Slashdot Mirror

← Back to Stories (view on slashdot.org)

Document Disposal Law Kicks In

Posted by Zonk on from the shred-it-burn-it-lock-it-in-a-can dept.

dougrun wrote to link to a story on MSNBC regarding a new federal law requiring individuals who handle other people's personal information to dispose of the data properly. From the article: "Recycling the paperwork isn't good enough -- it must be destroyed, the rule says, rendered useless to anyone who might stumble upon it. The FTC can sue and obtain fines of up to $2,500 for each instance of neglect."

4 of 146 comments (clear)

  1. Re:What about online electronic records? by treff89 · · Score: 4, Interesting

    As inferred above, I put forward the notion that this law is powerless. Not only are things such as computers not thoroughly covered (leaving numerous loopholes for defence in a court of law), but the government has exempted themselves. Clearly, they therefore do not take this seriously, and this law is all about people coming home, thinking "Look at the good the government is doing for my privacy!" and nothing about actually making a difference. (Footnote: No party based comment, I live in Australia.) (FN2: IANAL.)

  2. Dangerous Law by Maljin+Jolt · · Score: 4, Funny

    I would rather suggest not to memorize other people's personal information, for obvious reason...

    --
    There you are, staring at me again.
  3. Re:The actual law by darkonc · · Score: 4, Informative
    OK: Found it.

    The entirety of H.R.2622 Fair and Accurate Credit Transactions Act of 2003 and the specific section SEC. 216. DISPOSAL OF CONSUMER REPORT INFORMATION AND RECORDS.

    The actual imortant part of this is the regulations (which may be yet to be created) for what needs to be done to appropriately destroy associated data. Hopeflly most people should be able to get away with just doing a single write of zeroes or pseudo-random data, while places like equifax should be required to do a bit more work. (because their collections would be especially valuable).
    Of course, knowing the way that the political system works, it's probably going to end up being the other way 'round.

    --
    Sometimes boldness is in fashion. Sometimes only the brave will be bold.
  4. Likely toothless by SleepyHappyDoc · · Score: 4, Informative

    We have similar laws here in Canada, but they are an utter joke. Under the BC Personal Information Protection Act, there are stiff penalties on paper, but the enforcement procedure requires a minimum of six months of attempting to affect things internally to the organization, before an investigator from the privacy commissioner's office will even speak to you. Even then, the investigator doesn't really investigate anything, they just phone the organization who's in violation and ask them nicely to not do that. If the organization doesn't comply, back to square one with the six months of internal pressure. I left a job recently over this very issue...after I was asked to lower the security on the network, exposing insane amounts of client data to the bare internet. If the Act ever gets any teeth, my ass would be on the line. But I guess I needen't have worried, as there's no possibility of enforcement.

    --
    Stasis is death. Embrace change.