Biometrics Direct - Your source for fingerprint biometric security products for home and business.  Biometric door locks, fingerprint USB security and PC biometric login

View Cart | Home | Support | News | Policies | Resellers | Contact Us | Sitemap |  

Contact Us Toll Free in the USA - 1-800-519-8800
Direct and International Support - +1 206-973-2137

 
Home Products iQBioBlog Where to Buy Support Smart Cards Card Printing ID Cardz ASG Global
Biometrics Direct - Your Source for Fingerprint Biometric Security Products for Home, Travel and Office
iQBio - "Unlock the Power of Your Print"
 
 


Site Navigation
 
 

Physical Access Control
iGuard IP Appliance

PC & Network Access
BioCert PC Peripherals
ACS Smart Card

Developer Products
ACS Development Kits
- Smart Cards
- Smart Card & Bio

Biometric Solutions
Time/Attendance

Other Products
ACS Smart Cards
Smart Card Supply
Card Five ID Software
PVC ID Card Products
Pebble ID Printer
Quantum PVC Printer
DNP Reverse Printers
IDCardz.com

Biometrics Education
Biometrics FAQ
Biometric Terms
Biometrics 101
US Biometrics Laws
Mythbusted?
Your Data in the Wild
2006 Data Breaches
2007 Data Breaches

Personal Privacy Risk
Biometrics Links

 
 

 Kall8
Toll Free & Int'l VOIP
with "Follow Me" Service

 

 
US Federal Laws
 
  Check21
Economic Espionage
FACTA
FERPA
Gramm-Leach-Bliley
HIPAA
IDTPEA
Sarbanes-Oxley
USA Patriot Act
US Safe Harbor Law
 
 

Check Clearing for the 21st Century Act - Check21
The United States Check Clearing for the 21st Century Act (Check 21), effective October 2004, enables banks to improve check processing by allowing them to handle more checks electronically, making check processing faster and more efficient. The Act allows banks to issue substitute checks in place of original checks. For example, customers who receive cancelled checks with their monthly account statement may begin to receive substitute checks. Substitute checks are considered proof of payment.

Economic Espionage Act
The Economic Espionage Act of 1996 (EEA) made it a criminal offence to steal trade secrets, defined as “all forms and types of financial, business, scientific, technical, economic or engineering information” that the owner has taken reasonable measures to keep secret and that is not known to the public. The legislation applies to information in any form.

Fair and Accurate Credit Transactions Act
The Fair and Accurate Credit Transactions Act, 2003 (FACTA) was enacted in December 2003 with more specific document destruction rules coming into effect on June 1, 2005. FACTA amended the existing Fair Credit Reporting Act providing consumers, companies, consumer reporting agencies and regulators with new tools to expand consumer access to credit, enhance the accuracy of consumer financial information, and help fight identity theft. FACTA is administered by the Federal Trade Commission (FTC).

Family Educational Rights and Privacy Act
The Family Educational Rights and Privacy Act (FERPA) (20 USC §1232g, 34 CFR Part 99) is a federal U.S. law that protects the privacy of student education records.

Gramm-Leach-Bliley Act
The Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act (GLB Act), protects the privacy of consumer information held by financial institutions and requires companies to give consumers privacy notices that explain the institutions’ information sharing practices. The Act also provides consumers with the right to limit some sharing of their information.

Health Insurance Portability and Accountability Act
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a United States federal law that requires health care organizations to “maintain reasonable and appropriate, technical, and physical safeguards to prevent intentional or unintentional use or disclosure of protected health information.” Protected health information (PHI) includes patient medical records, patient logs, insurance, billing and other personally identifiable health information.

