Security Compliance

Hide Menu

Security Compliance

Identity fraud is always a concern to any individual or business that collects and maintains consumer information. The growing incidence of identity theft prompted the federal government to create regulations overseeing the disposal of consumer information. The Fair and Accurate Credit Transaction Act of 2003 demands the compliance of every individual and company that maintains consumer information. FACTA requires every business to rigorously protect client data and dispose of this data according to strict guidelines known as the Disposal Rule.

Any record about an individual that is a consumer report or that is taken from a consumer report is considered consumer information. In order to be compliant under the Disposal Rule, individuals or business that maintain or possess consumer information must take “reasonable measures” to protect that information against misuse and improper access.

Proper disposal of consumer records is critical to compliance. The Federal Trade Commission (FTC) gives two illustrations of compliant disposals of records. According to these examples, the best practice for hard copy records is to destroy them by shredding, burning, or pulverizing. Hard copy or paper records can be shredded in-house, however, the best practice may be to hire a professional data destruction company. Both parties are responsible for keeping documents secure before and during the destruction process. The company will provide a record of destruction. These documents should be kept on file as proof of compliance.

In the second illustration, the best practices for electronic equipment are physical destruction of the equipment or erasure of hard drives and disc or jump drives. Computers and other electronic media can be physically destroyed. This procedure would comply with the Disposal Rule, but not one of the best practices since it exponentially adds to the amount of electronic waste in city landfills and dumps.

Sometimes the best practice is to recycle electronics. This can be done in compliance with the Disposal Rule if the hard drive undergoes permanent erasure. Permanent erasure goes beyond using the delete command. Full disc overwriting programs destroy data by writing 1s and 0s over all sectors. The software program must be able to overwrite every sector of the disc or hard drive, including hidden and locked files; otherwise, the erasure is not complete and records could potentially be reconstructed.

Further reading: Corporate Governance | Audit | Performance Improvement

Contact Sitemap Links
Copyright 2017 Best-Practice.com. All Rights Reserved.