In 2005, the "Fair and Accurate Credit Transactions Act" (FACTA) was updated. This is the law that allows you one free look a year at any files concerning you that a credit bureau may be holding. The update adds rules that any personal data you hold on anybody else - anything derived from a consumer report in any form - must be destroyed as soon as you don't need it any more. This includes credit checks and other routine information inquiries. So if you've hired someone and have their personal information because you're paying Social Security taxes, you can't just dump the papers or diskettes or CDs that actually contain the information - you must destroy it.
The rationale is to protect against identity theft. We've all heard stories about carbon copies of credit card receipts being retrieved from the garbage and used to rip off the card-holders; there are scary tales of devices being placed in front of the card slot in ATMs so as to read your account number and PIN; anything that ingenuity can suggest and knavery employ will be used to steal personal information for profit. This law, then, makes it mandatory that easily-read copies of information be destroyed properly. After all, why make it easy for the villains? If it can be proved that you were the holder of the information that got out, you are liable to the full extent of the law.
FACTA isn't the only legislation that relates to the shredding industry, or the value of shredders in home and business use. Out of concern for customers' rights, and to avoid costly litigation, it's important to be aware of these laws.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) governs how health care organizations and workers must securely dispose of patient information. Specific industries are addressed in other legislaton, such as the Gramm-Leach-Bliley Act of 1999 (GLBA), which requires banks and other financial institution to dispose of consumer information securely. The protection of trade secrets is also covered in laws such as the Economic Espionage Act of 1996 (EEA). The government itself must comply with the Sarbane-Oxley Act of 2002 (SOX).
Many states have enacted laws specifically covering the destruction of customer records. For example, in California, Civil Code 1798.80-82, which requires businesses to take "reasonable steps" to destroy records, is known as the "shredding law."
These laws are designed for the protection of someone else's identity. But you should also take it to heart on your own behalf. There is no point at all in losing track of copies of this sort of information concerning yourself! That means - don't just chuck out your own credit card receipts, bank statements, in fact anything at all that gives away anything about you and your finances - destroy them by burning or shredding. Peace of mind is priceless!
For what it's worth: a 2003 study estimated that identity theft victimized 7 million Americans to the tune of $93,000 each, and that it cost a minimum of $1500 (not counting lawyer's fees) to do the changes necessary to recover from the theft. More recently, a study by Javelin Strategy & Research found that in 2007 identity theft was suffered by 8.5 million U.S. adults, amounting to an average of $5,720 per victim.
Among others, the states of Texas, Georgia, Arizona, Maryland, and Milwaukee have their own shredding laws.