The following lists some of the relevant privacy laws impacting document destruction practices:

Health Insurance Portability and Accountability Act of 1996 (HIPAA). This law protects the privacy of patient health records by imposing limitations on the use and disclosure of these records for health care providers (hospitals, clinics, pharmacies, doctors, etc.), health care insurance plans, health care billing services, and many companies doing business with one of these entities (attorneys, actuaries, accountants, etc.). Failure to keep patient information secure through improper document disposal could expose a company to civil penalties of up to $25,000 for each violation or criminal fines ($50,000 - $250,000) and imprisonment (1-10 years), depending on the severity.

Gramm-Leach-Bliley Act. Companies within the financial industry (e.g. insurance, banks, mortgage, securities, etc. ) must insure the security and confidentiality of their customers' personal information, and they must protect against any anticipated threats or hazards to such information and any unauthorized access or use of this important information. There are

severe penalties for noncompliance, including heavy fines and even imprisonment (for up to 5 years). Financial institutions can be subject to civil penalties up to $100,000 for each violation, and officers and directors can be personally liable up to $10,000.

Americans with Disabilites Act and Federal Family and Medical Leave Act. The ADA and FMLA mandate that medical-related records in the possession of an employer be kept confidential. A company's failure to ensure the confidentiality of this information could result in significant civil liability.

Identity Theft and Assumption Deterrence Act of 1998. This law attempts to address the problem of identity theft by making it a federal crime (with severe penalties) for anyone to knowingly transfer or use a means of identifying another person with the intent to engage in - or assist - unlawful activity. A company, therefore, could expose itself to liability if its business practices make it easier to steal someone's identity (i.e. through improper document disposal).

Economic Espionage Act of 1996. The federal government will protect a company's trade secrets by imposing stiff civil and criminal penalties against any person or entity that steals or discloses the trade secrets. These significant protections, however, are only available if the company takes reasonable measures to preserve and protect its own trade secrets. Improper document disposal, therefore, could result in a loss of this Act's protections.

Wisconsin's Trade Secret Protection Law (Wis. Stat. § 134.90). State law also provides significant protections against the misappropriation of a company's trade secrets. Again, if a company fails to provide for adequate security for its trade secrets, including secure document disposal, the protections under this law are lost.

Wisconsin's Dumpster Diving Law (Wis. Stat. § 895.505). A financial institution, medical business, or tax preparation business may not dispose of a record containing an individual's personal information unless it is destroyed properly. The means for proper destruction include making the information unreadable or shredding the record before disposal. Failure to follow this directive could result in fines up to $1,000 or civil liability for the amount of damages caused by the improper protection or destruction of the records.