Credit Transaction Act