The Gramm-Leach-Bliley Act requires companies that offer consumers financial products or services like loans, financial or investment advice, or insurance to safeguard sensitive data - including devices. Additionally, prior to allowing a service provider access to customer personal information, the organization must take reasonable steps to ensure that the service provider is capable of maintaining appropriate safeguards.
The Fair and Accurate Credit Transactions Act (FACTA) requires organizations to dispose of data contained in consumer reports and records in a way that is reasonable and appropriate to prevent unauthorized access to or use of the information. The FTC also encourages those who dispose of any records containing a consumer's personal or financial information to take similar protective measures.
The Health Insurance Portability and Accountability Act (HIPAA) requires that covered entities must have in place policies and procedures regarding the transfer, removal, disposal, and re-use of electronic media, to ensure appropriate protection of electronic protected health information.