By Steve Sturgeon Confidential Data Destruction Confidential Data Destruction Company helps businesses throughout the Santa Clarita Valley and Southern California maintain the security and confidentiality of their customers’ information. Our value is even greater for companies that are regulated by state and federal privacy laws. Below, CDDC provides an overview of some of the legal requirements that may apply to your company: The Health Insurance Portability and Accountability Act (HIPAA) The HIPAA of 1996 ensures healthcare organizations in the United States will be held responsible for the secure handling and storage of “protected health information.” The HIPAA legislation expects to: reduce health care fraud and abuse; guarantee security and privacy of health information; and enforce standards for health information. HIPAA non-compliance can have devastating consequences to non-conforming healthcare organizations. HIPAA applies criminal penalties to anyone violating the law, not just the company. Employees, business associates, and others who handle or deal with “protected health information” are potentially liable for mishandling confidential information. Litigation and public negativity are also consequences, along with severe fines and penalties. Non-compliance can result in civil fines up to $25,000 a year and criminal penalties up to $250,000, as well as up to 10 years in prison. The Fair and Accurate Credit Transactions Act (FACTA) FACTA requires the destruction of all consumer information before it is discarded. It states that any person who maintains or possesses consumer information for a business purpose must dispose of the information by taking reasonable measures to protect against unauthorized access to or use of the information in connection with its disposal. The main objective of this act is to protect against identity theft. Reasonable measures are described by the act as “burning, pulverizing, or shredding of paper containing consumer information.” Another alternative is for a company to enter into an agreement “with another party engaged in the business of record destruction to dispose of material, specifically identified as consumer information, in a manner consistent with this rule.” Violators can potentially face very severe financial penalties, as well as lawsuits. The Identity Theft and Assumption Deterrence Act of 1998 The Identity and Assumption Deterrence Act of 1998 looks at identity theft in two significant ways: The act strengthens the criminal laws governing identity theft by making it a federal crime to knowingly transfer or use, without lawful authority, a means of identification of another person with the intent to commit, or to aid or abet, any unlawful activity that constitutes a violation of federal law, or that constitutes a felony under any applicable state or local law. The act also provides a centralized complaint and consumer education service to the victims of identity theft. With this act making identity theft a federal crime, penalties can be up to 15 years of prison and a maximum fine of $250,000. It also allows for the identity theft victim to seek restitution if there is a conviction. Give us a call. We’ll be happy to help you create a comprehensive action plan based on the new tax laws so you can save the most tax dollars possible in 2018. Steve Sturgeon is the founder of Confidential Data Destruction, which has been keeping business data in the Santa Clarita Valley and beyond secure since 2007.