4 Privacy laws that you need to know about

Close-up of wooden gavel on laptop

Copyright: 123RF/Andriy Popov

As we mentioned in a previous article, the California v. Greenwood case in 1988 resulted in the Supreme Court decision which says that documents thrown away in the trash are no longer under your legal ownership. When it comes to document destruction and the security of your information, this case’s ruling isn’t the only law you need to remain compliant with. We’ve compiled a list of four laws that are particularly influential that you should know about (and laws we stay compliant with our shredding and destruction services).


HIPAA, or the Health Insurance Portability and Accountability Act, was established in 1996. HIPAA typically applies for the proper disclosure of PHI data when it comes to healthcare operations, treatment, etc. In our state, HIPAA operates in conjunction with the Minnesota Health Records Act (MHRA).

HIPAA takes the safeguarding of personal medical information very seriously. According to the American Medical Association, HIPAA violations can range from a minimum of $100 per violation up to $50,000 per violation.

The Gramm-Leach-Bliley Act of 1999 (GLBA):

This act offers protection against the selling of private financial information and requires that financial establishments explain to customers and consumers how they share their info. The cost of violating this act is a minimum penalty not to exceed $10,000 if the organizations officers are found personally liable. The institution can also be charged a penalty not to exceed $100,000.

Sarbanes-Oxley Act (2002):

In the financial sector, this law was created to ensure accurate reporting. A company’s CEO is required, through Sarbanes -Oxley or SOX, to personally verify that all accounting reports are accurate, credible and free from errors and manipulation and that they’ve reviewed the reports.

Ignoring SOX or misreporting your data can come with hefty fines or even imprisonment. In terms of cost, a report from Accounting Today found that “companies with between one and three locations spend an average of $657,383 per year on compliance, those with more than 12 locations are paying $1,561,000 annually”.

FACTA (2003):

As part of FACTA, or the Fair and Accurate Transactions Act, major credit reporting companies are required to provide consumers with an accurate, up-to-date credit report at no cost. Additionally, if a consumer suspects any sort of fraudulent activity in their files, they can attach alerts to any of files in question to flag suspicious behavior.

What’s the penalty for FACTA violations? Anywhere from $100 to $1,000 per infraction.

What’s the takeaway from all this? Not knowing about privacy laws means you’re at risk for penalties and infractions. At Shred Right, we can help you comply with these laws through our records management consulting programs, as well as our variety of shredding services. Contact us to help you stay compliant.