Protecting privacy has become of paramount importance in the last several decades, because identity theft has grown into a massive problem. Identity theft can be as easy as stealing sensitive information from someone's trash, or as complicated as hacking into computers and/or systems to access digital records. Either way, companies have a responsibility to maintain the utmost security of their records, and the government has passed numerous laws addressing this issue.
Though there are many privacy laws out there, from local to federal, two of the most important are the Gramm-Leach-Bliley Act and the Sarbanes-Oxley Act.
Passed in 1999, the Gramm-Leach-Bliley Act covers practices of financial institutions. There are many clauses to this act, as with any law, but the ones that we care about are the privacy provisions. In short, this act includes a Financial Privacy Rule, making it required that a financial institutions provide consumers with privacy notices when they begin a relationship with that institution. The notice must explain to consumers what kind of information the financial institution collects from the consumer, and where and how that information is used, as well as who else might receive that information. Also included in this notice is a notice about how the consumer's information will be protected.
The Safeguards Rule, part of the Gramm-Leach-Bliley Act, basically states that a financial institution must have a plan in place that will protect the consumer information it collects.
The Sarbanes-Oxley Act is broader, applying to corporations in general, instead of just financial institutions. One particular section of this act, section 802, applies specifically to privacy issues. Because of this section, public companies are required to keep certain paperwork for a period of five years. The Sarbanes-Oxley Act also has policies and standards regarding records management in general, and requires that public companies have plans in place for the management of documents and records.