Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security Privacy Government Politics

Document Disposal Law Kicks In 146

Posted by Zonk from the shred-it-burn-it-lock-it-in-a-can dept.
dougrun wrote to link to a story on MSNBC regarding a new federal law requiring individuals who handle other people's personal information to dispose of the data properly. From the article: "Recycling the paperwork isn't good enough -- it must be destroyed, the rule says, rendered useless to anyone who might stumble upon it. The FTC can sue and obtain fines of up to $2,500 for each instance of neglect."
This discussion has been archived. No new comments can be posted.

Document Disposal Law Kicks In More

Document Disposal Law Kicks In

Comments Filter:

  • What about online electronic records? (Score:3, Interesting)

    by Hulkster ( 722642 ) on Sunday June 05, 2005 @02:33AM (#12727651) Homepage
    I've read several articles about this legislation, but there is very little information about electronic records. I see a a brief mention about "discarding a computer's hard drive" ... but what about online record keeping? I gotta believe there is a cottage industry that provides web access for folks to track their hired help - who is liable if that becomes public? And what happens if someone hacks into your computer?

    A cute McDonald French Fry [komar.org]

    • Re:What about online electronic records? (Score:5, Interesting)

      by treff89 ( 874098 ) on Sunday June 05, 2005 @02:49AM (#12727699)
      As inferred above, I put forward the notion that this law is powerless. Not only are things such as computers not thoroughly covered (leaving numerous loopholes for defence in a court of law), but the government has exempted themselves. Clearly, they therefore do not take this seriously, and this law is all about people coming home, thinking "Look at the good the government is doing for my privacy!" and nothing about actually making a difference. (Footnote: No party based comment, I live in Australia.) (FN2: IANAL.)
      • So what about this incident?
        http://www.thekcrachannel.com/news/4451423/detail. html [thekcrachannel.com]
        Details how Farmers insurance threw confidential docs in the trash (SSNs, Acct numbers, statements, claims, etc.)
        -nB
      • The United States Government takes it seriously. While they may be exempt from this law, there are regulations and policies in place to safeguard personal information. These policies are stricter than anything you're likely to find in the private sector.

        • Re:What about online electronic records? (Score:4, Informative)

          by The Snowman ( 116231 ) * on Sunday June 05, 2005 @10:19AM (#12728987)

          The United States Government takes it seriously. While they may be exempt from this law, there are regulations and policies in place to safeguard personal information. These policies are stricter than anything you're likely to find in the private sector.

          Specifically, the Privacy Act of 1972. In a sentence, it mandates that all federal government employees will treat personal information with respect.

        • Can you point to examples of the policies being enforced?

          The argument wasn't that there weren't policies, but that the enforcement was both cumbersome for the person whose records it was, but also essentially so minimal as to be insignificant. And *I* haven't ever heard of those policies being enforced. (Mind you, if I had I'd have presumed that the person they were enforced upon was a scapegoat. Organizations seem to work that way, where the decision makers always escape the consequences of their own d
      • Bah. Just because a law doesn't cover everything you think it should doesn't make it powerless. If someone puts in a law that increases speeding fines in school zone, but doesn't do anything to drug usage or having firearms, its still useful tool against speeding in school zones.

      • Not only are things such as computers not thoroughly covered (leaving numerous loopholes for defence in a court of law), but the government has exempted themselves.

        Why do you think computers aren't covered? Computers are covered just the same as anything else.

        Clearly, they therefore do not take this seriously, and this law is all about people coming home, thinking "Look at the good the government is doing for my privacy!" and nothing about actually making a difference.

        Isn't that what all laws are ab

    • And what happens if someone hacks into your computer?

      It seems to talk about disposal, not storage, so if someone breaks into your computer, then I'd guess it's not covered. On the other hand, I'd strongly suggest that people get a knoppix CD and learn to type 'shred /dev/hda' before they throw their computers into the dumpster.

      • Re:What about online electronic records? (Score:1, Interesting)

        by Anonymous Coward
        I picked up a second hand box and the drive contained the complete medical records of a local doctor's patients.
        • I picked up a handfull of 500MB drives the other day (so my students could play with RAID), but I didn't have the time to dump the data off of them before I gave them to my students. Oh well. Just as good.

          The best that I've gotten off of a used drive so far is 3GB of downloaded music (including about 300MB of east-indian pop -- the best part of the score.

        • There are numerous stories in the UK about people buying second hand laptops and finding military and local government data on them.

          I personally found a couple of PC cases being thrown out on a skip. Everything had been stripped down and removed except for the hard disk drives, which were held in place by star shaped screws. If disk drives were designed to be installed/removed in a more modular fashion, then it would be a lot easier to reuse them rather than throw them out.
        • I recently picked up an old PC from a friend that he obtained from an auction of property from a local small (around 35 employees) grocery store that closed.

          Apparently, this was either the personnel managers' or store managers' PC, as there were employee and payroll records, including SSNs, bank account routing numbers, medical insurance info, drivers license numbers, names, addresses, phone numbers, etc. on the hard drive.

          The only precaution taken, it seems, was to wipe the boot sector of the drive, whic
    • Just print them out and shred them! Problem solved! All of your sensitve data is safe, and the only copy of it destroyed!

      That's what my grandmother (bless her soul) does everytime she needs to get rid of information. Seems to work for her...
    • I gotta believe there is a cottage industry... Kick! Punch! It's all in the mind!

    • It applies to online records, but 1) it only applies to consumer credit reports, and 2) it only applies to disposal, not storage. From FTC.gov:

      The Disposal Rule requires disposal practices that are reasonable and appropriate to prevent the unauthorized access to - or use of - information in a consumer report. For example, reasonable measures for disposing of consumer report information could include establishing and complying with policies to:

      ...

      * destroy or erase electronic files or media co

  • "While the disposal rule only covers consumer credit reports and information derived from credit reports, experts say it's best to destroy anything that includes personal information because the definition is not crystal clear."

    Considering I handle contact and billing information for ~50-100 customers per day this could get interesting (in a bad way) real fast. I'm just waiting for corporate to interpret whether this effects our paperwork or not then change their minds a few week later and make us redo eve
    • Step 1: make a rule that no paper of any kind goes into any wastebasket at your business.
      Step 2: Buy a stove that can burn paper
      Step 3: Heat your business with waste paper, and cut down on your garbage bill.
      Step 4: Profit!

      • Re:Work will be fun... (Score:3, Informative)

        by darkonc ( 47285 )
        Step 2: Buy a stove that can burn paper

        Some cities (at least it's the case here in Vancouver) have zoning bylaws that don't allow regular wood (or, by implication, paper) burning fireplaces and stoves to be installed anymore. This may not be feasible.

        • "Some cities (at least it's the case here in Vancouver) have zoning bylaws that don't allow regular wood (or, by implication, paper) burning fireplaces and stoves to be installed anymore. This may not be feasible."

          Well Officer Lucky, I was just trying to comply with Federal legistration. I'm in a catch 22. Will the city pay for my fine if I violate this act?

          Check out this link Officer Lucky ( http://www.churchstreet-technology.com/Reconstruc tion.htm [churchstre...nology.com]) they reconstruct cross-shredded paper, shredded paper,
          • It's only not safe if you have somebody willing to pay $big bucks per page for the information. My babysitter's credit report isn't worth that kind of money, whereas Bill Gates' might. The rule requires reasonable measures under the circumstances, not (necessarily) perfect destruction.

            Like most other 'real life' security policies, you need to take into account how much effort an attacker is likely to be willing to undertake to recover your data. Joe schmoe and his babysitter's security report is going to

  • I really hope these masses of shredded papers aren't dumped in our landfills... I think we
    already have enough junk in there that won't be decomposing any time soon.
    • Umm...paper decomposes :|
      • Paper will decompose under the proper conditions. A landfill is pretty much completely oxygen free with no source of water (landfills are capped to prevent water from leaching toxic chemicals out) meaning that they biological processes which break paper down no longer function. Newspapers discarded over 40 years before have been out of landfills which were still readable. more info. [msu.edu] Considering that after compaction paper historically took up about half of the space in a landfill, this is actually a big
    • I really hope these masses of shredded papers aren't dumped in our landfills

      1. Where do you think it all goes now?

      2. Shredding the paper most likely *helps* it decompose as it provides more corners and surface area for the bacteria to attack.
    • Shredded paper is usually recycled into cardboard.

      In any case, even if it were dumped it would rot away naturally - which is one of the reasons fast food outlets switched from foam boxes to paper & cardboard wrappers.
      • Do you really think that fast food outlets cared about anything other then the fact that paper/cardboard wrappers are cheaper then foam wrapers? They may say it was for enviromental reasons, but I persoanlly believe they was an afterthought and that they wouldn't have switched if there hadn't also been a money saving aspect.

        • ~20 years ago the fast food industry was getting beat up in every publication with any environmental side at all for their foam containers. So they switched to paper which isn't as good. (Foam insulates) I'm not sure that paper is cheaper, foam is cheap itself.

    • It should be recycled, and afaik, the document destroyers in my town do that, and ship some of the paper to a nearby egg crate manufacturer.

      I somewhat doubt that it will lead to so much more in landfills. if they recycled documents before, then they'll still probably recycle them, just probably exert more work to do so (or give to document destruction service). If they didn't recycle before (ie, just threw it all in the trash)... well, actually, it might not be a bad idea to let someone else deal with it t

      • I was under the impression shredded paper is not as useful for recycling. The ability to recycle paper depends on the strength and length of the paper fibers. Shredded paper has lost a lot of strength and has short fibers due to being cut. That means that whereas regular paper can be recycled into some lesser form of paper, shredded paper must be used for something like a cheap cardboard/egg crates.

        Regardless, privacy is more important to me than the landfill.

  • And all those outsourced jobs? (Score:4, Insightful)

    by Lead Butthead ( 321013 ) on Sunday June 05, 2005 @02:41AM (#12727673) Journal
    What about the work that are outsourced to foreign countries? Every now and then we hear stories about foreign workers taking liberities with personal information, a Federal law doesn't exactly cover foreign soil.
    • I can't comment on all situations, but the company I work for, located in East Europe, has a contract with a UK company and we have access to sensitive data (their whole database).

      We have a contract with them; one of its sections it's basically the UK Data Protection Act. So even if the country doesn't have a very clear law on this matter, we still have to respect the UK laws.
    • The organisation doing the outsourcing must be able to show that they applied due dilligence when qualifying the suppler/service provider. You cannot be permitted to outsource responsibility.

      If Ford sell you a car with tires imported from another country and they keep blowing up, it is still Ford's responsibility.

    • Most foreign countries have stricter data protection laws than the US. I worked at an office which handled personal data from medical studies, in lots of cases they were worried about sharing data with their US counterpart because their data protection laws were not strict enough, likewise, the australian branch was less keen to share with us because their data protection laws are stricter still.

  • define "destroyed" (Score:4, Interesting)

    by tfoss ( 203340 ) on Sunday June 05, 2005 @02:52AM (#12727707)
    It's pretty clear that even cross-cut shredders won't do the job. There are commerical ventures [churchstre...nology.com] that charge by the volume of shredded paper for document reconstruction. Scan all the pieces (strip, cross-cut or confetti) and let imaging software piece them together. The slow step is taping the shreds to white paper for scanning. Seems that incineration, some beefy acid, or some kind of serious ink solvent would be needed to comply.

    -Ted

  • Didn't I just read about some company that got huge fines for NOT saving email? Just one more reason I'm glad I found a new line of work.

    Rural Alaska nuclear power gets legislative backing [blogspot.com]

    • Re:No Way to Win (Score:2, Informative)

      by Anonymous Coward
      That is pretty much my thoughts on it, Alaska.

      Bad guy does bad things with data found in recycle bin. We all agree that bad guy is a criminal. So do we punish bad guy? ...No... We punish the business.

      I've been a victim of this kind of before myself.I worked in a pharmacy that also did home care. I had to go out this patients house that was way out in the boonies in a trailer complex. The kind of place that 60 miles of dirt roads around it with no addresses and no street signs. As the medical profession h

  • Normally, the government is there to... (Score:3, Insightful)

    by ThePromenader ( 878501 ) on Sunday June 05, 2005 @03:03AM (#12727728) Homepage Journal
    ..make laws that, through our supposedly demcratic system, on our behest and vote, "protect and serve" us by putting into black and white writ all that we deem harmful. With this in mind, my question is this: Who would most want to be protected from incompletely destroyed "sensitive" documents?

    The article speaks of the "good it does for the little people" - but who asked for this law? Wouldn't it be better (and more targeted) to fine people who steal identity? Is the government going to spend billions checking every garbage can to enforce this law? This law reeks of one made for unwritten "other" purposes. Most likely this administration's own.

    I smell something burning. Something shredded.
    • Wouldn't it be better (and more targeted) to fine people who steal identity?

      Identify theft is already illegal. One of the problems is that this data is too easy to get ahold of. I think the law is a good step, but not for the reasons mentioned in the article. Most of the wholescale identity theft issues result from the compromise of large systems that are used to STORE data. I found it rather laughable that they quoted ChoicePoint- they're a major offender in this regard.

      Destroying documents with sensiti

  • ugh (Score:2, Insightful)

    by hsmith ( 818216 )
    While this could be seen as a good idea, why not let people make the decision NOT to do business with companies that have bad business practices and lose your personal information? why force every business to abide by these wasteful laws because a few companies fuck up?

    so a few people mess up and we are going to hit EVERY business owner with a fine (increased costs of doing business due to destroying docs = fine)?

    let the people decide who they do business with, company X loses peoples info, company X goes
    • That works really well when the company in question has a monopoly on a vital service.

      If you cant afford to properly safeguard your customer's data, maybe you should switch to a less demanding career, like french fry technician.

    • so a few people mess up and we are going to hit EVERY business owner with a fine (increased costs of doing business due to destroying docs = fine)?

      Because it costs so much money to safely dispose of papers:
      This method [yahoo.com] or this method [amazon.com]?

      Caltech economics at work!

    • Re:ugh (Score:1, Informative)

      by Anonymous Coward
      While this could be seen as a good idea, why not let people make the decision NOT to do business with companies that have bad business practices and lose your personal information? why force every business to abide by these wasteful laws because a few companies fuck up?

      Because of the company I work at. We routinely throw entire pages of customer information in the trash and recycle bin: these contain names, addresses, telephone numbers and social security numbers among other info. I have been trying to ge

      • I am going to point this article out to my boss first thing Monday and hopefully he will FINALLY decide to do at least minimal destruction of the paperwork we toss out.

        Hopefully he won't notice that the law only applies to consumer credit reports...

    • Re:ugh (Score:4, Insightful)

      by arkhan_jg ( 618674 ) on Sunday June 05, 2005 @05:39AM (#12728102)
      Same problem as always with market forces instead of regulation; it relies on an informed and interested public allowing the problem to affect their purchasing decision.

      In this case, if your credit details get stolen from a dumpster, leading to identity 'theft'; how do you know which company in the last 6 months allowed your information to leak? Assuming you do find out, how do other people find out that information, since it's not exactly going to be large news?

      (our lead national story today; joe bloggs lost $200 when company X put his credit details in the garbage, leading to identity theft and an extra charge on his credit card. Can company X survive this devastating blow to it's consumer confidence?)

      So instead of putting a small burden on all businesses to buy and use a shredder for financial documents, we add a significant information gathering burden to all buyers to add to the rest of the information they have to find out about their business (do they harm dolphins? do they pollute more? do they hire third world children for virtually nothing? etc etc)

      We're also assuming the business with bad business practises has effective and equal competition in it's area, which people can go to.

