Privacy Legislation

By in

Public and private organizations, businesses and governments collect vast amounts of personal information about individuals for a variety of purposes.

The Privacy Act of 1974 regulates the type of information which may be collected and how it is maintained, stored and destroyed. The act prohibits the disclosure of information without written consent from the individuals of whom the information is regarding, as well as, allows the individual the rights to access and amend their information. It has also set forth record-keeping requirements that agencies need to adhere to.

June 1st, 2005 the Disposal Rule which is a part of the Fair and Accurate Credit Transactions Act of 2003 (FACTA) is enacted. It requires businesses and individuals to take appropriate measures to dispose of sensitive information derived from consumer reports and records to protect against “unauthorized access to or use of the information.

The Rule requires disposal practices that are reasonable and appropriate to prevent the unauthorized access to, or use of, information in a consumer report. Reasonable measures for disposing of consumer report information could include establishing and complying with policies to: burn, pulverize, or shred papers containing consumer report information so that the information cannot be read or reconstructed; destroy or erase electronic files or media containing consumer report information so that the information cannot be read or reconstructed; or conduct due diligence and hire a document destruction contractor to dispose of material specifically identified as consumer report information consistent with the Rule. Due diligence could include: reviewing an independent audit of a disposal company’s operations and/or its compliance with the Rule; obtaining information about the disposal company from several references; requiring that the disposal company be certified by a recognized trade association; or reviewing and evaluating the disposal company’s information security policies or procedures.

SecurShred is AAA certified by the National Association for Information Destruction (NAID) and a member of Association of Records Managers & Administrators (ARMA).

Additional Resources