Data Destruction for Financial Institutions
Financial institutions (including all businesses that collect information from consumer credit reports) face stringent oversight when it comes to securing sensitive consumer data. From GLB Safeguards to FTC Disposal Rules, the standards that regulate data destruction for financial institutions require organizations to use great caution when retiring legacy equipment.
The best way to remain compliant is to partner with an expert hard drive destruction and IT asset recycling firm. If you’re uncertain of the answers to these questions, then it’s time to have a conversation with our experts on data destruction for financial institutions.
Which Businesses Are Considered Financial Institutions?
When it comes to data security regulations, the term “financial institutions” goes beyond the type of organizations we’d generally classify in that way. Of course, banks and investment firms come to mind – but, in this context, financial institutions include any organization who accesses or stores information from consumer credit reports. Here are some examples of businesses that must comply with GLB Safeguards & FTC Disposal Rules:
Auto Dealerships (who assist with financing)
Credit Reporting Agencies
Non bank Lenders
Personal Property or Real Estate Appraisers
Professional Tax Preparers
GLB Safeguards & FTC Disposal Rules
The Gramm-Leach-Bliley (GLB) Act establishes regulations for how financial institutions must handle confidential information. As a part of its implementation, the Federal Trade Commission (FTC) enacted actionable Safeguards and Disposal Rules. The FTC states:
Any person who maintains or otherwise possesses consumer information for a business purpose must properly dispose of such information by taking reasonable measures to protect against unauthorized access to or use of the information in connection with its disposal.
The GLB Safeguards and FTC Disposal Rules outline best practices relating to data destruction for financial institutions, including:
1.Designating a manager to supervise the disposal of records.
2. Conducting due diligence when hiring a third-party vendor, including requiring that the company be certified by a recognized industry organization.
3. Destroying or erasing data prior to disposing of equipment – including computers, hard drives, data storage devices, and other hardware.
Ultimately, a key element of your overall digital security strategy is your plan for what you do with information when it’s no longer needed. At E-Waste Security, we partner with financial institutions to ensure data is completely and securely destroyed – protecting our clients from the liability of data breaches.