United States

Federal

Economic Espionage Act (EEA)
The Economic Espionage Act of 1996 (EEA) made it a criminal offence to steal trade secrets, defined as "all forms and types of financial, business, scientific, technical, economic or engineering information" that the owner has taken reasonable measures to keep secret and that is not known to the public. The legislation applies to information in any form.

Fair and Accurate Credit Transactions Act (FACTA)
The Fair and Accurate Credit Transactions Act, 2003 (FACTA) was enacted in December 2003 with more specific document destruction rules coming into effect on June 1, 2005. FACTA amended the existing Fair Credit Reporting Act providing consumers, companies, consumer reporting agencies and regulators with new tools to expand consumer access to credit, enhance the accuracy of consumer financial information, and help fight identity theft. FACTA is administered by the Federal Trade Commission (FTC).

Gramm-Leach-Bliley Act (GLB Act)
The Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act (GLB Act), protects the privacy of consumer information held by financial institutions and requires companies to give consumers privacy notices that explain the institutions information-sharing practices. The Act also provides consumers with the right to limit some sharing of their information.

Identity Theft Penalty Enhancement Act
The Identity Theft Penalty Enhancement Act of 2004. The law established a new federal crime, aggravated identity theft, outlined under "offenses" in the Act: Offenses - (1) In general - Whoever, during and in relation to any felony violation enumerated in subsection (c), knowingly transfers, possesses, or uses, without lawful authority, a means of identification of another person shall, in addition to the punishment provided for such felony, be sentenced to a term of imprisonment of 2 years. (2) Terrorism offense - Whoever, during and in relation to any felony violation enumerated in section 2332b(g)(5)(B), knowingly transfers, possesses, or uses, without lawful authority, a means of identification of another person or a false identification document shall, in addition to the punishment provided for such felony, be sentenced to a term of imprisonment of 5 years.

Sarbanes-Oxley Act (SOX)
Enacted following a series of high-profile accounting scandals in the United States, most notably Enron and Worldcom, the Sarbanes-Oxley Act of 2002 (SOX) is intended to enhance corporate responsibility and financial reporting as well as combat corporate and accounting fraud. It is one of the most complex pieces of legislation passed in the United States in recent years and includes some of the most far reaching reforms of American business practices since the 1930's.

US Safe Harbor Program
The European Union's Directive on Data Protection prohibits the transfer of personal data to US companies which do not meet the Commission's standards for privacy protection.

USA Patriot Act
The Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act (USA Patriot Act) was enacted in October 2001 in an effort to "deter and punish terrorist acts in the United States and around the world, to enhance law enforcement investigator tools and for other purposes."

State

California Senate Bill 1386
California was the first U.S. state to have an agency, the Office of Privacy Protection, dedicated to promoting and protecting the privacy rights of consumers. The State has a number of laws related to privacy and identity theft including Senate Bill 1386 (SB 1386). Since July 2003, businesses and individuals that maintain computerized data that includes specified personal information must disclose any breach of the security of that data. The legislation is designed to give companies the incentive to take proactive steps to ensure that their customers do not become victims of identity theft.

Florida Unlawful Use of Personal Identification Information Act (HB 481)
The Florida Unlawful Use of Personal Identification Information Act (HB 481) requires businesses to notify individuals when a security breach results in their personal information being released to unauthorized parties if the breach has or will likely result in harm to the affected individuals. The Act specifies the notification steps businesses must follow in the event of a security breach.

Georgia Senate Bill 475
Georgia is one of the most aggressive states in the United States in fighting identity theft, introducing its first identity theft legislation in 1998 making identity theft a felony. The 1998 law was updated in 2002 by Senate Bill 475to recognize that people whose identities are stolen are victims even if they do not suffer financial loss. Also, the law requires companies to securely dispose of all consumer identity information.

Illinois Personal Information Protection Act (HB 1633)
The Illinois Personal Information Protection Act (HB 1633) requires businesses to notify individuals when a security breach results in their personal information being released to unauthorized parties. The Act specifies the notification steps businesses must follow in the event of a security breach.

Louisiana Database Security Breach Notification Law (SB 205)
The Louisiana Database Security Breach Notification Law (SB 205) requires businesses to notify Louisiana residents when a security breach results in their unencrypted personal information being released to unauthorized parties and there is reasonable likelihood of harm to customers. The Act specifies the notification steps businesses must follow in the event of a security breach.

Maine Notice of Risk to Personal Data Act (LD 1671)
The Maine Notice of Risk to Personal Data Act (LD 1671) requires information brokers to notify individuals when a security breach results in their personal information being released to unauthorized parties. The Act specifies the notification steps information brokers must follow in the event of a security breach.

Minnesota Security Breach Disclosure Act (H.F. No. 2121)
The Minnesota Bill H.F. No. 2121 requires businesses to notify individuals when a security a breach causes their personal information to be released to unauthorized parties. The Bill specifies the notification steps businesses must follow in the event of a security breach.

Montana Law regarding Identity Theft and Security Breaches (HB 732)
Montana's Identity Theft Act (HB 732) requires businesses to notify individuals when a security breach results in their personal information being released to unauthorized parties if that breach causes or is reasonably believed to cause loss or injury to a Montana resident. The Act specifies the notification steps that businesses must follow in the event of a security breach. Additionally, the Act specifies that Montana businesses must take reasonable steps to destroy customer records that are no longer needed, if they contain personal information by "shredding, erasing, or otherwise modifying the personal information".

Nevada Senate Bill 347
Nevada Senate Bill 347 requires businesses to notify individuals when a security breach results in their personal information being released to unauthorized parties.The Bill specifies the notification steps businesses must follow in the event of a security breach.

New Jersey Identity Theft Prevention Act (ITPA)
New Jersey's Identity Theft Prevention Act (ITPA) protects individuals from identity theft in various ways, including: - requiring consumer credit reporting agencies to place security freezes on consumer reports upon request - requiring businesses that collect digital records containing personal information to notify individuals whose personal data is compromised - limiting the use of social security numbers as general identifiers; and requiring businesses to destroy personal information that is no longer needed.

New York Information Security Breach and Notification Act (A04254)
The New York Information Security Breach and Notification Act (A04254) requires businesses to notify affected individuals when a security breach results in their private information being released to unauthorized parties. The Act specifies the notification steps businesses must follow in the event of a security breach.

North Carolina Identity Theft Protection Act (1048)
The North Carolina Identity Theft Protection Act, (Senate Bill 1048) guards against the misuse of North Carolina residents' personal information. The Act mandates the proper disposal of records containing sensitive information, limits the legal uses of social security numbers, and grants consumers the right to put a credit freeze in place to prevent identity thieves from obtaining false credit.

Pennsylvania Breach of Personal Information Notification Act (713)
Pennsylvania Senate Bill 713 the Breach of Personal Information Notification Act, requires businesses to notify individuals when a security breach results in their personal information being released to unauthorized parties and the security breach causes or will cause loss or injury to a Pennsylvania resident. The Act specifies the notification steps businesses must follow in the event of a security breach.

Rhode Island Identity Theft Protection Act of 2005
The Rhode Island Identity Theft Protection Act of 2005 (H6191 Substitute A) requires businesses to notify individuals when a security breach results in their personal information being released to unauthorized parties, unless an appropriate investigation determines that the breach has not and will not likely result in a significant risk of identify theft. The Act specifies the notification steps businesses must follow in the event of a security breach.

Texas Information Disposal Act, House Bill 698
The Texas Information Disposal Act, House Bill 698 (HB 698), amends the Texas Business and Commerce Code adding document retention and disposal requirements. Specifically, it requires that business records containing personal identifying information be shredded, erased or destroyed by other means prior to disposal.

Canada

Federal

Personal Information Protection and Electronic Documents Act (PIPEDA)
The Personal Information Protection and Electronic Documents Act (PIPEDA) protects personal information in the hands of private sector organizations and provides guidelines for the collection, use and disclosure of that information in the course of commercial activity. The Act is overseen by the Privacy Commissioner of Canada.

Provincial

Alberta Personal Information Protection Act (PIPA)
The Personal Information Protection Act (PIPA) protects personal information in the hands of private sector organizations and provides guidelines for the collection, use and disclosure of that information. The Act is overseen by the Alberta Information and Privacy Commissioner.

B.C. Personal Information Protection Act (PIPA)
The Personal Information Protection Act (PIPA) protects personal information in the hands of private sector organizations and provides guidelines for the collection, use and disclosure of that information. The Act is overseen by the B.C. Information and Privacy Commissioner.

Ontario Personal Health Information Protection Act (PHIPA)
The Personal Health Information Protection Act, 2004 (PHIPA) came into effect in Ontario, Canada on November 1, 2004. PHIPA creates rules for the collection, use and sharing of personal health information. PHIPA also gives patients rights related to acess to their health records and how their health information is used.

Quebecs An Act Respecting the Protection of Personal Information in the Private Sector (the Act)
An Act Respecting the Protection of Personal Information in the Private Sector (the Act) protects personal information in the hands of private sector organizations and provides guidelines for the collection, use and disclosure of that information. The Act is overseen by the Commission d’accès à l’information du Québec.

Financial Institutions Leading The Way In Information Security Practices
Document destruction as a critical component of information security

Identity Theft Fact Sheet
Identity theft is the fastest growing form of consumer fraud in the United States. The consequences for the business are enormous both in terms of direct costs and potential damage to corporate reputation.

Shred-it Environmental Fact Sheet
We have been reducing waste and helping the environment since the company began in 1988. Our commitment to the environment began at a time when being eco-conscious was not the "in" thing to do; it was the right thing to do. Shred-it document destruction shreds and recycles more than 520 thousand tons of paper each year worldwide.

Strictly Confidential – Responsible On-site Data Destruction
Friday, April 10, 2009

Kevin Watson, Quality, Health & Safety Manager, EastLancashire Hospitals Trust, explains how a contract with data destruction company, Shred-it, has given the participating departments peace of mind that their confidential waste is being disposed of responsibly.

Shred-it Forward
Friday, April 10, 2009

Whether it’s done in-house or outsourced, when it comes to forming a thorough shredding policy some companies may find they haven’t gone far enough to make sure the documents they want destroyed are securely disposed of in an efficient manner.

Safety Drops Off Fleet Managers Radar
Friday, April 10, 2009

Pressure to reduce costs is overtaking safety and green issues on the fleet managers’ agenda, according to new research. Fuel prices are now top of the list, with the poor economic outlook and falling business levels coming in a close second and third.

Risk Management - The Experts View
Friday, April 10, 2009

Why should risk management and business continuity remain a priority issue in today’s global economy, while companies are having to deal with recession?