Slashdot Mirror
Document Disposal Law Kicks In
dougrun wrote to link to a story on MSNBC regarding a new federal law requiring individuals who handle other people's personal information to dispose of the data properly. From the article: "Recycling the paperwork isn't good enough -- it must be destroyed, the rule says, rendered useless to anyone who might stumble upon it. The FTC can sue and obtain fines of up to $2,500 for each instance of neglect."
A cute McDonald French Fry
I really hope these masses of shredded papers aren't dumped in our landfills... I think we
already have enough junk in there that won't be decomposing any time soon.
What about the work that are outsourced to foreign countries? Every now and then we hear stories about foreign workers taking liberities with personal information, a Federal law doesn't exactly cover foreign soil.
ELOI, ELOI, LAMA SABACHTHANI!?
-Ted
-=-=- Quantum physics - the dreams stuff are made of.
Step 1: make a rule that no paper of any kind goes into any wastebasket at your business.
Step 2: Buy a stove that can burn paper
Step 3: Heat your business with waste paper, and cut down on your garbage bill.
Step 4: Profit!
Fascism trolls keeping me up every night. When I starts a preachin', he HITS ME WITH HIS REICH!
..make laws that, through our supposedly demcratic system, on our behest and vote, "protect and serve" us by putting into black and white writ all that we deem harmful. With this in mind, my question is this: Who would most want to be protected from incompletely destroyed "sensitive" documents?
The article speaks of the "good it does for the little people" - but who asked for this law? Wouldn't it be better (and more targeted) to fine people who steal identity? Is the government going to spend billions checking every garbage can to enforce this law? This law reeks of one made for unwritten "other" purposes. Most likely this administration's own.
I smell something burning. Something shredded.
No, no sig. Really.
ThePromenader
Some cities (at least it's the case here in Vancouver) have zoning bylaws that don't allow regular wood (or, by implication, paper) burning fireplaces and stoves to be installed anymore. This may not be feasible.
Sometimes boldness is in fashion. Sometimes only the brave will be bold.
One of the funniest TV commercials I've ever seen was an Xmas commercial that started out with snow falling down onto a city street to the tune of "Let it Snow, Let it Snow". The camera pans up toward the top of a nearby building. Eventually we see that most of the "snow" is really from a bunch of accountants frantically shredding documents Arthur Anderson style with the windows open. Then the announcer says, "Whether you've been naughty or nice, enjoy a cup of [product] this holiday season".
Table-ized A.I.
I would rather suggest not to memorize other people's personal information, for obvious reason...
There you are, staring at me again.
The entirety of H.R.2622 Fair and Accurate Credit Transactions Act of 2003 and the specific section SEC. 216. DISPOSAL OF CONSUMER REPORT INFORMATION AND RECORDS.
The actual imortant part of this is the regulations (which may be yet to be created) for what needs to be done to appropriately destroy associated data. Hopeflly most people should be able to get away with just doing a single write of zeroes or pseudo-random data, while places like equifax should be required to do a bit more work. (because their collections would be especially valuable).
Of course, knowing the way that the political system works, it's probably going to end up being the other way 'round.
Sometimes boldness is in fashion. Sometimes only the brave will be bold.
Just print them out and shred them! Problem solved! All of your sensitve data is safe, and the only copy of it destroyed!
That's what my grandmother (bless her soul) does everytime she needs to get rid of information. Seems to work for her...
Here, here!
I take it this is a US article?
A blog I run for the wealth
There is no way you could recover anything but wood pulp from those things. They rendered paper to a fluffy mass with individual chunks around a millimeter in size. I've never seen shredders as beefy as those for sale in the civilian world. I wonder if this is intentional...
We have similar laws here in Canada, but they are an utter joke. Under the BC Personal Information Protection Act, there are stiff penalties on paper, but the enforcement procedure requires a minimum of six months of attempting to affect things internally to the organization, before an investigator from the privacy commissioner's office will even speak to you. Even then, the investigator doesn't really investigate anything, they just phone the organization who's in violation and ask them nicely to not do that. If the organization doesn't comply, back to square one with the six months of internal pressure. I left a job recently over this very issue...after I was asked to lower the security on the network, exposing insane amounts of client data to the bare internet. If the Act ever gets any teeth, my ass would be on the line. But I guess I needen't have worried, as there's no possibility of enforcement.
Stasis is death. Embrace change.
So you are required to destroy documents unless you knowingly do so when there's about to be a federal investigation that will require those documents, in which case you can be sent to prison for destroying them? Sounds like a good reason not to use paper at all...
Quid festinatio swallonis est aetherfuga inonusti?
Africus aut Europaeus?
Same problem as always with market forces instead of regulation; it relies on an informed and interested public allowing the problem to affect their purchasing decision.
In this case, if your credit details get stolen from a dumpster, leading to identity 'theft'; how do you know which company in the last 6 months allowed your information to leak? Assuming you do find out, how do other people find out that information, since it's not exactly going to be large news?
