A shred of privacy

Caroline E Mayer (Washington Post)
6/12/2005 – FTC requires consumer info be destroyed

BY CHRISTOPHER BOYCE

Staff Writer

A rule that took effect June 1 will enforce privacy protection action that many companies and individuals have long been taking upon themselves.

Enacted by the Federal Trade Commission, the new rule requires businesses and individuals to destroy private consumer information. Much of the information in question would be obtained in determining whether to grant credit, hire employees or rent an apartment. The rule says this personal information must be burned, pulverized, shredded or destroyed in such a way that the information cannot be read or reconstructed. A $2,500 penalty could be issued by the FTC for each violation.

The rule was issued by Congressional order in attempt to crack down on identity theft. But banks have held similar policies for years and have been advancing security technology to match the pace of hacker technology.

Still, privacy advocates applauded the new rules.

“This requirement is long overdue and will hopefully make companies think twice about how valuable this information is” in all of their conduct, said Evan Hendricks, editor and publisher of Privacy Times newsletter.

At Synovus, policies mandate shredding of any document containing personal customer information with no foreseeable or immediate use, said Alison Dowe, Synovus’ vice president of corporate communications.

“If you go into a location and fill out a loan application, we would need to keep that document for some period of time,” Dowe said. “But if there is something that we do not need to keep, we shred it on site.”

The FTC rule does not set a time limit for when the data must be destroyed. Though its policy was in place before the rule, Dowe said most documents at Synovus are shredded within five years.

At Wachovia, there is a data destruction and recycling program, said David Oliver, spokesperson for the Charlotte, N.C.-based banking and financial services company. Wachovia holds a national contract with shredding companies for mass shredding and recycling jobs. But each Wachovia branch also has policies that some documents containing sensitive customer information must be shredded immediately or in bins that are designated for shredding later.

Oliver said employees also remind customers to be conscientious about shredding certain documents.

Among the documents consumers should keep track of are old checks, old bank statements, solicitations for unwanted credit cards, inactive credit cards and expired forms of identification.

“Customers in general should purchase a home shredder for anything that includes their home phone and account information,” Oliver said.

Consumers should also be mindful of collecting their mail daily and of small things like receipts. While most receipts include only partial account numbers, it is best to collect and shred them as well.

The new rule also applies to electronic files, which must be erased or destroyed, and covers credit report data, credit scores, employment histories, insurance claims, check-writing histories, residential or tenant history and medical information.

Like most financial institutions, Wachovia and Synovus have also taken steps to guard electronic information, especially as more information is converted from paper to digital form. Synovus uses badge-only access areas and multiple layers of security in its internal information network.

“We really take a multipronged approach that ensures both customers’ and team members’ data is as safe as we can possibly make it,” said Dowe. “We take multiple steps to make sure we limit information access to those people that need to know.”

Caroline E. Mayer of The Washington Post contributed to this report.

paper shredding services