NEXCUT makes it easy to comply with FACTA, HIPAA, GLB, and other legislation protecting Social Security numbers, credit information, medical records, and associated confidential data.

NEXCUT designs legally compliant shredding programs for any business including healthcare and hospitals, financial services and banks, and government agencies.

Federal legislation

FACTA
The Fair and Accurate Credit Transactions Act protects safe disposal of consumer information. Any business that maintains consumer information must "take reasonable measures to protect against unauthorized access or use of the information in connection with its disposal." FACTA requires burning, pulverizing or shredding, with noncompliance resulting in federal (up to $2,500 per violation) and state (up to $1,000 per violation) fines, civil liability ($1,000 per employee) and class action lawsuits.

HIPAA
The Health Insurance Portability and Accountability Act of 1996 ensures that U.S. healthcare organizations safeguard patient information and privacy including secure disposal of any personal information. HIPAA noncompliance can result in criminal penalties reaching $250,000 and up to 10 years in prison and civil fines of up to $25,000 a year.

GLB
Gramm-Leach-Bliley requires banking and financial institutions across the United States to describe how they will protect the confidentiality and security of consumer information. GLB noncompliance can result institutional civil penalties of up to $100,000 for each violation, personal civil liability by officers and directors of up to $10,000, class-action lawsuits and imprisonment for up to five years.

EEA
The Economic Espionage Act of 1996 establishes monetary fines for the misappropriation and theft of trade secrets for companies who do not take "reasonable measures" such as secure document destruction to safeguard their information. A defendant convicted for theft of trade secrets under Section 1832 of the EEA an be imprisoned for up to 10 years and fined $500,000. Corporations and other establishments can be fined up to $5 million.

SOX
Sarbanes-Oxley Act of 2002 requires U.S. public companies to maintain information and records management policies and procedures and to halt regular document destruction if they expect the company will face a government investigation, audit or other official proceeding.

State legislation

Pennsylvania
Pennsylvania Senate Bill 713, the Breach of Personal Information Notification Act, requires any business that operates in the state of Pennsylvania and stores confidential consumer data to notify individuals when a security breach results in their personal information being released to unauthorized parties.

New Jersey
New Jersey’s Identity Theft Prevention Act (ITPA) applies to all businesses that operate in New Jersey and all businesses that collect and store personal information about New Jersey residents. Section 11 states: “A business or public entity shall destroy, or arrange for the destruction of, a customer’s records within its custody or control containing personal information, which is no longer to be retained by the business or public entity, by shredding, erasing, or otherwise modifying the personal information in those records to make it unreadable, undecipherable or nonreconstructable through generally available means.”

State of New York
The New York Information Security Breach and Notification Act (A04254) requires all individuals and businesses that conduct business in New York which store private information of New York residents to notify affected individuals when a security breach results in their private information being released to unauthorized parties. Failure to comply with A04254 could result in fines up to a maximum of $150,000. In addition, civil recovery of actual and consequential damages may be available.