LOGO
  • gallery image - Rainbow Over the School
  • gallery image -
  • gallery image - Marcus Whitman Middle School
  • gallery image - Art by John Fladd 1972
  • gallery image -

Quick Links

district home

Policies

print policy PRINT INFORMATION

Adoption Date: 9/1/2012
Regulations - Regulations


5671R DISPOSAL OF CONSUMER REPORT INFORMATION AND RECORDS

Pursuant to Board of Education Policy and the Federal Trade Commission's (FTC) "Disposal Rule" (16 Code of Federal Regulations Part 682) and in an effort to protect the privacy of consumer information, reduce the risk of fraud and identity theft, and guard against unauthorized access to or use of the information, the School District will take appropriate measures to properly dispose of sensitive information (i.e., personal identifiers) contained in or derived from consumer reports and records. Any employer who  uses or  possesses consumer information for  a  business purpose is subject to  the Disposal Rule. According to the FTC, the standard for proper disposal of information derived from a consumer report is flexible, and allows the District to determine what measures are reasonable based on the sensitivity of the information, the costs and benefits of different disposal methods, and changes in technology.

 

Definitions(in accordance with the FTC's Disposal Rule and the Fair Credit Reporting Act, 15 United

States Code Section 1681 et seq.)

 

1)      The term "person"  means any individual, partnership, corporation, trust, estate, cooperative, association, government or governmental subdivision or agency, or other entity.

 

2)      The term "consumer"means an individual.

 

3)      The term "consumer report" means any written, oral, or other communication of any information by a consumer reporting agency bearing on a consumer's credit worthiness, credit standing, credit capacity, character, general reputation, personal characteristics, or mode of living which is used or expected to be used or collected in whole or in part for the purpose of serving as a factor in establishing a consumer's eligibility for credit, employment, or insurance, among other purposes. Examples of consumer reports include credit reports, credit scores, reports businesses or individuals receive with information relating to employment background, check writing history, insurance claims, residential or tenant history,or medical history.

 

4)      The term "employment  purposes"  when used in connection with a consumer report means a report used for the purpose of evaluating a consumer for employment, promotion, reassignment or retention as an employee.

 

5)     The term "consumer  information"  means any record about an individual, whether in paper, electronic, or other form, that is a consumer report or is derived from a consumer report. Consumer information also means a compilation of such records. Consumer information does not include information that does not identify individuals, such as aggregate information or blind data.

 6)      The terms "dispose," "disposing," or "disposal" mean:

 

a.       The discarding or abandonment of consumer information, or

 

b.       The sale, donation, or transfer of any medium, including computer equipment,upon which consumer information is stored.

 

7)     The term 'personal  identifiers,"  per the FTC, goes beyond simply a person's name. The FTC believes that there are a variety of personal identifiers that would bring information  within the scope  of  the  Disposal  Rule, including,  but  not  limited  to, a social  security  number,  driver's license number, phone number, physical address, and email address. The FTC has not included a rigid definition within the Disposal Rule since, depending upon the circumstances, data elements that are not inherently identifying can, in combination, identify particular individuals.

 

8)     The term "document  destruction contractor" means a person, firm or corporation  that owns or operates a business, the principal purpose of which is to destroy records containing personal identifying  information  for  a fee,  and  for  whom  the total  cash  price  of  all  of  its  document destruction contracts exceeds five hundred dollars during any period of twelve (12) consecutive months.

 

Proper Disposal of Consumer Information/Reasonable Measures

 

The District will utilize disposal practices that are reasonable and appropriate to prevent the unauthorized  access to - or use of - information contained in or derived from consumer reports and records. What is considered "reasonable" will vary according to the particular entity's nature and size, the costs and benefits of available disposal methods, and the sensitivity of the information involved. The FTC's Disposal Rule does not mandate specific disposal measures.

 

Reasonable measures to protect against unauthorized access to or use of consumer information in connection with District disposal include the following examples. These examples are not exclusive or exhaustive methods for complying with the Disposal Rule.

 

1)      Burning, pulverizing, or shredding of papers containing consumer information so that the information cannot practicably be read or reconstructed.

 

2)      Destroying  or  erasing  electronic  media  containing  consumer  information   so  that  the information cannot practicably be read or reconstructed. Examples would include:

a.       Breaking or destroying computer disks;

 

b.      Overwriting or "wiping" electronic records prior to disposal;

 

c.       Prior to the sale, donation or transfer of any medium, including computer equipment, upon which consumer information is stored, disposing of such electronic media by overwriting or "wiping" the data prior to disposal or making certain that the hard drive is permanently deleted.

 

3)     After due diligence, entering into and monitoring compliance with a contract with another party engaged in the business of record destruction to dispose of material, specifically identified as consumer information, in a manner consistent with the Disposal Rule. In this context, due diligence could include:

 

a.       Reviewing an  independent audit of the disposal company's operations and/or its compliance with the Disposal Rule;

 

b.      Obtaining information about the disposal company from several references or other reliable sources;

 

c.       Requiring that the disposal company be certified by a recognized trade association or similar third party;

 

d.          Reviewing and evaluating the disposal company's information security policies or procedures;

 

e.         Taking other appropriate measures to determine the competency and integrity of the potential disposal company; or

 

f.        Requiring that the disposal company have a certificate of registration from the New York Department of State issued on or after October 1, 2008.

 

4)     Identifying consumer information when providing it to service providers or affiliates to ensure that the information will be disposed of properly in accordance with the Disposal Rule.