GLBA Data Destruction Compliance

Complying with Gramm-Leach-Bliley (GLBA) data destruction requirements is an absolute necessity for all organizations possessing consumer information.  Federal Regulations Part 682.3 “Proper Disposal of Consumer Information” details standards and implementation procedures for compliance with the Fair Credit Reporting Act.  Disposal of consumer information will be addressed during routine audits.

E-Waste Security has years of experience in helping organizations comply with GLBA data disposal regulations.  We are Certified for onsite hard drive destruction.by the National Association of Information Destruction (NAID) and follow NIST 800-88 Guidelines for information destruction.

For persons subject to the Gramm-Leach-Bliley Act, 15 U.S.C. 6081 et seq., and the Federal Trade Commission’s Standards for Safeguarding Customer Information, 16 CFR part 314 (“Safeguards Rule”), incorporating the proper disposal of consumer information as required by this rule into the information security program required by the Safeguards Rule.

GLBA Safeguards Rule

The Safeguards Rule requires companies to develop a written informational security plan that describes their program to protect customer’s information.

Paragraph 314.3 – “Standards for safeguarding customer information” describes physical safeguards that are appropriate to your size and complexity.

Paragraph 314.4 “Elements” describes identifying reasonably foreseeable internal and external risk, including the entire customer information system.  Disposing of customer information will be addressed on any audit.

Federal Financial Institutions Examination Council

Regulatory agencies have not given clear guidance as to what is “reasonable” when it come to data disposal .  However, the FFIEC IT Examination Handbook noted.

“While no formal industry accepted security standards exists, these various standards provide benchmarks that both financial institutions and their regulators (FTC) can draw upon for the development of industry expectations and security practices.  Some standard-setting groups include…The National Institute of Standards and Technology (NIST ).