Document Disposal Law Kicks In 146
dougrun wrote to link to a story on MSNBC regarding a new federal law requiring individuals who handle other people's personal information to dispose of the data properly. From the article: "Recycling the paperwork isn't good enough -- it must be destroyed, the rule says, rendered useless to anyone who might stumble upon it. The FTC can sue and obtain fines of up to $2,500 for each instance of neglect."
What about online electronic records? (Score:3, Interesting)
A cute McDonald French Fry [komar.org]
Re:What about online electronic records? (Score:5, Interesting)
Re:What about online electronic records? (Score:3, Interesting)
http://www.thekcrachannel.com/news/4451423/detail
Details how Farmers insurance threw confidential docs in the trash (SSNs, Acct numbers, statements, claims, etc.)
-nB
Re:What about online electronic records? (Score:3, Informative)
Re:What about online electronic records? (Score:4, Informative)
The United States Government takes it seriously. While they may be exempt from this law, there are regulations and policies in place to safeguard personal information. These policies are stricter than anything you're likely to find in the private sector.
Specifically, the Privacy Act of 1972. In a sentence, it mandates that all federal government employees will treat personal information with respect.
Re:What about online electronic records? (Score:2)
Like I said, that is the act in a sentence. There are specific measures for protection and disposal of data that are actually quite effective. When I say "with respect" I mean from an individual's perspective, not a bureaucrat's perspective.
Re:What about online electronic records? (Score:2)
The argument wasn't that there weren't policies, but that the enforcement was both cumbersome for the person whose records it was, but also essentially so minimal as to be insignificant. And *I* haven't ever heard of those policies being enforced. (Mind you, if I had I'd have presumed that the person they were enforced upon was a scapegoat. Organizations seem to work that way, where the decision makers always escape the consequences of their own d
Re:What about online electronic records? (Score:3, Insightful)
Re:What about online electronic records? (Score:2)
Not only are things such as computers not thoroughly covered (leaving numerous loopholes for defence in a court of law), but the government has exempted themselves.
Why do you think computers aren't covered? Computers are covered just the same as anything else.
Clearly, they therefore do not take this seriously, and this law is all about people coming home, thinking "Look at the good the government is doing for my privacy!" and nothing about actually making a difference.
Isn't that what all laws are ab
Re:What about online electronic records? (Score:3, Informative)
It seems to talk about disposal, not storage, so if someone breaks into your computer, then I'd guess it's not covered. On the other hand, I'd strongly suggest that people get a knoppix CD and learn to type 'shred /dev/hda' before they throw their computers into the dumpster.
Re:What about online electronic records? (Score:1, Interesting)
Re:What about online electronic records? (Score:2)
The best that I've gotten off of a used drive so far is 3GB of downloaded music (including about 300MB of east-indian pop -- the best part of the score.
Re:What about online electronic records? (Score:3, Interesting)
I personally found a couple of PC cases being thrown out on a skip. Everything had been stripped down and removed except for the hard disk drives, which were held in place by star shaped screws. If disk drives were designed to be installed/removed in a more modular fashion, then it would be a lot easier to reuse them rather than throw them out.
Re:What about online electronic records? (Score:3, Interesting)
Apparently, this was either the personnel managers' or store managers' PC, as there were employee and payroll records, including SSNs, bank account routing numbers, medical insurance info, drivers license numbers, names, addresses, phone numbers, etc. on the hard drive.
The only precaution taken, it seems, was to wipe the boot sector of the drive, whic
Bah, no problem! (Score:2, Funny)
That's what my grandmother (bless her soul) does everytime she needs to get rid of information. Seems to work for her...
Re:What about online electronic records? (Score:1)
Re:What about online electronic records? (Score:3, Informative)
It applies to online records, but 1) it only applies to consumer credit reports, and 2) it only applies to disposal, not storage. From FTC.gov:
Work will be fun... (Score:1)
Considering I handle contact and billing information for ~50-100 customers per day this could get interesting (in a bad way) real fast. I'm just waiting for corporate to interpret whether this effects our paperwork or not then change their minds a few week later and make us redo eve
Re:Work will be fun... (Score:2, Insightful)
Step 2: Buy a stove that can burn paper
Step 3: Heat your business with waste paper, and cut down on your garbage bill.
Step 4: Profit!
Re:Work will be fun... (Score:3, Informative)
Some cities (at least it's the case here in Vancouver) have zoning bylaws that don't allow regular wood (or, by implication, paper) burning fireplaces and stoves to be installed anymore. This may not be feasible.
