The New Facta Disposal Rule: is Your Company Compliant?

The reason?; Lack of proper information disposal and inadequate document shredding programs within organizations.To address the responsibility of businesses to better police their procedures for destroying personal information, the federal government enacted the Disposal Rule, effective June 1st, 2005. The regulation defines acceptable methods of consumer information disposal and assigns penalties when a company is non-compliant.Under the Disposal Rule, businesses are now compelled to assess the effectiveness of security procedures related to information disposal to meet federal compliance guidelines. As the industry leader in , Iron Mountain has prepared a brief Disposal Rule overview to help you understand its implications and take the necessary steps to ensure compliance.The Disposal Rule: What It SaysThe Disposal Rule requires "any person or company who maintains or otherwise possesses consumer information to take reasonable measures to protect against unauthorized access to or use of the information in connection with its disposal." Today, a secure, proven system of records disposal is legally required if your records contain consumer information. Disposal Rule compliance demands the design and implementation of new, stricter policies that better manage how consumer information flows from your employees to its final, non-recoverable form. How does the information get created? Steps you must take include:* Create or modify existing policies regarding the disposal of consumer information* Identify any new procedures, training and involvement of necessary

The Disposal Rule does not define "reasonable measures," although it furnishes examples of what constitute reasonable measures. Until the FTC expands upon the definition of "reasonable measures," companies have an ongoing duty to protect all consumer information during the disposal process. Other laws and regulations set requirements for security of personal information prior to disposal for many industries.* Consistent disposal practices and procedures company-wide that establish a standardized approach to compliance.* Management accountability: maintaining an unbroken chain of custody. 682.3 Proper disposal of consumer information. Consumer information also means a compilation of such records. Consumer information does not include information that does not identify individuals, such as aggregate information or blind data.(c) "Dispose, disposing or disposal means:"1. the discarding or abandonment of consumer information, or 2. This rule applies to any person over which the Federal trade Commission has jurisdiction, that, for a business purpose, maintains or otherwise possesses consumer information.682.3 Proper disposal of consumer information.(a) Standard. Reasonable measures to protect against unauthorized access to or use of consumer information in connection with its disposal include the following examples. These examples are illustrative only and are not exclusive or exhaustive methods for complying with this rule (1) Implementing and monitoring compliance with policies and procedures that require the burning, pulverizing, or shredding of paper containing consumer information so that the information cannot practicably be read or reconstructed.(2) Implementing and monitoring compliance with policies and procedures that require the destruction or erasure of electronic media containing consumer information so that the information cannot practicably be read or reconstructed. This rule is effective on June 1, 2005.