If you are a Texas business and collect personally identifying information, HB 698 applies to you.
Learn Which Laws Apply to You.
Texas Information Disposal Act (HB 698)
Does Texas Information Disposal Act (HB 698) Apply To You?
If you are a Texas business and collect personally identifying information, HB 698 applies to you. It doesn’t matter when you’ve collected the information, HB 698 applies to all records created before, on or after September 1, 2005.
698(3) (d) When a business disposes of a business record that contains personal identifying information of a customer of the business, the business shall modify, by shredding, erasing or other means, the personal identifying information to make it unreadable or undecipherable.
698(3) (e) A business is in compliance with Subsection (d) if the business contracts with a person engaged in the business of disposing of records for the modification of personal identifying information on behalf of the business in accordance with Subsection (d).
Does Texas Information Disposal Act (HB 698) Have Teeth?
A your business doesn’t dispose of documents accordingly, you are liable for a civil penalty of up to $500 for each record. Additionally, the Texas Attorney General can bring action against the business and:
698(3) (f). (1) recover the civil penalty; (2) obtain any other remedy, including injunctive relief; and (3) recover costs and reasonable attorneys’ fees incurred in bringing the action.
A business that modifies its documents in good faith is not liable for a civil penalty even if the record is reconstructed, in whole or in part, by extraordinary means.
Identity Theft Penalty Enhancement Act
H.R. 1731 was enacted in 2004 and established penalties for aggravated identity theft or identity theft in connection with the commission of a felony. Under the offenses established under the act, it states “Whoever, during and in relation to any felony violation enumerated in subsection (c), knowingly transfers, possesses, or uses, without lawful authority, a means of identification of another person shall, in addition to the punishment provided for such felony, by sentenced to a term of imprisonment of 2 years.”
As much as 70% of all identity theft cases involve people inside companies. As a business, if you’re irresponsible with your customers information, you can be responsible for the aftermath of a stolen identity.
- Fraudulent charges now average more than $90,000 per name used.
- Nearly 85% of all victims find out about their identity theft case in a negative manner.
- The average time spent by victims is about 600 hours.
- While victims are finding out about their cases earlier, it is taking far longer now than before to eliminate negative information from credit reports.
- A large majority of respondents indicates the opening of a credit card (73%) or takeover of a card account (27%) to be among crimes committed.
- The emotional impact of identity theft has been found to parallel that of victims of violent crime.
Texas House Bill 2278 – Business and Commerce code
Texas is one of 32 states in the US that require documents and all media to be protected and destroyed. Your business is required to implement and maintain reasonable procedures, including taking any appropriate corrective action, to protect from unlawful use or disclosure any sensitive personal information collected or maintained in the regular course of business.
The law also requires physical or electronic data to be securely stored and destroyed by shredding.
Items like: Social Security, Date of birth, unique biometric data, electronic identification numbers, telecommunication access, financial records, driver licenses, credit applications, payment records or information, patient information, etc…
Enforcement
The Attorney General may bring an action to recover civil penalties or to seek an injunction against persons who fail to take reasonable action to comply.
Penalties
Violations relating to sensitive personal information may result in a civil penalty of at least $2,000 but not more than $50,000 for each violation.
Improper disposal of a business record may be subject to a civil penalty up to $500 for each business record.
HIPAA
Health Insurance Portability And Accountability Act
HIPAA, a federal law enacted in 1996, requires health care organization to “maintain reasonable and appropriate, technical, and physical safeguards to prevent intentional or unintentional use or disclosure of protected health information.” The protected health information refers to all individually identifiable health information held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral.
Individually identifiable health information is information, including demographic data, that relates to:
- the individual’s past, present or future physical or mental health or condition
- the provision of health care to the individual
- the past, present, or future payment for the provision of health care to the individual
and that identifies the individual or for which there is a reasonable basis to believe it can be used to identify the individual.
FACTA
The Fair and Accurate Credit Transaction Act
FACTA was enacted in 2003 and amended in June 2005. FACTA provides consumers, companies, consumer reporting agencies and regulators with new tools to expand consumer access to credit, create a more accurate consumer financial information and help fight identity theft.
Does FACTA Apply To You?
FACTA’s Disposal Rule applies to any company or person that “maintains or otherwise possesses consumer information or any compilation of consumer information, derived from consumer reports for a business purpose.” It calls for the proper disposal of information in consumer reports and records to protect against “unauthorized access to or use of the information.” Among those who must comply with the Rule are:
- Consumer reporting companies
- Lenders
- Insurers
- Employers
- Landlords
- Government agencies
- Mortgage brokers
- Automobile dealers
- Attorneys or private investigators
- Debt collectors
- Individuals who obtain a credit report on prospective nannies, contractors, or tenants
- Entities that maintain information in consumer reports as part of their role as service providers to other organizations covered by the Rule.
GLB
Gramm-Leach-Bliley Act
The Gramm-Leach-Bliley Act, also known as The Financial Modernization Act of 1999, creates provisions to protect consumers’ personal financial information held by financial institutions. Paper documents containing personal information should be protected when in use and safely destroyed when no longer current and or unusable.
The Safeguards Rule requires all financial institutions to design, implement and maintain safeguards to protect customer information. The Safeguards Rule applies not only to financial institutions that collect information from their own customers, but also to financial institutions “such as credit reporting agencies” that receive customer information from other financial institutions.
Does GLB Apply To You?
The GLB Act applies to just about any business that’s involved in providing financial products or services to consumers. This includes check-cashing businesses, mortgage brokers, banks, insurance companies, real estate appraisers, tax preparation businesses and accountants, ATM operators, credit counselors, financial advisors, debt collectors and more.
Does GLB Have Teeth?
Failure to comply can result in an enforcement action by the FTC and can result in civil penalties of up to $11,000 per violation.
SOX
Sarbanes-Oxley Act
In 2002, SOX was enacted after the Enron and Worldcom financial scandals with the primary intent of increasing corporate responsibility and financial reporting while combating corporate and accounting fraud.
Does SOX Apply To You?
Sarbanes-Oxley Act applies to public companies based in the United States or traded on US stock exchanges. If SOX applies, you are required to have a record and information management policy. Companies should create formal written policies and procedures outlining the process and identifying the specific tasks and roles within the process, including procedures related to document destruction and how the company would stop document destruction if anticipating an investigation.
Check 21 Act
Check Clearing for the 21st Century
The Check 21 Act allows and encourages banks to provide a substitute cancelled checks instead of the original check. Effective October 2004, it allowed banks to make check processing fast and more efficient by handling more checks electronically. Traditionally, banks physically move original paper checks from the bank where the checks are deposited to the bank that pays them. This transportation can be inefficient and costly.
For Financial Institutions With Document Retention Policies
Regardless of how long you keep customers checks, we can ensure that all checks are completely destroyed as soon as your retention date has passed. Whether you needs a weekly, bi-weekly or monthly check purge, we can supply you secure containers to store your checks for purge and schedule regular service intervals to ensure proper destruction of all checks while removing your future liabilities.
FERPA
Family Educational Rights and Privacy Act of 1974
FERPA is a Federal law that protects the privacy of student education records. FERPA regulates access to and disclosure of student education records. It give students and parents the right to inspect and review the students’ education records maintained at the institution and request corrections to records believed to be inaccurate or misleading. Under 34 CFR §99.30 through §99.39, the educational institution must also keep a record of each disclosure of personally-identifiable information from student records.
Improper disposal of student records may constitute an unauthorized disclosure under FERPA – the educational institution does not have consent for such disclosure, and will not have a record that any disclosure was made.
The Economic Espionage Act of 1996
The Economic Espionage Act of 1996 (EEA) provides new legal tools to prosecute those who commit economic espionage by stealing trade secrets.
The term trade secret refers to all forms and types of financial, business, scientific, technical, economic or engineering information, including patterns, plans, compilations, program devices, formulas, designs, prototypes, methods, techniques, processes, procedures, programs, or codes, whether tangible or intangible and whether or how stored, compiled, or memorialized physically, electronically, graphically, photographically, or in writing.
SECURE
SUSTAINABLE
COMPLIANT
Make Sure You’re Compliant!
Outsourcing Your Shredding Is More Secure And Less Expensive Than Shredding It Yourself.
Testimonials
What they're saying
“We were thrilled with the service, ease and of course the pricing. We look forward to using your company for our next shredding job. Thank you for making this a painless process, before the competitors even responded to my request for a quote! :)”
AMYFirst Texas Homes
“I could not have asked for better service or a better shredding experience at a better price. Smarter Shredding will definitely be my first choice in the future when I require another purge shredding.”
JordanShippers Express
“I could not have asked for better service or a better shredding experience at a better price. Smarter Shredding will definitely be my first choice in the future when I require another purge shredding.”
JordanShippers Express
“From the time they entered our office on the 10th floor until they took the last of the shredding down to the truck was less than 2 hours and we had 104 boxes of documents!”
BeaHamilton & Squibb
“Science is fun. Science is curiosity. We all have natural curiosity. Science is a process of investigating. It's posing questions and coming up with a method. It's delving in.”
Sam Murray Lead Architect