PRIVACY LAWS
FEDERAL
​FERPA - The Family Educational Rights and Privacy Act:
​
FERPA is a Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education. FERPA gives parents certain rights with respect to their children’s education records. These rights transfer to the student when he or she reaches the age of 18 or attends a school beyond the high school level. Students to whom the rights have transferred are “eligible students.”
​​
GLBA - Gramm-Leach-Bliley Act (1999) Financial Services Modernization Act:
​
This Federal legislation went into effect in 2000, the privacy provisions in the law require that financial institutions and insurance companies give consumers prior notice of an intention to share personal information and a chance to opt out of the sharing of such information. The law states that these institutions and companies need to “respect the privacy of its customers and to protect the security and confidentiality of those customers’ non-public information.” The language suggested in the Safeguard Rule that paper documents containing such personal information should also be protected and safely destroyed.
​
Federal Privacy Act of 1974:
​
This law was established in 1974 to insure that government agencies protect the privacy of individuals and businesses with regard to information held by them and to hold these agencies liable for any information released without proper authorization.
FACTA - Fair and Accurate Credit Transaction Act:
​
In general, this Act amends the Fair Credit Reporting Act (FCRA) of 1970 to enhance the accuracy and further protect consumer reports against identity theft. FACTA also establishes uniform national standards in key areas of regulation regarding handling and disposal of consumer information in the possession of all companies and organizations. Reasonable measures must be taking by any person who maintains or otherwise possesses consumer information for a business purpose through burning, pulverizing, or shredding of papers containing consumer information.
​
HIPAA - Health Insurance Portability and Accountability Act:
HIPAA was enacted in 1996 and the mandatory compliance date is April 14, 2003. All hospitals, doctors, pharmacies, health plans, medical billing companies and any other business entity involved in the healthcare industry must comply. The rules apply to all protected health information. The Standard for Privacy of Identifiable Health Information requires that covered entities put in place administrative, technical and physical safeguards to protect the privacy of protected health information. One example given of a safeguard for the proper disposal of paper documents containing protected health information is that the documents be shredded prior to disposal.
​​
STATE
Disposal of Materials Containing Personal Information:
​
(815 ILCS 530/40) Sec. 40. Disposal of materials containing personal information; Attorney General.
(a) In this Section, "person" means: a natural person; a corporation, partnership, association, or other legal entity; a unit of local government or any agency, department, division, bureau, board, commission, or committee thereof; or the State of Illinois or any constitutional officer, agency, department, division, bureau, board, commission, or committee thereof.
(b) A person must dispose of the materials containing personal information in a manner that renders the personal information unreadable, unusable, and undecipherable. Proper disposal methods include, but are not limited to, the following:
(1) Paper documents containing personal information may be either redacted, burned, pulverized, or shredded so that personal information cannot practicably be read or reconstructed.​