Privacy & Confidentiality

IPSA document destruction programs and the management/work process controls we use are designed to ensure the privacy and confidentiality of all information entrusted to our care for destruction. IPSA offers distinct security advantages to our customers that include the requirement for all IPSA members to become NAID certified - The highest level of security standards in the industry.

Government Mandates, Lawsuits, and Legal Action

IPSA offers customers the advantage of centralization of our member companies and services. These functions include more than just operations and billing. Our research and compliance staff members continuously monitor emerging legislation, regulations, and statutes at both the State and Federal level. This process ensures the timely dissemination of information and processes to our member companies and customers related to Government Mandates. Our monitoring programs represent value added services designed to reduce workloads and costs for our customers to monitor these important legislative issues independently.

1. Federal Law:

a) The Health Insurance Portability and Accountability Act (HIPAA) of 1996 regulates the healthcare industry in the United States and assures that healthcare organizations will be responsible for the secure electronic transmission, secure storage and disposal of patient information.

b) The Gramm-Leach-Bliley Act of 1999 (GLB) financial institutions that obtain nonpublic personal information through the normal course of their business must develop precautions to ensure the security and confidentiality of customer records and information, and to protect against unauthorized access to or use of such records. This includes secure storage, disposal, and sharing of confidential information.

i) Who must comply with the Gramm-Leach-Bliley Act:

(1) Banking and credit issuing
(2) Insurance
(3) Stocks, bonds, and investing
(4) Financial service providers

ii) Penalties for noncompliance:

(1) Up to $100,000 for each violation. Criminal penalties may include up to five years in prison.

c) The Economic Espionage Act (EEA) makes the theft or misappropriation of trade secrets a criminal offense. Taking papers from dumpsters outside offices is called "dumpster diving" and is a common tactic used by commercial information brokers as well as foreign intelligence services. It involves collecting and going through the trash left out for collection from residences and businesses. Stealing trash is not illegal. The Supreme Court ruled in 1988 that once an item is left for trash pickup, there is no expectation of privacy or continued ownership.

i) Who is affected by EEA:

(1) U. S. Citizens
(2) General businesses handling sensitive data in hardcopy

ii) Penalties for convicted individuals and organizations:

(1) Up to $500,000 or up to 15 years in prison. In some cases an organization can be fined up to $5,000,000.

iii) Penalties for the citizen or business priceless

d) FACTA

i) The Fair and Accurate Credit Transactions Act of 2003 also known as the FACT Act was signed into law on December 4, 2003. In general, the Act amends the Fair Credit Reporting Act (``FCRA''). The Act contains a number of provisions intended to combat consumer fraud and related crimes, including identity theft, and to assist its victims. Specifically the act requires the destruction of PAPERS CONTAINING CONSUMER INFORMATION. It is hard to imagine any business or organization that is not bound by this law.

ii) The proposed DISPOSAL RULE

(1) Sec. 682.3 Proper disposal of consumer information.

(a) Standard. Any person who maintains or otherwise possesses consumer information, or any compilation of consumer information, for a business purpose must properly dispose of such information by taking reasonable measures to protect against unauthorized access to or use of the information in connection with its disposal.

(b) Examples. Reasonable measures to protect against unauthorized access to or use of consumer information in connection with its disposal would include:

(i) Implementing and monitoring compliance with policies and procedures that require the burning, pulverizing, or shredding of papers containing consumer information so that the information cannot practicably be read or reconstructed.

2) State Law

a) California Senate Bill 1386 (SB 1386) requires businesses that maintain personal data on California residents to disclose security breaches that result in unauthorized access to unencrypted personal data. The law pertains to any organization, whether based in California or in other parts of the country. Personal information includes an individual's name along with their Social Security number, driver's license number, state identification number, or credit or debit card numbers with security codes.

i) Who must comply with SB 1386:

(1) Banking and credit issuing
(2) Insurance
(3) Stocks, bonds, and investing
(4) financial service providers
(5) Any business handling sensitive data

ii) Penalties for noncompliance:

(1) Up to $10,000 for each violation.

b) Georgia Senate Bill 475 (SB 475) establishes guidelines for proper discarding and disposal of certain business documents containing personal information. According to the law, a business may not discard a record containing personal information unless it:

* Shreds the customer’s record before discarding the record
* Erases the personal information contained in the customer’s record before discarding the record
* Modifies the customer’s record to make the personal information unreadable before discarding the record
* Takes actions that it will ensure that no unauthorized person will have access to the personal information.

i) Penalties

The fines range from $500 to $10,000

Reasonable Care & Compliance

IPSA provides “Reasonable Care” and compliance for nationwide document destruction programs as defined by all applicable State and Federal laws and regulations. This includes all of the requirements attributed to the following legislation:

• Gramm-Leach Bliley
• Sarbanes - Oxley
• FACTA – Fair and Accurate Credit Transactions Act
• HIPAA

Additionally, IPSA will be pleased to customize our program to conform to any additional corporate or agency guidelines and regulations for your document destruction operations.