The Federal Trade Commission is an independent agency of the United States government whose principal mission is the protection of consumers and competition by preventing anticompetitive, deceptive, and unfair business practices.
The ECFR guidelines recommend secure disposal for any medium upon which physical and electronic consumer information was stored and as mandated by the Fair and Accurate Credit Transactions Act of 2003>. The guidelines require that any business that handles consumer information must take ‘reasonable measures’ to protect against unauthorized access or use of the consumer information. This includes and is not limited to:
- Monitoring the shredding of electronic media and paper to ensure they cannot be read or reconstructed.
- Requiring that third party disposal companies be certified by arecognized trade association.
- Protect against the unauthorized and unintentional disposal ofconsumer information.
- Organizations under the FTC “Safeguards Rule” (16 CFR part314 ) must also incorporate the following measures:
- Designated employee to coordinate the informationsecurity program.
- Identify internal and external security risks.
- Train employees on proper data security measures.
- Detect, prevent, and respond to attacks and intrusions.
- Design and implement network safeguards
- Oversee service providers
The FTC guidelines do not recommend any specific form of data erasure but due to technological advances in data storage we recommend all erasure to be in compliance with NIST 800-88.
Complying with FTC regulations when managing and disposing of consumer data will limit your organization’s exposure to fines, data breaches and other regulatory issues. WipeDrive Enterprise is a proven software-based erasure tool that meets FTC requirements when disposing of consumer data.
For more information on data security and data erasure products, please contact WipeDrive at 801.224.8900.