Regulatory

As a business owner, you know there are thousands of state and federal laws every business should follow. However there are some more "sweeping" than others, that impact businesses large and small. Mandates covering issues such as workplace safety, citizens with disabilities, information privacy security and identity theft were passed over the past several decades and include:

• 1970's:   The  Occupational Safety and Health  Act - OSHA
• 1980's:   The Americans with Disabilities Act - ADA
• 1990's:   The Health Insurance Portability and Accountability Act - HIPAA
• 2000's:   FCRA, FACTA, GLB, Red Flags, HITECH

While many businesses are familiar with OSHA, ADA and likely HIPAA, results of a survey by zTelligence and Fellowes Inc., July 2005, showed only 13.1 percent of business owners recognize the term “FACTA."

Due to the major growth of and concern about identity theft, the Federal Government has enacted several pieces of legislation during the past few years. They impact businesses of all sizes.  No industry is immune, and businesses large and small, for profit and non-profit need to take heed.

• The Health Information Technology for Economic and Clinical Health Act (HITECH)
• The Health Insurance Portability and Accountability Act (HIPAA)
• The Gramm-Leach-Bliley Act (GLBA)
• The F.A.C.T. Act (F.A.C.T.A.)
• The FACTA Red Flags Rule
• Payment Card Industry Data Security Standards (PCIDSS)
• State Security Breach Notification Laws
• The Fair Credit Billing Act (FDCPA)
• The Fair Credit Reporting Act (FCRA)
• The Electronic Fund Transfer Act (EFTA)

These pieces of legislation are serious; they impact business of all sizes whether they have one or ten thousand employees. You need to be aware of them, the requirements they mandate. The legislation defines guidelines for all businesses to meet regarding the safeguarding of customer and employee information.

These laws require that businesses ensure the proper handling, safeguarding and disposal of information collected from employees and customers as a process of doing business. Additionally they recommend the implementation of an identity theft prevention program including measures to determine that new customers with whom you are doing business are who they really say they are.

There are penalties for non-compliance as well as a result of loss, mishandling or breach of information. These penalties can include:

• Federal & State fines ranging from $1,000 to $1,000,000 per occurrence
• Civil Liabilities per occurrence
• Class action lawsuits with no statutory limitation
• Responsibility for actual losses of affected individuals
• Up to 10 years Jail Time for Executives
• Removal of Management
• Executives within an organization can be held accountable for non-compliance both civilly and criminally.