According to the United States Supreme Court
The Privacy Rule-July 1, 2001 Gramm-Lleach-Bliely Act requires that financial institutions make financial privacy provisions by establishing appropriate standards subject to administrative, technical, and physical safeguard.
- To ensure the security and confidentiality of customer’s records.
- To protect against any anticipated threats or hazards to the security or integrity of such records.
- To protect against unauthorized access to or use of such records in substantial harm or inconvenience of any consumer.
Dun’s estimates that corporate espionage costs businesses $7 billion in losses annually. Most businesses have a log for visitors to sign in and out for security: the same kind of scrutiny needs to apple to the destruction of sensitive documents.
If you are recycling your out-dated records, are you sure that they get to their destination to be baled or is a thief stealing information out of you dumpster? When the container is dumped are you assured by the hauler that it really ends up in the truck? If not, it’s possible wind could take it 200 feet down the road for a passer-by to find. Who knows what he/she will do with this information? Do you have insurance to cover this? Even by accident you can find yourself in a lawsuit.
The Wisconsin Legislature, on February 1, 2000 enacted section 895.505 (Dumpster Diving) of the Wisconsin Statutes which could hold businesses and other civilly, criminally liable for not disposing of, or using “personal information” in Accordance with the new law.
The Michigan Legislature, Act 452 of 2004, enacted legislature 452.72a section 12a (Identity Theft Protection Act) of the Michigan Statutes states that a person or agency is considered to be in compliance with this section if the person or agency is subject to federal law concerning the disposal of records containing personal identifying information and the person or agency is in compliance with the federal law. Under this section a person who knowingly violates this section is guilty of a punishable fine for each violation. As used in this section, “destroy” means to destroy or arrange for the destruction of data by shredding, erasing, or otherwise modifying the data so it cannot be read, deciphered, or reconstructed through generally available means.