Go to Content

State Legislation

With federal legislation acting as the catalyst for more stringent, industry-specific policies regarding privacy and the disposal of confidential information, states have been increasingly writing their own regulations into law in the form of state legislation. Some states have enacted their own information security legislation. Where no state legislation exists, federal law takes precedence.

Office employee inserting sensitive documents into a secure PROSHRED console bin, to be securely shredded by security bonded professionals

What you need to know and how you are affected by new state regulations.

FERPA Legislation

Family Educational Rights and Privacy Act (FERPA)

The federal law that protect the rights of student`s educational records, Family Educational Rights and Privacy Act (FERPA), gives parents and “eligible students” the right to inspect and review a student’s educational records, correct inaccurate or misleading records, the right to a hearing upon the denial of amending a record and the right to place a dispute statement about the contested information.

The Illinois Personal Information Protection Act (PIPA)

A protection act Illinois residents the misuse of their personal information. Data collectors must notify a person if there has been any breaches to secuirty systems.

ITPA Legislation

The New Jersey Identity Theft Protection Act (ITPA)

Any New Jersey business operating and maintaing records of personal information must destroy, or arrange the destruction of  customer’s records after they are no longer required.


Health Insurance Portability and Accountability Act (HIPAA)

HIPAA was created as an aid against fraud and abuse in the health insurance industry. A Rule setting national standards for the protection of individually identifiable health information by healthcare providers.

HIPAA Compliant logo.
UPIA Legislation

The Florida Unlawful Use of Personal Identification Act (UPIA)

A law protecting any fradulent use of Personal identification. This can be punishable as a third degree felony.

North Carolina Identity Theft Protection Act (ITPA)

A protection act for North Carolina residents from the misuse of their personal information. This Act outlines the protection required by businesses operating in the state for personal information and how the information is disposed of.

The Pennsylvania Breach of Personal Information Notification Act (BPINA)

The Act requires providing notification to residents whose personal information data was or may have been disclosed due to a security system breach; and imposing penalties.

The Gramm-Leach-Bliley Act (GLBA)

The Act addresses concerns relating to consumer financial privacy by protecting their information that is held by the financial institutions.


The Texas Information Disposal Act (IDA)

When a business disposes of a business record that contains personal identifying information of a customer, the business must modify, by shredding, erasing, or other means, the personal identifying information to make it unreadable or undecipherable.

The New York Information Security Breach and Notification Act (ISBNA)

A mandate for the protection of personal information by businesses perating in New York and outlines their obligations to customers.

ISBNA black writing on grey background
brown writing on grey background

The Fair and Accurate Credit Transactions Act (FACTA)

Businesses and individuals must take “reasonable measures” to ensure consumer private information does not fall into the wrong hands.

Red Flag Rules and Current Privacy Legislation

Fights against identity theft. This rule tells you how to develop, implement, and administer an identity theft prevention program.


General Data Protection Regulation (GDPR)

Replaces the Data Protection Directive of 1995. Acts as the new, overarching legislation concering the companies that manage and protect personal data belonging to citizens of the European Union.

Health Information Technology for Economic and Clinical Health (HITECH)

Promotes the adoption and meaningful use of health information technology. Also addresses the privacy and security concerns associated with the electronic transmission of health information

grey logo with blue writing underneath

Cookie Policy

We use cookies and other tracking technologies to ensure you get the best experience on our website, assist with navigation, analyze your use of our services, and assist with our promotional and marketing efforts. If you continue without changing your browser settings, you are providing consent to our Cookie Policy. Click here to learn more about our privacy policy.