The increase in identity theft crimes has caused the enactment of several federal laws designed to protect consumers private information. Some states have also enacted laws, including the states of California, Wisconsin and Georgia.


California Civil Code

Section 1798.80 defines the following: business, records, customer, personal information as they apply to the title.
Section 1798.81 reads as follows:
“A business shall take all reasonable steps to destroy, or arrange for the destruction of a customer’s records within its custody or control containing personal information which is no longer to be retained by the business by (1) shredding, (2) erasing, or (3) otherwise modifying the personal information in those records to make it unreadable or undecipherable through any means.”In addition to California’s law, the following Federal Laws also require businesses to properly destroy any document containing personal information.



The Fair and Accurate Credit Transactions Act of 2003 also known as the FACT Act was signed into law on December 4, 2003. The Act amends the Fair Credit Reporting Act (“FCRA”). The Act contains a number of provisions intended to combat identity theft and consumer fraud and related crimes. Specifically the act requires the destruction of PAPERS CONTAINING CONSUMER INFORMATION. Virtually every business or organization is bound by this law.
Sec. 682.3 Proper disposal of consumer information.
(a) Standard. Any person who maintains or otherwise possesses consumer information, or any compilation of consumer information, for a business purpose must properly dispose of such information by taking reasonable measures to protect against unauthorized access to or use of the information in connection with its disposal.
(b) Examples. Reasonable measures to protect against unauthorized access to or use of consumer information in connection with its disposal would include:
(1) Implementing and monitoring compliance with policies and procedures that require the burning, pulverizing, or shredding of papers containing consumer information so that the information cannot practicably be read or reconstructed.


National Consumer Law Center:

Federal Trade Commission:

Privacy Rights Organization:



Health Insurance Portability and Accountability Act (HIPAA), was enacted in 1996 and includes provisions intended to safeguard the privacy of patient health records. HIPAA is a significant piece of legislation with onerous penalties

Penalties for HIPAA Violations:

American Medical Association HIPAA Violations:

U.S. Dept of Health and Human Services:

Gramm-Leach-Baily Act

The Financial Modernization Act of 1999, also known as the “Gramm-Leach-Bliley Act” or GLB Act, includes provisions to protect consumers’ personal financial information held by financial institutions. There are three principal parts to the privacy requirements: the Financial Privacy Rule, Safeguards Rule and pre-texting provisions.

Financial Privacy Rules:

Safeguards Rule

Pretexting provisions:

Federal Trade Commission Report: