Resources
Documents
Laws and Regulations.
Do you have more questions?
FACTA (aka The DISPOSAL RULE)
Sec. 682.3 Proper disposal of consumer information.
(a) Standard. Any person who maintains or otherwise possesses consumer information, or any compilation of consumer information, for a business purpose must properly dispose of such information by taking reasonable measures to protect against unauthorized access to or use of the information in connection with its disposal.
(b) Examples. Reasonable measures to protect against unauthorized access to or use of consumer information in connection with its disposal would include:
(1) Implementing and monitoring compliance with policies and procedures that require the burning, pulverizing, or shredding of papers containing consumer information so that the information cannot practicably be read or reconstructed.
Links:
https://www.ftc.gov/legal-library/browse/statutes/fair-credit-reporting-act
STATE OF VIRGINIA ADMINISTRATIVE CODE
The Code States: Paper records. Paper records shall be shredded, pulped or incinerated. If paper records are destroyed within an office or agency, records shall be shredded by a mechanical cross-cut shredder that reduces paper to a size no wider than 3/8 inches. The custodian of the records must prepare a certificate of destruction that lists what records have been destroyed, who destroyed the documents, and the date of destruction.
If the shredding is done off site, or by a contractor, locked bins are required to protect the records prior to shredding. Contractors doing the shredding must be bonded. The agency contracting for the shredding retains responsibility for protecting the social security numbers on the records until destruction. A representative of the contracting agency shall witness the destruction.
Links: