TK-

I just did a google search for Colorado Consumer Protection Act  and came up
with a tidy list of resources. The legislation looks pretty straight forward
to me and just makes sense. All personal confidential information should be
disposed of properly by shredding (we would hope not burning - don't we have
enough particulate matter in our air?).

So I guess I don't quite understand what you want. You should have an
information classification system in place and documented destruction
procedures for the proper disposal of your records. I include disposal
instructions right on the retention schedules. I write retention
instructions in plain English - all codes are spelled out. If a series needs
to be whitnessed and shred, I say so right in the special instructions.

I am guessing with the nature of the business at Quest, your IT department
should be handling sensitive data appropriately. Since you are a
telecommunications services provider, you are also heavily regulated by the
FCC. You will also need to comply with the states' regulations that you are
licensed to do business in, but I kow your headquarters is in Colorado. So
multiple states and Federal regs.

Cool! Have fun!!

Here's one for you - how long do you keep call detail records?

Sharon Burnett
Seattle Washington USA

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance