Recent Law Updates
There are several federal, state, and local laws have been enacted
to mandate businesses implement safeguards to ensure proper disposal
of discarded sensitive information. The new regulations have been
established to protect the privacy of patients, businesses, and
consumers.
Health Insurance Portability & Accountability
Act (HIPAA)
HIPAA was enacted in 1996 and the mandatory compliance date is
April 14, 2003. All hospitals, doctors, pharmacies, health plans,
medical billing companies and any other business entity involved
in the healthcare industry must comply. The rules apply to all
protected health information. The Standard for Privacy of Identifiable
Health Information requires that covered entities put in place
administrative, technical and physical safeguards to protect the
privacy of protected health information. One example given of
a safeguard for the proper disposal of paper documents containing
protected health information is that the documents be shredded
prior to disposal.
Gramm-Leach-Bliley Act (1999) Financial
Services Modernization Act
This Federal legislation went into effect in 2000, the privacy
provisions in the law require that financial institutions and
insurance companies give consumers prior notice of an intention
to share personal information and a chance to opt out of the sharing
of such information. The law states that these institutions and
companies need to "respect the privacy of its customers and
to protect the security and confidentiality of those customers'
non-public information." The language suggested in the Safeguard
Rule that paper documents containing such personal information
should also be protected and safely destroyed.
This Safeguards Rule requires all financial institutions to design,
implement and maintain safeguards to protect customer information.
The Safeguards Rule applies not only to financial institutions
that collect information from their own customers, but also to
financial institutions – such as credit reporting agencies
– that receive customer information from other financial
institutions.
The Fair and Accurate Credit Transaction
Act (FACTA)
In general, the Act amends the Fair Credit Reporting Act (“FCRA”)
to enhance the accuracy of consumer reports and to allow consumers
to exercise greater control regarding the type and amount of marketing
solicitations they receive. FACT Act also establishes uniform
national standards in key areas of regulation regarding handling
and disposal of consumer information in the possession of all
companies and organizations.
DISPOSAL OF CONSUMER REPORT INFORMATION
AND RECORDS
In short, any person or entity who maintains or otherwise possesses
consumer information, or any compilation of consumer information,
for a business purpose must properly dispose of such information
by taking reasonable measures to protect against unauthorized
access to or use of the information in connection with its disposal.
Reasonable measures to protect against unauthorized access to
or use of consumer information in connection with its disposal
would include: Implementing and monitoring compliance with policies
and procedures that require the burning, pulverizing, or shredding
of papers containing consumer information so that the information
cannot be read or reconstructed. Implementing and monitoring compliance
with policies and procedures that require the destruction or erasure
of electronic media containing consumer information so that the
information cannot be read or reconstructed.
District of Columbia Solid Waste Management
and Multi-material Recycling Act of 1988
In an effort to address the District’s diminishing
landfill capacity and its need for a comprehensive solid waste
management strategy, the Council of the District of Columbia enacted
the “DC Solid Waste Management and Multi-Material recycling
Act of 1988.” This law took effect March 16, 1989 and represents
the blueprint for developing an effective program of recycling
throughout the District. Any premises not authorized to receive
municipal trash and recycling collection services is considered
a business or commercial establishment. Under DC law all businesses
located in the District of Columbia must submit a recycling plan
to the DPW Office of Recycling and implement an on-going recycling
program. A commercial recycling program includes separation of
recyclables from other solid waste, ensuring an adequate number
of containers for separated recyclables and hiring a licensed,
registered recycling hauler to regularly pick up recyclables.
Recycling is required in all commercial establishments. These
include office buildings, churches, retailers, warehouses, apartment
buildings (with four or more units), service companies, cooperatives,
condominiums, bars and restaurants, as well as museums, associations,
non-profit organizations, schools and universities.
Federal Privacy Act of 1974
This law was established in 1974 to insure that government
agencies protect the privacy of individuals and businesses with
regard to information held by them and to hold these agencies
liable for any information released without proper authorization.
Economic Espionage Act of 1996 (EEA)
The Economic Espionage Act is a very powerful law which helps
with the enforcement of properly handling information. This law
is the first federal law that defines and severely punishes misappropriation
and theft of trade secrets. However, according to this Act, the
government will only protect companies who take "reasonable
measures" to safeguard their information.
Montgomery County Executive Order 109-92
Business recycling in Montgomery County, Maryland, became
law in March 1993 when the County Executive signed Executive Regulation
109-92. The regulation, developed by Montgomery County’s
Division of Solid Waste Services, is the result of several years
of research and planning, consultation with the business community
and public comment. This regulation was passed to increase recycling
participation and to stimulate the growth and development of regional
markets and facilities. The law will also help the County reach
its current goal of recycling 50% of its solid waste. There are
approximately 25,000 to 30,000 businesses operating in Montgomery
County which includes businesses, non-profit organizations, public
and private schools, Federal, State and Local government facilities
and home-based businesses. These businesses are responsible for
half of all the solid waste generated in the County.
This regulation stipulates
non-residential recycling and reporting requirements. All county
business will be required to complete a plan which demonstrates
their organizations compliance with Montgomery County recycling
requirements.
