Home | Subscribe | Contact Us | Advertise

COVER STORY
DOCUMENT SECURITY
Previous | Contents | Next

Four Laws That Affect Document Security

Compiled by Andy Brown

Reacting to the risks and costs involved in fraud, the U.S. Congress has passed a series of laws related to information security. Because information is so frequently transmitted through print and electronic documents, the laws affect how companies secure them. Excerpts from the following laws provide a basis for understanding why document security is more important to companies than ever before.

1) Gramm-Leach-Bliley Act
Title V of the Gramm-Leach-Bliley Act addresses the responsibility of financial institutions to protect customers’ personal information. The bill was signed into law on Nov. 12, 1999. To read the complete text, visit http://banking.senate.gov/conf/confrpt.htm.
HIGHLIGHTS:
(1) to ensure the security and confidentiality of customer records and information
(2) to protect against any anticipated threats or hazards to
the security or integrity of such records; and
(3) to protect against unauthorized access to or use of such records or information which could result in substantial harm or inconvenience to any customer.

2) Sarbanes-Oxley Act
The collapse of Enron prompted Congress to pass this act. It was designed to make corporate executives more accountable for financial decisions. One outcome is that companies more closely assess risk in their supply chain and implement measures to reduce that risk, including more secure handling of documents. The bill was signed into law on July 30, 2002. To read the complete text, visit http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=107_cong_bills&docid=f:h3763enr.tst.pdf.
HIGHLIGHTS:
(4) the signing officers—
(A) are responsible for establishing and maintaining internal controls;
(5) the signing officers have disclosed to the issuer’s auditors and the audit committee of the board of directors (or persons fulfilling the equivalent function)—
(A) all significant deficiencies in the design or operation of internal controls which could adversely affect the issuer’s ability to record, process, summarize, and report financial data and have identified for the issuer’s auditors any material weaknesses in internal controls; and
(B) any fraud, whether or not material, that involves management or other employees who have a significant role in the issuer’s internal controls;

3) Check Clearing for the 21st Century Act
This act permits scanned images of checks to substitute as legal equivalents of the printed document. The measure was meant to reduce the cost of check processing, but it also introduced concerns about document security, including whether features on the printed checks would be compromised. This bill was signed into law on Oct. 28, 2003. To read the complete text, visit http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=108_cong_public_laws&docid=
f:publ100.108.pdf.
HIGHLIGHTS:
(b) LEGAL EQUIVALENCE.—A substitute check shall be the legal equivalent of the original check for all purposes, including any provision of any Federal or State law, and for all persons if the substitute check...
(e) APPLICABLE LAW.—A substitute check that is the legal equivalent of the original check under subsection (b) shall be subject to any provision, including any provision relating to the protection of customers, of part 229 of title 12 of the Code of Federal Regulations, the Uniform Commercial Code, and any other applicable
Federal or State law as if such substitute check were the original check, to the extent such provision of law is not inconsistent with this Act.

4) REAL ID Act
This act was part of the Emergency Supplemental Appropriations Act for Defense, the Global War on Terror and Tsunami Relief. It established national standards for state-issued identification cards, including drivers’ licenses. It was signed into law on May 11, 2005.
HIGHLIGHTS:
(b) Minimum Document Requirements- To meet the requirements of this section, a State shall include, at a minimum, the following information and features on each driver’s license and identification card issued to a person by the State:
(8) Physical security features designed to prevent tampering, counterfeiting, or duplication of the document for fraudulent purposes.
(9) A common machine-readable technology, with defined minimum data elements.
(d) Other Requirements- To meet the requirements of this section, a State shall adopt the following practices in the issuance of drivers’ licenses and identification cards:
(1) Employ technology to capture digital images of identity source documents so that the images can be retained in electronic storage in a transferable format....
(11) In any case in which the State issues a driver’s license or identification card that does not satisfy the requirements of this section, ensure that such license or identification card—...
(B) uses a unique design or color indicator to alert Federal agency and other law enforcement personnel that it may not be accepted for any such purpose.