San Diego
Home Customer Service Representatives Operations Administration Sales Services Consoles News Jobs Awards and Honors Contact Us
 

Confidential Document Handling Compliance Verification
  Shredding Policy Guidelines
 
 

The Safeguards Rule of the FACT Act further requires the information-gathering firm to have a written statement in place (Shredding Policy) on how they plan to handle confidential and sensitive material - - shred it in-house, recycle, using an outside service, or shred it on-site or off-site using a professional service).

NOTE: In the case of in-house shredding, the rule states that a cross cut shredder must be used after June 1st, 2005. In addition, a calendar showing shredding or recycling dates must be included in the Shredding Policy.

A careful reading of this law implies that in the case of off-site shredding and recycling, a meaningful Document of Destruction can only be obtained if the off-site shredding and recycling process is observed by the firm’s designated person. To comply with this portion of the law, every firm with more than one hundred (100) annual transactions must assign an executive to monitor all recyclingand off-site shredding jobs. As well as:  

  1. Design and implement a written statement regarding their information security program appropriate to the company’s size and complexity, the nature and scope of its activities and the degree of sensitivity of the customer information it handles.
  2. Each financial institution must also:
    • Assign one or more employees to oversee the security aspects of their program;
    • Conduct a risk assessment of their data;
    • Establish safeguards to control the risks identified in the assessment and regularly test and monitor these safeguards;
    • Require service providers, by written contract, to protect customers’ personal information; and
    • Periodically update the security aspects of this program.
    • By June 1st 2005, adopt and implement their own document destruction policies
    • Contracting with a third party to properly dispose of consumer information and monitor their performance
    • Implement and monitor compliance with policies and procedures that require shredding or other forms of destruction of documents and electronic media containing consumer information.

Penalties:  Penalties for violating the rule include actual damages and statutory damages up to $1,000.00 per violation, (with no cap on class action damages). In addition, attorney fees, and civil penalties up to $2,500 may be assessed.