Re:Work will be fun... (Score:1)
Well Officer Lucky, I was just trying to comply with Federal legistration. I'm in a catch 22. Will the city pay for my fine if I violate this act?
Check out this link Officer Lucky ( http://www.churchstreet-technology.com/Reconstruc tion.htm [churchstre...nology.com]) they reconstruct cross-shredded paper, shredded paper,
Re:Work will be fun... (Score:2)
Like most other 'real life' security policies, you need to take into account how much effort an attacker is likely to be willing to undertake to recover your data. Joe schmoe and his babysitter's security report is going to
Sigh... more landfill trash... (Score:2, Insightful)
already have enough junk in there that won't be decomposing any time soon.
Re:Sigh... more landfill trash... (Score:2)
Re:Sigh... more landfill trash... (Score:2)
Re:Sigh... more landfill trash... (Score:2, Informative)
1. Where do you think it all goes now?
2. Shredding the paper most likely *helps* it decompose as it provides more corners and surface area for the bacteria to attack.
Re:Sigh... more landfill trash... (Score:2)
Re:Sigh... more landfill trash... (Score:2)
Re:Sigh... more landfill trash... (Score:2)
Re:Sigh... more landfill trash... (Score:2)
In any case, even if it were dumped it would rot away naturally - which is one of the reasons fast food outlets switched from foam boxes to paper & cardboard wrappers.
Re:Sigh... more landfill trash... (Score:2, Interesting)
Re:Sigh... more landfill trash... (Score:2)
~20 years ago the fast food industry was getting beat up in every publication with any environmental side at all for their foam containers. So they switched to paper which isn't as good. (Foam insulates) I'm not sure that paper is cheaper, foam is cheap itself.
Re:Sigh... more landfill trash... (Score:2)
Re:Sigh... more landfill trash... (Score:3, Interesting)
I somewhat doubt that it will lead to so much more in landfills. if they recycled documents before, then they'll still probably recycle them, just probably exert more work to do so (or give to document destruction service). If they didn't recycle before (ie, just threw it all in the trash)... well, actually, it might not be a bad idea to let someone else deal with it t
Re:Sigh... more landfill trash... (Score:3, Interesting)
Regardless, privacy is more important to me than the landfill.
And all those outsourced jobs? (Score:4, Insightful)
Re:And all those outsourced jobs? (Score:1)
We have a contract with them; one of its sections it's basically the UK Data Protection Act. So even if the country doesn't have a very clear law on this matter, we still have to respect the UK laws.
Re:And all those outsourced jobs? (Score:3, Informative)
If Ford sell you a car with tires imported from another country and they keep blowing up, it is still Ford's responsibility.
Re:And all those outsourced jobs? (Score:2, Interesting)
define "destroyed" (Score:4, Interesting)
-Ted
Re:define "destroyed" (Score:2)
Drop the shreds in water and it would quickly turn to pulp ?
Re:define "destroyed" (Score:1)
Re:define "destroyed" (Score:2)
Re:define "destroyed" (Score:1)
I used shredders in the Navy (Score:2, Informative)
Re:I used shredders in the Navy (Score:3, Informative)
They're available [officezone.com], but I haven't actually seen one in use outside of the military or defense contractors.
Re:define "destroyed" (Score:3, Informative)
Re:define "destroyed" (Score:1)
Re:define "destroyed" (Score:1)
No Way to Win (Score:1)
Rural Alaska nuclear power gets legislative backing [blogspot.com]
Re:No Way to Win (Score:2, Informative)
Bad guy does bad things with data found in recycle bin. We all agree that bad guy is a criminal. So do we punish bad guy?
I've been a victim of this kind of before myself.I worked in a pharmacy that also did home care. I had to go out this patients house that was way out in the boonies in a trailer complex. The kind of place that 60 miles of dirt roads around it with no addresses and no street signs. As the medical profession h
Normally, the government is there to... (Score:3, Insightful)
The article speaks of the "good it does for the little people" - but who asked for this law? Wouldn't it be better (and more targeted) to fine people who steal identity? Is the government going to spend billions checking every garbage can to enforce this law? This law reeks of one made for unwritten "other" purposes. Most likely this administration's own.
I smell something burning. Something shredded.
Re:Normally, the government is there to... (Score:2)
Identify theft is already illegal. One of the problems is that this data is too easy to get ahold of. I think the law is a good step, but not for the reasons mentioned in the article. Most of the wholescale identity theft issues result from the compromise of large systems that are used to STORE data. I found it rather laughable that they quoted ChoicePoint- they're a major offender in this regard.
