Industry Regulations & Penalties
The risks — and costs — associated with disregarding regulations can be tremendously damaging.
California Senate Bill 1386
- Requirement: Protection of any confidential information about California residents. This includes driver’s license, Social Security, bank account and credit/debit card account numbers.
- Applies to: Every public or private organization conducting business with California residents.
- Penalty for noncompliance: Fines from potential class-action lawsuits are determined on a case-by-case basis.
FACTA (Fair Trade and Credit Transaction Act of 2003)
- Requirement: Any person who maintains or otherwise possesses consumer information for a business purpose must properly dispose of such information by taking reasonable measures to protect against unauthorized access to or use of the information in connection with its disposal.
- Applies to: Any person who maintains or otherwise possesses consumer information for a business purpose.
- Penalty for noncompliance: Civil liability in which an employee can recover actual damages from his/her employer for all damages incurred from identity theft.
- Requirement: Protection of a customer or consumer’s personal financial data, including name, address, Social Security number, account numbers or nonpublic personal data.
- Applies to: Financial institutions, banks, investment companies, credit unions or any of their partners that collect and retain nonpublic personal data.
- Penalty for noncompliance: Regulatory fines can be levied. CEOs and board members can be held personally liable.
HIPAA (Health Insurance Portability and Accountability Act)
- Requirement: Protection of a patient’s medical records and other personal healthcare information.
- Applies to: All companies that transmit healthcare information, including healthcare providers and healthcare benefit plans.
- Penalty for noncompliance: Fines of $250,000 can be levied; criminal prosecution can occur and can result in jail time of up to 10 years.
Risks associates with environmental protection and hazardous waste arise primarily from two regulations:
- RCRA (The Resource Conservation and Recovery Act): Regulates the use, transportation and disposal of hazardous wastes.
- CERCLA (The Comprehensive Environmental Recovery, Compensation and Liability Act): Assigns liability for the cleanup of hazardous materials disposed of improperly.