State data privacy laws can be complicated to navigate, but they boil down to two main concerns: breaches of security and the proper disposal of records. A Shred Ahead can help your business stay compliant when disposing of sensitive consumer information.
Although the federal government has extensive laws in place to help consumers avoid identity theft, individual states have also created their own laws to further protect consumer privacy and deter identity theft. A Shred Ahead serves much of the eastern and Midwest United States, and several states in our service area have individualized laws which encourage businesses who handle consumer data to shred discarded consumer information documents.
Please be aware that these summaries are not necessarily limited to the specific states mentioned and that all laws can be amended or changed. The following summaries are also not to the letter of the law.
Breaches of Security
Arkansas, Florida, Louisiana, Mississippi, Ohio, Oklahoma, South Carolina, Tennessee, Texas and Virginia each have laws in place which direct businesses that keep computerized individual consumer information to inform any residents of that state whose records may have been accessed if a breach of security has occurred wherein their personal data could have been accessed by an unauthorized person. The required timeliness of this notification and the consequences for violating this law varies by state.
Please note that North Carolina law specifies that breaches of security apply to both computerized and paper documents.
Proper Disposal of Records
Arkansas, Georgia, Kentucky, and Texas have also enacted laws requiring businesses to handle the disposal of records by one of several methods before discarding:
- Shredding the consumer’s record
- Erasing the personal information
- Modifying the record to make it unreadable
North Carolina is a special case in regards to the proper disposal of records, specifying that destruction must include burning, pulverizing, or shredding of paper documents. Electronic media must be destroyed or erased so that data cannot be read or reconstructed. Businesses must also have their procedures regarding the proper destruction and disposal of records as a part of the business’s official policy.