The risks — and costs — associated with the casual treatment of regulations can be tremendously damaging.

Privacy regulations:

California Senate Bill 1386

• Requirement: Protection of any confidential information about California residents. This includes driver’s license, social security, bank account, and credit or debit card account numbers.
• Applies to: Every public or private organization conducting business with California residents.
• Penalty for noncompliance: Fines from potential class-action lawsuits are determined on a case-by-case basis.

FACTA (Fair Trade and Credit Transaction Act of 2003)

• Requirement: Any person who maintains or otherwise possesses consumer information for a business purpose must properly dispose of such information by taking reasonable measures to protect against unauthorized access to or use of the information in connection with its disposal.
• Applies to: Any person who maintains or otherwise possesses consumer information for a business purpose.
• Penalty for noncompliance: Civil liability in which an employee can recover actual damages from his/her employer for all damages incurred from identity theft.

Gramm-Leach-Biley Act

• Requirement: Protection of a customer or consumer’s personal financial data, including name, address, social security number, account numbers or nonpublic personal data.
• Applies to: Financial institutions, banks, investment companies, credit unions or any of their partners that collect and retain nonpublic personal data.
• Penalty for noncompliance: Regulatory fines can be levied. CEOs and members of the board can be held personally liable.

HIPAA (Health Insurance Portability and Accountability Act

• Requirement: Protection of a patient’s medical records and other personal healthcare information.
• Applies to: All companies that transmit healthcare information, including healthcare providers and healthcare benefit plans.
• Penalty for noncompliance: Fines of $250,000 can be levied and criminal prosecution can result in jail time of up to 10 years.

Environmental Regulations
Risks associates with environmental protection and hazardous waste arise primarily from two regulations:

• RCRA (The Resource Conservation and Recovery Act): Regulates the use, transportation and disposal of hazardous wastes.
• CERLA (The Comprehensive Environmental Recovery, Compensation and Liability Act): Assigns liability for the cleanup of hazardous materials disposed of improperly.