Slashdot Mirror

← Back to Stories (view on slashdot.org)

Document Disposal Law Kicks In

Posted by Zonk on from the shred-it-burn-it-lock-it-in-a-can dept.

dougrun wrote to link to a story on MSNBC regarding a new federal law requiring individuals who handle other people's personal information to dispose of the data properly. From the article: "Recycling the paperwork isn't good enough -- it must be destroyed, the rule says, rendered useless to anyone who might stumble upon it. The FTC can sue and obtain fines of up to $2,500 for each instance of neglect."

14 of 146 comments (clear)

  1. What about online electronic records? by Hulkster · · Score: 3, Interesting
    I've read several articles about this legislation, but there is very little information about electronic records. I see a a brief mention about "discarding a computer's hard drive" ... but what about online record keeping? I gotta believe there is a cottage industry that provides web access for folks to track their hired help - who is liable if that becomes public? And what happens if someone hacks into your computer?

    A cute McDonald French Fry

    1. Re:What about online electronic records? by treff89 · · Score: 4, Interesting

      As inferred above, I put forward the notion that this law is powerless. Not only are things such as computers not thoroughly covered (leaving numerous loopholes for defence in a court of law), but the government has exempted themselves. Clearly, they therefore do not take this seriously, and this law is all about people coming home, thinking "Look at the good the government is doing for my privacy!" and nothing about actually making a difference. (Footnote: No party based comment, I live in Australia.) (FN2: IANAL.)

    2. Re:What about online electronic records? by The+Snowman · · Score: 3, Informative

      The United States Government takes it seriously. While they may be exempt from this law, there are regulations and policies in place to safeguard personal information. These policies are stricter than anything you're likely to find in the private sector.

      Specifically, the Privacy Act of 1972. In a sentence, it mandates that all federal government employees will treat personal information with respect.

      --
      24 beers in a case, 24 hours in a day. Coincidence? I think not!
  2. And all those outsourced jobs? by Lead+Butthead · · Score: 3, Insightful

    What about the work that are outsourced to foreign countries? Every now and then we hear stories about foreign workers taking liberities with personal information, a Federal law doesn't exactly cover foreign soil.

    --
    ELOI, ELOI, LAMA SABACHTHANI!?
  3. define "destroyed" by tfoss · · Score: 3, Interesting
    It's pretty clear that even cross-cut shredders won't do the job. There are commerical ventures that charge by the volume of shredded paper for document reconstruction. Scan all the pieces (strip, cross-cut or confetti) and let imaging software piece them together. The slow step is taping the shreds to white paper for scanning. Seems that incineration, some beefy acid, or some kind of serious ink solvent would be needed to comply.

    -Ted

    --
    -=-=- Quantum physics - the dreams stuff are made of.
  4. Normally, the government is there to... by ThePromenader · · Score: 3, Insightful

    ..make laws that, through our supposedly demcratic system, on our behest and vote, "protect and serve" us by putting into black and white writ all that we deem harmful. With this in mind, my question is this: Who would most want to be protected from incompletely destroyed "sensitive" documents?

    The article speaks of the "good it does for the little people" - but who asked for this law? Wouldn't it be better (and more targeted) to fine people who steal identity? Is the government going to spend billions checking every garbage can to enforce this law? This law reeks of one made for unwritten "other" purposes. Most likely this administration's own.

    I smell something burning. Something shredded.

    --

    No, no sig. Really.

    ThePromenader
  5. classic commercial by Tablizer · · Score: 3, Funny

    One of the funniest TV commercials I've ever seen was an Xmas commercial that started out with snow falling down onto a city street to the tune of "Let it Snow, Let it Snow". The camera pans up toward the top of a nearby building. Eventually we see that most of the "snow" is really from a bunch of accountants frantically shredding documents Arthur Anderson style with the windows open. Then the announcer says, "Whether you've been naughty or nice, enjoy a cup of [product] this holiday season".

    --
    Table-ized A.I.
  6. Dangerous Law by Maljin+Jolt · · Score: 4, Funny

    I would rather suggest not to memorize other people's personal information, for obvious reason...

    --
    There you are, staring at me again.
  7. Re:The actual law by darkonc · · Score: 4, Informative
    OK: Found it.

    The entirety of H.R.2622 Fair and Accurate Credit Transactions Act of 2003 and the specific section SEC. 216. DISPOSAL OF CONSUMER REPORT INFORMATION AND RECORDS.

