NAID : News : Rhode Island Takes Steps Toward Statewide Shredding Law

RHODE ISLAND TAKES STEPS TOWARD STATEWIDE SHREDDING LAW

For the second straight year Rhode Island Attorney General Patrick C. Lynch and Rhode Island state legislators have proposed legislation that requires businesses and government agencies to destroy personal records and other information on customers rather than simply discard the documents in the trash.

According to Lynch, the need for the law is underscored in part by the recent 2.25 million dollar CVS-Caremark settlement—profiled in the previous edition of NAIDDirect—that resulted from alleged HIPAA violations. Regarding the CVS case and additional instances of dumpster diving in his own state, Lynch said, “These kinds of breaches point out how important it is for businesses to shred documents that may contain people’s private information. Identity thieves know where to look, and when businesses carelessly toss out personal records without shredding or taking other precautions … they’re practically holding an open house for Dumpster divers.”

The new law, if enacted, would require companies to take reasonable steps—shredding or erasing—to make sure sensitive information is indecipherable and would subject violators to civil fines ranging from $500 to $50,000.

The efforts of Attorney General Lynch exemplify the growing emphasis on the importance of secure information destruction at the state legislative level. While a national secure destruction requirement is a goal of NAID, it is important to recognize that secure information requirements currently exist in several states, and that list continues to grow.

Full Article