(our lead national story today; joe bloggs lost $200 when company X put his credit details in the garbage, leading to identity theft and an extra charge on his credit card. Can company X survive this devastating blow to it's consumer confidence?)
So instead of putting a small burden on all businesses to buy and use a shredder for financial documents, we add a significant information gathering burden to all buyers to add to the rest of the information they have to find out about their business (do they harm dolphins? do they pollute more? do they hire third world children for virtually nothing? etc etc)
We're also assuming the business with bad business practises has effective and equal competition in it's area, which people can go to.
Market forces are useful for many things, but protecting customers from unethical business practises isn't one of them. Regulation is a far more effective method, as opposed to businesses dumping the costs that regulation would cause into an external cost on the rest of the economy. (time for customers, insurance costs for banks and credit institutions to cover fraud losses)
Remember kids, it's all fun and games until someone commits wholesale galactic genocide.
So... are people doing less business with businesses that are careless with personal information now?
Have they ever shown signs of doing this? At all?
No?
So what, exactly, is the difference between "letting consumers police poor corporate identity safety policies" and "as a nation, doing nothing whatsoever about the corporate identity safety policy problem whatsoever"?
I mean maybe there's this great libertarian fantasyland somewhere where people suddenly call up their rental car places and say "I want verifiable evidence that you shredded your copy of my credit report rather than putting it in a dumpster, and I'm canceling my business with you immediately if you don't!". However in the real world people just want to rent a car, and if you do call up your rental car company and say "by the way, what did you do with my credit report?" and they say "we shredded it", you do not have a way of telling whether or not they are telling the truth. A grand jury, however, does.
Irritable, left-wing and possibly humorous bumper stickers and t-shirts
That is pretty much my thoughts on it, Alaska.
...No... We punish the business.
Bad guy does bad things with data found in recycle bin. We all agree that bad guy is a criminal. So do we punish bad guy?
I've been a victim of this kind of before myself.I worked in a pharmacy that also did home care. I had to go out this patients house that was way out in the boonies in a trailer complex. The kind of place that 60 miles of dirt roads around it with no addresses and no street signs. As the medical profession had already performed maximum cash extraction from this family, they no longer had a phone or any kind, so calling for directions out to RR-1102-L22-22 was simply impossible (and the post office can't legally give you directions anymore to those RR addresses due to an antistalking law).
One of the RN's had made a map & another with directions to the place and stuck it in the patients medical record. After talking with the RN, I retrieved the medical record and made a copy of that page, the page with the map and stuck them in my folder so I could find my way out there. Didn't think another thing of it, we frequently exchanged maps of this type amoung the different services for the patients.
When I got back to the office, I stuck the folder with only the map, directions, and other stuff completely related to my job function in with the rest of my work stuff in the employee (non-public accessable) area, it had plenty of other maps I had hand drawn for the same reason, our customers were in a 190 mile radius and most of that is pretty rural.
Some pinhead came across it over the weekend and noticed the stripe on the top (which is on all of our medical records). Result? My contract with pharmacy terminated for improper medical records storage, and no chance to tell my side of story.
It contained no personal medical information other than the patients name and their pharmacy ID-code.(Which is on the order sheets for everything anyway and I had to keep those as part of my contact, and even fed-ex boxes we ship to them.) Everything else I had blacked out with a piece of paper while copying. There was no issue with release, and no issue with non-authorized access (all of these patients signed a release which covered us). I ran it over with my lawyer and we couldn't find anything illegal in my actions, nor anything that violated patient conidentiality (I had full sets of signed releases from the patients, the pharmacy, the nursing company), but I was a contractor and not an employee so I couldn't do much about it.
" $2500 doesn't seem to be a very harsh punishment for my personal data being compromised when the FCC can fine companies $11000 per do not call violation."
The government isn't concerned with fortune 500's disposal of information, but the mom and pop shops more than anything else. I was able to see the meeting on TV and thats what they said.
They actually brought the donotcall bill up, and they said thats because fortune 500's make calls to homes more than mom and pops. -Shrugs-
I am going to point this article out to my boss first thing Monday and hopefully he will FINALLY decide to do at least minimal destruction of the paperwork we toss out.
Hopefully he won't notice that the law only applies to consumer credit reports...
You need a bucket. The size of the bucket depends on the amount of paper documents to be destroyed. The bucket can be metal or plastic. Wax lined paper buckets will not work.
You tear up the paper documents into little pieces and put them in the bucket one handful at a time, sprinkling soggy coffee grounds on top of each layer. You then take a can or two, or more as needed of Pepsi(tm) and pour it on top. Mix the contents of the bucket. Preferably with a stick. You then piss in the bucket. Mix the contents again. Finally, you take a dump in the bucket. Mix thoroughly for the last time.
I 100% guarantee that no one will be able to read the documents - or even want to...