      Market forces are useful for many things, but protecting customers from unethical business practises isn't one of them. Regulation is a far more effective method, as opposed to businesses dumping the costs that regulation would cause into an external cost on the rest of the economy. (time for customers, insurance costs for banks and credit institutions to cover fraud losses)
      • " Same problem as always with market forces instead of regulation; it relies on an informed and interested public allowing the problem to affect their purchasing decision."

        You hit the nail on the head. Since when, has Americans been an "informed and interested public"?

    • Re:ugh (Score:4, Insightful)

      by mcc ( 14761 ) <amcclure@purdue.edu> on Sunday June 05, 2005 @05:51AM (#12728143) Homepage
      So... are people doing less business with businesses that are careless with personal information now?

      Have they ever shown signs of doing this? At all?

      No?

      So what, exactly, is the difference between "letting consumers police poor corporate identity safety policies" and "as a nation, doing nothing whatsoever about the corporate identity safety policy problem whatsoever"?

      I mean maybe there's this great libertarian fantasyland somewhere where people suddenly call up their rental car places and say "I want verifiable evidence that you shredded your copy of my credit report rather than putting it in a dumpster, and I'm canceling my business with you immediately if you don't!". However in the real world people just want to rent a car, and if you do call up your rental car company and say "by the way, what did you do with my credit report?" and they say "we shredded it", you do not have a way of telling whether or not they are telling the truth. A grand jury, however, does.
      • Lets look at what happens when the gov't desides to regulate:

        They grab more power
        Companies lobby and get special rights and get to use that new power
        Companies become excempt from being under that new power
        Consumer gets screwed

        as much as people on /. HATE big business, they coddle right up to big gov't, but big gov't is bis businesses best friend. big business buys nice favors from big gov't

        it happens all the time, yet the ones that LOVE the regulation NEVER SEE IT

        • Re:ugh (Score:2)

          by mcc ( 14761 )
          So if your point was just "all government is evil always", why not just say that to begin with instead of fiddling around with this "the consumers will police it" nonsense?
    • I love this sort of shit I really really do. Basically what you're saying is that the government shouldn't force companies to properly dispose of their sensitive information because most of them haven't actually had anyones identity stolen yet.

      Anyone not properly disposing of their documents is "fucking up" whether there have been any negative consequences as yet or no. Since the only people not paying for this already are the companies which are "fucking up", I have no sympathy for them at all. This will

    • "While this could be seen as a good idea, why not let people make the decision NOT to do business with companies that have bad business practices and lose your personal information? why force every business to abide by these wasteful laws because a few companies fuck up?

      so a few people mess up and we are going to hit EVERY business owner with a fine (increased costs of doing business due to destroying docs = fine)?

      let the people decide who they do business with, company X loses peoples info, company X goe

    • While this could be seen as a good idea, why not let people make the decision NOT to do business with companies that have bad business practices and lose your personal information?

      The thing is, you've gotta have a baseline for commerce to properly function. You can't require a long contract for every single transaction. If you buy a piece of fruit, and it turns out it was rotten, and you wind up in the hospital, and the person who sold you the fruit knew it was rotten, well, there's a tort involved th

  • It would, of course, be nice to get a pointer to the actual law, so we're not just blathering blindly about something that is really barely referenced in the article.

    • Re:The actual law (Score:5, Informative)

      by darkonc ( 47285 ) <stephen_samuel AT bcgreen DOT com> on Sunday June 05, 2005 @04:01AM (#12727844) Homepage Journal
      OK: Found it.

      The entirety of H.R.2622 Fair and Accurate Credit Transactions Act of 2003 [loc.gov] and the specific section SEC. 216. DISPOSAL OF CONSUMER REPORT INFORMATION AND RECORDS.

      The actual imortant part of this is the regulations (which may be yet to be created) for what needs to be done to appropriately destroy associated data. Hopeflly most people should be able to get away with just doing a single write of zeroes or pseudo-random data, while places like equifax should be required to do a bit more work. (because their collections would be especially valuable).
      Of course, knowing the way that the political system works, it's probably going to end up being the other way 'round.

      • I haven't found the actual rules themselves, but I did find the FCC report on the rules [gpo.gov]l Page 5 gives a pretty good description of the requirements for disposal:

        Under the proposed rule, any person that maintains or otherwise posesses consumer information would be required to "take reasonable measures to protect against unauthroized access to or use of the infomation in connection with its disposal." Recognizing that there are few foolproof methods of record destruction, the NPR stated that the propossed

        • In other words, someone who hires a nanny would probably not be under the purview of FTC or any other such federal rule -- unless the nanny had to travel across state lines.
          Nope. Thanks to judicial activism, everything is interstate commerce.
          In any case, they call for reasonable measures...
          In other words, government inquisitors can make up whatever standard they want after the fact.
          • In other words, government inquisitors can make up whatever standard they want after the fact.

            The stated intent is that smaller entities which rarely handle customer/consumer data will not be required to do 'heavy lifting' to dispose of their documents. That's stated in the report, and even aluded to in the rules. Bigger companies will fight to minimize what 'reasonable measures' entail, and smaller companies will benefit from that, because they'll be expected to have to do less (by dint of the wording

            • The stated intent is that smaller entities which rarely handle customer/consumer data will not be required to do 'heavy lifting' to dispose of their documents.

              "Reasonable" depends on the context, and context can be changed by a clever plaintiff. For example, by demonstrating software that automatically reassembles the images of shredded documents.

              ...an agreement between my and my nanny wouldn't be [interstate commerce] because it doesn't touch anywhere non-local.

              It affects the interstate marke

              • It affects the interstate market for nannies, as well as the nanny's demand for interstate commerce, and thus constitutes interstate commerce.

                More importantly, the records collection agency that you got the info on your nanny from is likely interstate (if not in their customer base, then at the very least in their information base.) That could easilly provide grounds for putting any information collected under the jurisdiction of interstate commerce. So just shred your nannie's credit report. Now it'

  • classic commercial (Score:3, Funny)

    by Tablizer ( 95088 ) on Sunday June 05, 2005 @03:21AM (#12727770) Journal
    One of the funniest TV commercials I've ever seen was an Xmas commercial that started out with snow falling down onto a city street to the tune of "Let it Snow, Let it Snow". The camera pans up toward the top of a nearby building. Eventually we see that most of the "snow" is really from a bunch of accountants frantically shredding documents Arthur Anderson style with the windows open. Then the announcer says, "Whether you've been naughty or nice, enjoy a cup of [product] this holiday season".

  • Dangerous Law (Score:5, Funny)

    by Maljin Jolt ( 746064 ) on Sunday June 05, 2005 @03:21AM (#12727772) Journal
    I would rather suggest not to memorize other people's personal information, for obvious reason...

  • Are we catching up with every one else? (Score:1, Insightful)

    by Anonymous Coward
    Another step for personal privacy? Which country is this again?
  • The article says that the FTC can sue people for up to $2500 under this law, but is the FTC really the department enforcing this? I would assume that the only way stuff like this would get to the FTC is if someone came across their own information, in which case, wouldnt it make more sense for that person to sue the "company" in question under this law themselves?
    • There's at least one other way: if Joe Smith opens his bank statement and finds pages of Mike Jones' statement mixed in. Worse if they are from two different banks -outsourcing means your bank may have statements printed by an outside company who may also print for other banks.

      This page merge kind of thing can happen with high speed mail handling machines, either by machine error or by operator error. Stuff happens.

      At my workplace, we mail an awful lot of bank statements, forms, and other things full of
      • Interesting, although not really the topic here. This particular law deals with the disposal of said information, not with accidental distribution. Dont get me wrong, im not invalidating your point, im simply pointing out that its not the topic of issue.
  • $2500 doesn't seem to be a very harsh punishment for my personal data being compromised when the FCC can fine companies $11000 per do not call violation.

    • Re:2500 isn't much (Score:3, Interesting)

      by pcmanjon ( 735165 )
      " $2500 doesn't seem to be a very harsh punishment for my personal data being compromised when the FCC can fine companies $11000 per do not call violation."

      The government isn't concerned with fortune 500's disposal of information, but the mom and pop shops more than anything else. I was able to see the meeting on TV and thats what they said.

