At Maxxum, all equipment is audited by serial number, assessed as to condition and marketability, and processed accordingly. Client reports for each batch include Audit (by serial number with detailed information), a serialized Certificate of Electronic Records Destruction (certifying data destruction), as well as a Certificate of Electronic Equipment Destruction by serial number for any true end-of-life equipment.
Red Flags Rule – Require that financial institutions develop and implement an Identity Theft Protection Program. The Program must include reasonable policies and procedures for detecting, preventing and mitigating identity theft.
New Red Flag Requirements for Financial Institutions and Creditors Will Help Fight Identity Theft
Provided by the Bureau of Consumer Protection Business Center
Complying with the Red Flags Rule: A Do-It-Yourself Prevention Program for Business and Organizations At Low Risk for Identity Theft
Provided by the Federal Trade Commission as a PDF file
HIPAA/HITECH - Administered by the Department of Health and Human Services. A Covered Entity is required to develop and implement policies and procedures appropriate to the entities business practices.
HIPPA Privacy Rule - establishes national standards to protect individuals’ medical records and other personal health information and applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically.
Provided by Department of Health and Human Services
HIPPA Recent Changes and the Impact on the Information Destruction Industry
Provided by NAID as a 6 page PDF file
Other Regulatory Initiatives
Payment Card Industry Data Security Standard (PCI DSS) - Overview of compliance and best practices. Provided as a 29 page PDF by Diana Kelley, a partner with SecurityCurve, an Amherst, N.H.-based consulting firm, and with Search CIO.com.
Gramm Leach Bliley (GLB) – The Financial Services Modernization Act requires financial institutions to develop a written information security plan that details their program to protect customer information. Provided by the Federal Trade Commission as a PDF file
White Papers & Documents of Interest
FACTA – Specifically notes that "reasonable measures" to protect data privacy most likely requires the establishment of policies and procedures governing the disposal of IT equipment housing data.
Provided by the Federal Trade Commission
State Data Protection Laws – Almost every state has at least one data privacy requirement, and most states have privacy laws that contain a data breach notification requirement. Consult your local sate web site for complete details.