    The actual imortant part of this is the regulations (which may be yet to be created) for what needs to be done to appropriately destroy associated data. Hopeflly most people should be able to get away with just doing a single write of zeroes or pseudo-random data, while places like equifax should be required to do a bit more work. (because their collections would be especially valuable).
    Of course, knowing the way that the political system works, it's probably going to end up being the other way 'round.

    --
    Sometimes boldness is in fashion. Sometimes only the brave will be bold.
  8. Likely toothless by SleepyHappyDoc · · Score: 4, Informative

    We have similar laws here in Canada, but they are an utter joke. Under the BC Personal Information Protection Act, there are stiff penalties on paper, but the enforcement procedure requires a minimum of six months of attempting to affect things internally to the organization, before an investigator from the privacy commissioner's office will even speak to you. Even then, the investigator doesn't really investigate anything, they just phone the organization who's in violation and ask them nicely to not do that. If the organization doesn't comply, back to square one with the six months of internal pressure. I left a job recently over this very issue...after I was asked to lower the security on the network, exposing insane amounts of client data to the bare internet. If the Act ever gets any teeth, my ass would be on the line. But I guess I needen't have worried, as there's no possibility of enforcement.

    --
    Stasis is death. Embrace change.
  9. Um... what about Enron type stuff? by Capt'n+Hector · · Score: 3, Interesting

    So you are required to destroy documents unless you knowingly do so when there's about to be a federal investigation that will require those documents, in which case you can be sent to prison for destroying them? Sounds like a good reason not to use paper at all...

    --
    Quid festinatio swallonis est aetherfuga inonusti?
    Africus aut Europaeus?
  10. Re:ugh by arkhan_jg · · Score: 3, Insightful

    Same problem as always with market forces instead of regulation; it relies on an informed and interested public allowing the problem to affect their purchasing decision.

    In this case, if your credit details get stolen from a dumpster, leading to identity 'theft'; how do you know which company in the last 6 months allowed your information to leak? Assuming you do find out, how do other people find out that information, since it's not exactly going to be large news?

    (our lead national story today; joe bloggs lost $200 when company X put his credit details in the garbage, leading to identity theft and an extra charge on his credit card. Can company X survive this devastating blow to it's consumer confidence?)

    So instead of putting a small burden on all businesses to buy and use a shredder for financial documents, we add a significant information gathering burden to all buyers to add to the rest of the information they have to find out about their business (do they harm dolphins? do they pollute more? do they hire third world children for virtually nothing? etc etc)

    We're also assuming the business with bad business practises has effective and equal competition in it's area, which people can go to.

    Market forces are useful for many things, but protecting customers from unethical business practises isn't one of them. Regulation is a far more effective method, as opposed to businesses dumping the costs that regulation would cause into an external cost on the rest of the economy. (time for customers, insurance costs for banks and credit institutions to cover fraud losses)

    --
    Remember kids, it's all fun and games until someone commits wholesale galactic genocide.
  11. Re:ugh by mcc · · Score: 3, Insightful

    So... are people doing less business with businesses that are careless with personal information now?

    Have they ever shown signs of doing this? At all?

    No?

    So what, exactly, is the difference between "letting consumers police poor corporate identity safety policies" and "as a nation, doing nothing whatsoever about the corporate identity safety policy problem whatsoever"?

    I mean maybe there's this great libertarian fantasyland somewhere where people suddenly call up their rental car places and say "I want verifiable evidence that you shredded your copy of my credit report rather than putting it in a dumpster, and I'm canceling my business with you immediately if you don't!". However in the real world people just want to rent a car, and if you do call up your rental car company and say "by the way, what did you do with my credit report?" and they say "we shredded it", you do not have a way of telling whether or not they are telling the truth. A grand jury, however, does.

    --
    Irritable, left-wing and possibly humorous bumper stickers and t-shirts
  12. Re:2500 isn't much by pcmanjon · · Score: 3, Interesting

    " $2500 doesn't seem to be a very harsh punishment for my personal data being compromised when the FCC can fine companies $11000 per do not call violation."

    The government isn't concerned with fortune 500's disposal of information, but the mom and pop shops more than anything else. I was able to see the meeting on TV and thats what they said.

    They actually brought the donotcall bill up, and they said thats because fortune 500's make calls to homes more than mom and pops. -Shrugs-