HIPAA - Health Insurance Portability and Accountability Act-
The Health Insurance Portability and Accountability Act (HIPAA) was enacted by the U.S. Congress in 1996. According to the Centers for Medicare and Medicaid Services (CMS) website, Title I of HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs. Title II of HIPAA, known as the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers.
The Administration Simplification provisions also address the security and privacy of health data. The standards are meant to improve the efficiency and effectiveness of the nation's health care system by encouraging the widespread use of electronic data interchange in the US health care system. HIPAA does not just apply to medical professionals, any company that takes medical information on their employees must comply with HIPAA. This information includes applications for medical insurance, workers compensation and doctors excuses for absences. Many companies are not aware of the scope of HIPAA's coverage and thus leave themselves unprotected.
FACTA - Fair and Accurate Credit Transaction Act
The Fair and Accurate Credit Transactions Act of 2003 (FACT Act or FACTA, Pub.L. 108-159) is a United States federal law, passed by the United States Congress on December 4, 2003, as an amendment to the Fair Credit Reporting Act. The act allows consumers to request and obtain a free credit report once every twelve months from each of the three nationwide consumer credit reporting companies (Equifax, Experian and TransUnion). In cooperation with the Federal Trade Commission, the three major credit reporting agencies set up the website, annualcreditreport.com, to provide free access to annual credit reports. The act also contains provisions to help reduce identity theft, such as the ability for individuals to place alerts on their credit histories if identity theft is suspected, or if deploying overseas in the military, thereby making fraudulent applications for credit more difficult. Further, it requires secure disposal of consumer information.
Red Flag Rules
Financial institutions face a mandatory deadline of November 1, 2008 to comply 3 new FACT Act regulations referred to as the Red Flag rules [2], section 114 and 315 of the Fair and Accurate Credit Transactions (FACT) Act.
There are three new regulations.
One that requires financial institutions or creditors to develop and implement an Identity Theft Prevention Program in connection with both new and existing accounts. The Program must include reasonable policies and procedures for detecting, preventing, and mitigating identity theft;
Another that requires users of consumer reports to respond to Notices of Address Discrepancies that they receive; and
A third that places special requirements on issuers of debit or credit cards to assess the validity of a change of address if they receive notification of a change of address for a consumer’s debit or credit card account and, within a short period of time afterward they receive a request for an additional or replacement card for the same account.
Another key item was the requirement that mortgage lenders provide consumers with a Credit Disclosure Notice that included their credit scores, range of scores, credit bureaus, scoring models, and factors affecting their scores. This form is typically available from credit reporting agencies, and many will send this directly to the consumer on the lenders' behalf. In addition to financial institutions, FACTA covers any business entity that takes credit information from their customers.
The Gramm-Leach-Bliley Act - also known as the Gramm-Leach-Bliley Financial Services Modernization Act, Pub. L. No. 106-102, 113 Stat. 1338 (November 12, 1999), is an Act of the United States Congress which repealed the Glass-Steagall Act, opening up competition among banks, securities companies and insurance companies. The Glass-Steagall Act prohibited a bank from offering investment, commercial banking, and insurance services.
The Gramm-Leach-Bliley Act (GLBA) allowed commercial and investment banks to consolidate. The law was passed to legalize these mergers on a permanent basis. Historically, the combined industry has been known as the financial services industry.
Subtitle A: Disclosure of Nonpublic Personal Information, codified at 15 U.S.C. § 6801–6809)
The Safeguards Rule requires financial institutions to develop a written information security plan that describes how the company is prepared for, and plans to continue to protect clients’ nonpublic personal information. (The Safeguards Rule also applies to information of those no longer consumers of the financial institution.) This plan must include:
Denoting at least one employee to manage the safeguards,
Constructing a thorough [risk management] on each department handling the nonpublic information,
Develop, monitor, and test a program to secure the information, and
Change the safeguards as needed with the changes in how information is collected, stored, and used.
This rule is intended to do what most businesses should already be doing: protect their clients. The Safeguards Rule forces financial institutions to take a closer look at how they manage private data and to do a risk analysis on their current processes. No process is perfect, so this has meant that every financial institution has had to make some effort to comply with the GLBA.
Trade Secret Protection- Companies spend thousands or even millions to develop new ideas ,obtain new customers and keep existing customers. After accomplishing this they do not take the steps necessary to protected that information. A company's proprietary information is critical to survival. Information discarded in a dumpster has been ruled by the United States Supreme Court to become public information once it is discarded. A compliance, protection and retention plan will help you eliminate this possibility.
