LISTSERV - RECMGMT-L Archives - LISTSERV.IGGURU.US

RECMGMT-L Archives

Records Management

RECMGMT-L@LISTSERV.IGGURU.US

	LISTSERV Archives
	RECMGMT-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Use of Individual Shredders not in Compliance with New FACTA Rules?
From:	Larry Medina <[log in to unmask]>
Reply To:	Records Management Program <[log in to unmask]>
Date:	Tue, 10 Jun 2008 15:06:26 -0700
Content-Type:	text/plain
Parts/Attachments:	text/plain (54 lines)

On Tue, Jun 10, 2008 at 2:50 PM, Angie Fares <[log in to unmask]>
wrote:

> I saw a statement made by a shred vendor that said if a company had any
> locations that were using individual shredders, then the company would
> not be in compliance with new FACTA regulations for November 2008.
>
> I cannot find any supporting evidence for that statement in the new
> FACTA rules that were passed in November 2007, nor could I find a human
> being on the telephone at that company to answer questions.
>
> Does anyone else know of anything of a new requirement that remotely
> discourages immediate shredding with the use of personal shredders?  Or
> is this another marketing gimmick?

I'll go with gimmick... reading the guidance from the  FTC there's a lot of
latitude in what you can do, depending on the type and volume of information
you handle and how large your organization is.

http://www.ftc.gov/bcp/edu/pubs/business/privacy/bus69.pdf

The Safeguards Rule requires each financial institution to develop a written
information security plan to protect customer information. The plan must be
appropriate to the company's size and complexity, the nature and scope of
its activities, and the sensitivity of the customer information it handles.

http://www.ftc.gov/bcp/conline/pubs/buspubs/safeguards.shtm

The requirements are designed to be flexible. Companies should implement
safeguards appropriate to their own circumstances. For example, some
companies may choose to put their safeguards program in a single document,
while others may put their plans in several different documents — say, one
to cover an information technology division and another to describe the
training program for employees. Similarly, a company may decide to designate
a single employee to coordinate safeguards or may assign this responsibility
to several employees who will work together. In addition, companies must
consider and address any unique risks raised by their business operations —
such as the risks raised when employees access customer data from their
homes or other off-site locations, or when customer data is transmitted
electronically outside the company network.

-- 
Larry Medina
Danville, CA
RIM Professional since 1972

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]

ATOM RSS1 RSS2

LISTSERV.IGGURU.US