Identity Theft Penalty Enhancement Act
The Identity Theft Penalty Enhancement Act of 2004. The law established a new federal crime, aggravated identity theft, outlined under “offenses” in the Act: Offenses – (1) In general – Whoever, during and in relation to any felony violation enumerated in subsection (c), knowingly transfers, possesses, or uses, without lawful authority, a means of identification of another person shall, in addition to the punishment provided for such felony, be sentenced to a term of imprisonment of 2 years. (2) Terrorism offense – Whoever, during and in relation to any felony violation enumerated in section 2332b(g)(5)(B), knowingly transfers, possesses, or uses, without lawful authority, a means of identification of another person or a false identification document shall, in addition to the punishment provided for such felony, be sentenced to a term of imprisonment of 5 years.

Sarbanes-Oxley Act
Enacted following a series of high-profile accounting scandals in the United States, most notably Enron and Worldcom, the Sarbanes-Oxley Act of 2002 (SOX) is intended to enhance corporate responsibility and financial reporting as well as combat corporate and accounting fraud. It is one of the most complex pieces of legislation passed in the United States in recent years and includes some of the most far reaching reforms of American business practices since the 1930’s.

USA Patriot Act
The Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act (USA Patriot Act) was enacted in October 2001 in an effort to “deter and punish terrorist acts in the United States and around the world, to enhance law enforcement investigator tools and for other purposes.”

US / EU Safe Harbor Program
The European Union’s Directive on Data Protection prohibits the transfer of personal data to US companies which do not meet the Commission’s standards for privacy protection.

State & Local Laws
 
     
 

United States State and Local Laws Regarding Data Security

Arkansas Senate Bill 335
As of January 1, 2007 it will be illegal in Arkansas to publicly post or display an individual’s social security number or to require an individual to transmit their social security number via the internet unless the information is encrypted. 

California Senate Bill SB1386
California was the first U.S. state to have an agency, the Office of Privacy Protection, dedicated to promoting and protecting the privacy rights of consumers. The State has a number of laws related to privacy and identity theft including Senate Bill 1386 (SB 1386). Since July 2003, businesses and individuals that maintain computerized data that includes specified personal information must disclose any breach of the security of that data. The legislation is designed to give companies the incentive to take proactive steps to ensure that their customers do not become victims of identity theft.

Florida Unlawful Use of Personal Identification Information Act
The Florida Unlawful Use of Personal Identification Information Act (HB 481) requires businesses to notify individuals when a security breach results in their personal information being released to unauthorized parties if the breach has or will likely result in harm to the affected individuals. The Act specifies the notification steps businesses must follow in the event of a security breach.

Hawaii Laws Regarding Personal Privacy

  • NOTIFICATION OF SECURITY BREACHES - Act 135 imposes new obligations on the part of Hawaii businesses to notify an individual whenever the individual's personal information that is maintained by the business has been compromised by unauthorized disclosure. The underlying policy behind the Act is that prompt notification will help potential victims to act against identity theft by initiating steps to monitor their credit reputation.  In this regard, it is extremely important that any business subject to the Act's provisions undertake measures to fully comply with the law when it becomes effective on January 1, 2007.
  • DESTRUCTION OF PERSONAL INFORMATION RECORDS - Act 136 imposes new obligations on the part of Hawaii businesses to properly dispose of "personal information" contained in their records.  In short, it requires businesses that have "personal information" about individuals to destroy or shred that information when they are discarding it.  This is necessary to preserve the confidentiality of our citizens' data.  This new law takes effect on January 1, 2007.

    Pursuant to Act 136, businesses must establish "reasonable measures" to protect against the unauthorized access to that information in connection with or after its disposal.

    These "reasonable measures" include:

    1. Implementing and monitoring compliance with policies and procedures that require the burning, pulverizing, recycling, or shredding of papers containing personal information so that information cannot be practicably read or reconstructed;
    2. Implementing and monitoring compliance with policies and procedures that require the destruction or erasure of electronic media and other non-paper media containing "personal information" so that the information cannot practicably be read or reconstructed; and
    3. Describing procedures relating to the adequate destruction or proper disposal of personal records as official policy in the writings of the business.
  • SOCIAL SECURITY NUMBER PROTECTION - The purpose of Act 137 is to minimize the abuses associated with the fraudulent use of a social security number (SSN) by attempting to restrict its use as an identifier.  To provide businesses and government agencies with time to comply with the law, the Act is scheduled to take effect on July 1, 2007.

    Prohibited Uses of Social Security Numbers

    Pursuant to the Act's provisions, unless otherwise authorized by law, a business cannot:

    1. Intentionally communicate or otherwise make available to the general public an individual's entire social security number;
    2. Intentionally print or imbed an individual's entire social security number on any card required for the individual to access products or services provided by the person or entity;
    3. Require an individual to transmit the individual's entire social security number over the Internet, unless the connection is secure or the social security number is encrypted;
    4. Require an individual to use the individual's entire social security number to access an Internet website, unless a password or unique personal identification number or other authentication device is also required to access the Internet website; and
    5. Print an individual's entire social security number on any materials that are mailed to the individual, unless the materials are employer-to-employee communications, or where specifically requested by the individual.
  • Any business that violates any provision of Acts 135, 136, or 137 shall be subject to penalties to the State of Hawaii of not more than $2,500 for each violation. In addition, any business that violates any provision shall be liable to an injured party in an amount equal to the sum of any actual damages sustained.

Georgia Senate Bill 475
Georgia is one of the most aggressive states in the United States in fighting identity theft, introducing its first identity theft legislation in 1998 making identity theft a felony. The 1998 law was updated in 2002 by Senate Bill 475
to recognize that people whose identities are stolen are victims even if they do not suffer financial loss. Also, the law requires companies to securely dispose of all consumer identity information.

Illinois Personal Information Protection Act
The Illinois Personal Information Protection Act (HB 1633) requires businesses to notify individuals when a security breach results in their personal information being released to unauthorized parties. The Act specifies the notification steps businesses must follow in the event of a security breach.

Kansas Comprehensive Privacy Act
Unless required by federal law, no document available for public inspection or copying shall contain an individual’s social security number if such document contains such individual’s per- sonal information. ‘‘Personal information’’ shall include, but not be lim- ited to, name, address, phone number or e-mail address.

Louisiana Database Security Breach Notification Law
The Louisiana Database Security Breach Notification Law (SB 205) requires businesses to notify Louisiana residents when a security breach results in their unencrypted personal information being released to unauthorized parties and there is reasonable likelihood of harm to customers. The Act specifies the notification steps businesses must follow in the event of a security breach.

Maine Notice of Risk to Personal Data Act
The Maine Notice of Risk to Personal Data Act (LD 1671) requires information brokers to notify individuals when a security breach results in their personal information being released to unauthorized parties. The Act specifies the notification steps information brokers must follow in the event of a security breach.

Maryland HB388
Employers in Maryland are no longer allowed to print an employee’s social security number on their paycheck or any part of the pay stub.

Minnesota Security Breach Disclosure Act
The Minnesota Bill H.F. No. 2121 requires businesses to notify individuals when a security a breach causes their personal information to be released to unauthorized parties. The Bill specifies the notification steps businesses must follow in the event of a security breach.

Montana Law regarding Identity Theft and Security Breaches
Montana’s Identity Theft Act (HB 732) requires businesses to notify individuals when a security breach results in their personal information being released to unauthorized parties if that breach causes or is reasonably believed to cause loss or injury to a Montana resident. The Act specifies the notification steps that businesses must follow in the event of a security breach. Additionally, the Act specifies that Montana businesses must take reasonable steps to destroy customer records that are no longer needed, if they contain personal information by “shredding, erasing, or otherwise modifying the personal information”.

Nevada Senate Bill 347
Nevada Senate Bill 347 requires businesses to notify individuals when a security breach results in their personal information being released to unauthorized parties.  The Bill specifies the notification steps businesses must follow in the event of a security breach.

New Hampshire Chapter 208 (SB334)
A consumer who has been the victim of identity theft may place a security freeze on his or her consumer report by making a request in writing, by certified mail to a consumer reporting agency with a valid copy of the police report, investigative report, or complaint the consumer has filed with a law enforcement agency about unlawful use of personal information by another person. In the case of a victim of identity theft, a consumer reporting agency shall not charge a fee for placing, removing, or temporarily lifting for a specific party or period of time a security freeze on a consumer report.

New Jersey Identity Theft Prevention Act
New Jersey’s Identity Theft Prevention Act (ITPA) protects individuals from identity theft in various ways, including: - requiring consumer credit reporting agencies to place security freezes on consumer reports upon request - requiring businesses that collect digital records
containing personal information to notify individuals whose personal data is compromised - limiting the use of social security numbers as general identifiers; and requiring businesses to destroy personal information that is no longer needed.

New York Information Security Breach and Notification Act
The New York Information Security Breach and Notification Act (A04254) requires businesses to notify affected individuals when a security breach results in their private information being released to unauthorized parties. The Act specifies the notification steps businesses must follow in the event of a security breach.

North Carolina Identity Theft Protection Act
The North Carolina Identity Theft Protection Act, (Senate Bill 1048) guards against the misuse of North Carolina residents’ personal information. The Act mandates the proper disposal of records containing sensitive information, limits the legal uses of social security numbers, and grants consumers the right to put a credit freeze in place to prevent identity thieves from obtaining false credit.

NC Identity Theft Act: Short Summary

North Carolina passed the Identify Theft Protection Act of 2005 in December 2005. Although this act is focused on protecting financial information, it addresses the protection of personal information that can be used to gain access that information. Due to this fact, the university falls under this legislation. Below is a summary of the major impact:

1. Social Security Numbers (SSNs) (6 digits or more) may not be transmitted over Internet in unencrypted form.

 2. SSNs (6 digits or more) may not be used for authentication without other identifying information.

3. SSNs (6 digits or more) may not be printed on any card or may not be printed on any material mailed to an individual unless specifically required by federal law.

4. Individuals must be notified of security breaches when there’s a reasonable likelihood that their “identifying information” was compromised.

5. Identifying information covers a wide range of data, including SSNs, bank account numbers, driver’s license numbers, biometric data (fingerprints), passwords, and parent’s legal surname prior to marriage (often used by financial institutions as a form of authentication).

6. A violation of this act can result in significant monetary damages, exposure of personal information that could result in damages to the individual, and security breaches that could expose the offender to civil and criminal penalties.

Oklahoma Credit Freeze
Victims of identity theft in Oklahoma may place a security freeze on their credit reports.

Pennsylvania Breach of Personal Information Notification Act
Pennsylvania Senate Bill 713 the Breach of Personal Information Notification Act, requires businesses to notify individuals when a security breach results in their personal information being released to unauthorized parties and the security breach causes or will cause loss or injury to a Pennsylvania resident. The Act specifies the notification steps businesses must follow in the event of a security breach.

Pennsylvania Protection from Identity Theft Act - 2007

Rhode Island Identity Theft Protection Act of 2005
The Rhode Island Identity Theft Protection Act of 2005 (H6191 Substitute A) requires businesses to notify individuals when a security breach results in their personal information being released to unauthorized parties, unless an appropriate investigation determines that the breach has not and will not likely result in a significant risk of identify theft. The Act specifies the notification steps businesses must follow in the event of a security breach.

The Consumer Empowerment and Identity Theft Prevention Act of 2006".

Texas Information Disposal Act
The Texas Information Disposal Act, House Bill 698 (HB 698), amends the Texas Business and Commerce Code adding document retention and disposal requirements. Specifically, it requires that business records containing personal identifying information be shredded, erased or destroyed by other means prior to disposal.
 

 
 
Copyright © 2002-20012 Artemis Solutions Group, Use of this site or purchase subject to these Terms and Conditions of use.
Some images used on this website are Copyright (c) Comstock and used under license.