      They actually brought the donotcall bill up, and they said thats because fortune 500's make calls to homes more than mom and pops. -Shrugs-

  • I applaud this law. (Score:1, Interesting)

    by Anonymous Coward
    This law should be more severe.

    Companies should not be allowed to keep sensitive, personal info for more than a few days after a transaction. If one comes back to a company to modify the transaction (refund, exchange, etc.), the customer can resubmit the sensitive info then.

    Only federal government entities should ask for a social security number, and only state government entities should ask for driver's license numbers. All other entities (private, municipal, etc.) should generate their own identity co

  • Likely toothless (Score:4, Informative)

    by SleepyHappyDoc ( 813919 ) on Sunday June 05, 2005 @05:04AM (#12728002)
    We have similar laws here in Canada, but they are an utter joke. Under the BC Personal Information Protection Act, there are stiff penalties on paper, but the enforcement procedure requires a minimum of six months of attempting to affect things internally to the organization, before an investigator from the privacy commissioner's office will even speak to you. Even then, the investigator doesn't really investigate anything, they just phone the organization who's in violation and ask them nicely to not do that. If the organization doesn't comply, back to square one with the six months of internal pressure. I left a job recently over this very issue...after I was asked to lower the security on the network, exposing insane amounts of client data to the bare internet. If the Act ever gets any teeth, my ass would be on the line. But I guess I needen't have worried, as there's no possibility of enforcement.

  • Um... what about Enron type stuff? (Score:4, Interesting)

    by Capt'n Hector ( 650760 ) on Sunday June 05, 2005 @05:06AM (#12728012)
    So you are required to destroy documents unless you knowingly do so when there's about to be a federal investigation that will require those documents, in which case you can be sent to prison for destroying them? Sounds like a good reason not to use paper at all...
  • Unfortunately, companies can't be fined for breaching any aspect of the Data Protection Act [opsi.gov.uk], apart from when they don't pay the Information Commissioner their data controller register subscription fee!

    So in the UK, you can dispose of personal information by leaving it on the street and you can't be prosecuted. The fine should be much higher though, and personal and punitive damages should be applied, IMO.

  • Why the need for a new federal law? This is already adequetely handled by state tort laws. Looks like the federal government just wants to get its hands in the pie.

    Anyway, fortunately this law only applies to credit reports.

    • Why the need for a new federal law? This is already adequately handled by state tort laws. Looks like the federal government just wants to get its hands in the pie.

      Anyway, fortunately this law only applies to credit reports.

      Because if the federal law supersedes the state law, companies could avoid state lawsuits altogether.

      If this law really put a hurt on companies, they'd be screaming and it would quietly die in committee.

  • kinda like HIPAA. only more broad. (Score:1, Insightful)

    by Anonymous Coward
    medical records are already covered under hipaa. this sounds like similar legislation, maybe not to the same extent as hipaa, but with the same sort fo intentions. if they enforce it like they do hipaa, then the fine might stick. we already take extensive measures in place to comply with hipaa, but those measures aren't out of the reach of small businesses or those with paper records.
  • Any Idea on how this law applies to copyshops? FedExKinkos I know does not have shredders.
    • Various locations do, but not all of them. I can count three of their ship centers (former FedEx WSCs) I've worked at that, while not shredders, employ destruction services and accordingly maintain a bin. This law, if anything, might be more of an incentive to get it going in more locations.
  • This is the intellectual property, patent pending, procedure that I have come up with to properly dispose of documents (FBI, CIA, NSA spook proof as well):

    You need a bucket. The size of the bucket depends on the amount of paper documents to be destroyed. The bucket can be metal or plastic. Wax lined paper buckets will not work.

    You tear up the paper documents into little pieces and put them in the bucket one handful at a time, sprinkling soggy coffee grounds on top of each layer. You then take a can or two,

  • ...of a lot of things that I work on. I have to sign NDAs stating that I will do so, and that I have done so.

Slashdot Top Deals

"The one charm of marriage is that it makes a life of deception a neccessity." - Oscar Wilde

Close