Destroying documents with sensiti
Re:Normally, the government is there to... (Score:1)
ugh (Score:2, Insightful)
so a few people mess up and we are going to hit EVERY business owner with a fine (increased costs of doing business due to destroying docs = fine)?
let the people decide who they do business with, company X loses peoples info, company X goes
Re:ugh (Score:2)
If you cant afford to properly safeguard your customer's data, maybe you should switch to a less demanding career, like french fry technician.
Re:ugh (Score:2)
so a few people mess up and we are going to hit EVERY business owner with a fine (increased costs of doing business due to destroying docs = fine)?
Because it costs so much money to safely dispose of papers:
This method [yahoo.com] or this method [amazon.com]?
Caltech economics at work!
Re:ugh (Score:1, Informative)
Because of the company I work at. We routinely throw entire pages of customer information in the trash and recycle bin: these contain names, addresses, telephone numbers and social security numbers among other info. I have been trying to ge
Re:ugh (Score:3, Funny)
I am going to point this article out to my boss first thing Monday and hopefully he will FINALLY decide to do at least minimal destruction of the paperwork we toss out.
Hopefully he won't notice that the law only applies to consumer credit reports...
Re:ugh (Score:4, Insightful)
In this case, if your credit details get stolen from a dumpster, leading to identity 'theft'; how do you know which company in the last 6 months allowed your information to leak? Assuming you do find out, how do other people find out that information, since it's not exactly going to be large news?
(our lead national story today; joe bloggs lost $200 when company X put his credit details in the garbage, leading to identity theft and an extra charge on his credit card. Can company X survive this devastating blow to it's consumer confidence?)
So instead of putting a small burden on all businesses to buy and use a shredder for financial documents, we add a significant information gathering burden to all buyers to add to the rest of the information they have to find out about their business (do they harm dolphins? do they pollute more? do they hire third world children for virtually nothing? etc etc)
We're also assuming the business with bad business practises has effective and equal competition in it's area, which people can go to.
Market forces are useful for many things, but protecting customers from unethical business practises isn't one of them. Regulation is a far more effective method, as opposed to businesses dumping the costs that regulation would cause into an external cost on the rest of the economy. (time for customers, insurance costs for banks and credit institutions to cover fraud losses)
Re:ugh (Score:1)
You hit the nail on the head. Since when, has Americans been an "informed and interested public"?
Re:ugh (Score:4, Insightful)
Have they ever shown signs of doing this? At all?
No?
So what, exactly, is the difference between "letting consumers police poor corporate identity safety policies" and "as a nation, doing nothing whatsoever about the corporate identity safety policy problem whatsoever"?
I mean maybe there's this great libertarian fantasyland somewhere where people suddenly call up their rental car places and say "I want verifiable evidence that you shredded your copy of my credit report rather than putting it in a dumpster, and I'm canceling my business with you immediately if you don't!". However in the real world people just want to rent a car, and if you do call up your rental car company and say "by the way, what did you do with my credit report?" and they say "we shredded it", you do not have a way of telling whether or not they are telling the truth. A grand jury, however, does.
Re:ugh (Score:2)
They grab more power
Companies lobby and get special rights and get to use that new power
Companies become excempt from being under that new power
Consumer gets screwed
as much as people on
it happens all the time, yet the ones that LOVE the regulation NEVER SEE IT
Re:ugh (Score:2)
Re:ugh (Score:2)
Anyone not properly disposing of their documents is "fucking up" whether there have been any negative consequences as yet or no. Since the only people not paying for this already are the companies which are "fucking up", I have no sympathy for them at all. This will
Re:ugh (Score:1)
so a few people mess up and we are going to hit EVERY business owner with a fine (increased costs of doing business due to destroying docs = fine)?
let the people decide who they do business with, company X loses peoples info, company X goe
Re:ugh (Score:2)
While this could be seen as a good idea, why not let people make the decision NOT to do business with companies that have bad business practices and lose your personal information?
The thing is, you've gotta have a baseline for commerce to properly function. You can't require a long contract for every single transaction. If you buy a piece of fruit, and it turns out it was rotten, and you wind up in the hospital, and the person who sold you the fruit knew it was rotten, well, there's a tort involved th
The actual law??? (Score:2)
Re:The actual law (Score:5, Informative)
The entirety of H.R.2622 Fair and Accurate Credit Transactions Act of 2003 [loc.gov] and the specific section SEC. 216. DISPOSAL OF CONSUMER REPORT INFORMATION AND RECORDS.
The actual imortant part of this is the regulations (which may be yet to be created) for what needs to be done to appropriately destroy associated data. Hopeflly most people should be able to get away with just doing a single write of zeroes or pseudo-random data, while places like equifax should be required to do a bit more work. (because their collections would be especially valuable).
Of course, knowing the way that the political system works, it's probably going to end up being the other way 'round.
Re:The actual rule (more or less) (Score:2)
Re:The actual rule (more or less) (Score:2)
Re:The actual rule (more or less) (Score:2)
The stated intent is that smaller entities which rarely handle customer/consumer data will not be required to do 'heavy lifting' to dispose of their documents. That's stated in the report, and even aluded to in the rules. Bigger companies will fight to minimize what 'reasonable measures' entail, and smaller companies will benefit from that, because they'll be expected to have to do less (by dint of the wording
Re:The actual rule (more or less) (Score:2)
"Reasonable" depends on the context, and context can be changed by a clever plaintiff. For example, by demonstrating software that automatically reassembles the images of shredded documents.
It affects the interstate marke
Re:The actual rule (more or less) (Score:2)
More importantly, the records collection agency that you got the info on your nanny from is likely interstate (if not in their customer base, then at the very least in their information base.) That could easilly provide grounds for putting any information collected under the jurisdiction of interstate commerce. So just shred your nannie's credit report. Now it'
classic commercial (Score:3, Funny)
Dangerous Law (Score:5, Funny)
Re:Dangerous Law (Score:1)
Are we catching up with every one else? (Score:1, Insightful)
Re:Are we catching up with every one else? (Score:3, Funny)
I take it this is a US article?
Enforcement? (Score:1)
Re:Enforcement? (Score:1)
This page merge kind of thing can happen with high speed mail handling machines, either by machine error or by operator error. Stuff happens.
At my workplace, we mail an awful lot of bank statements, forms, and other things full of
Re:Enforcement? (Score:1)
2500 isn't much (Score:2)
Re:2500 isn't much (Score:3, Interesting)
The government isn't concerned with fortune 500's disposal of information, but the mom and pop shops more than anything else. I was able to see the meeting on TV and thats what they said.
They actually brought the donotcall bill up, and they said thats because fortune 500's make calls to homes more than mom and pops. -Shrugs-
Re:2500 isn't much (Score:1)
But I guess Mom and Pop don't have lobbyists...
I applaud this law. (Score:1, Interesting)
Companies should not be allowed to keep sensitive, personal info for more than a few days after a transaction. If one comes back to a company to modify the transaction (refund, exchange, etc.), the customer can resubmit the sensitive info then.
Only federal government entities should ask for a social security number, and only state government entities should ask for driver's license numbers. All other entities (private, municipal, etc.) should generate their own identity co
Likely toothless (Score:4, Informative)
Re:Likely toothless (Score:2)
Um... what about Enron type stuff? (Score:4, Interesting)
Re:Um... what about Enron type stuff? (Score:1)
Re:Um... what about Enron type stuff? (Score:2)
In the UK (Score:2)
So in the UK, you can dispose of personal information by leaving it on the street and you can't be prosecuted. The fine should be much higher though, and personal and punitive damages should be applied, IMO.
Ridiculous (Score:2)
Why the need for a new federal law? This is already adequetely handled by state tort laws. Looks like the federal government just wants to get its hands in the pie.
Anyway, fortunately this law only applies to credit reports.
Re:Ridiculous (Score:2)
Anyway, fortunately this law only applies to credit reports.
Because if the federal law supersedes the state law, companies could avoid state lawsuits altogether.
If this law really put a hurt on companies, they'd be screaming and it would quietly die in committee.
kinda like HIPAA. only more broad. (Score:1, Insightful)
Klinkos!? (Score:1)
Re:Klinkos!? (Score:2)
How to properly dispose of documents... (Score:2, Funny)
You need a bucket. The size of the bucket depends on the amount of paper documents to be destroyed. The bucket can be metal or plastic. Wax lined paper buckets will not work.
You tear up the paper documents into little pieces and put them in the bucket one handful at a time, sprinkling soggy coffee grounds on top of each layer. You then take a can or two,
I'm required to destroy electronic copies... (Score:2)
Re:FTC Jurisdiction (Score:2)