Student Registration     Stay Connected with ParentSquare

Whom to Contact and When      Access Your Student’s Gmail Account

5671: Disposal of Consumer Report Information and Records

2020                      5671

Non-Instructional/Business Operations

 

SUBJECT:    DISPOSAL OF CONSUMER REPORT INFORMATION AND RECORDS

In accordance with the Federal Trade Commission’s (FTC) “Disposal Rule,” and in an effort to protect the privacy of consumer information, reduce the risk of fraud and identity theft, and guard against unauthorized access to or use of the information, the District will take appropriate measures to properly dispose of sensitive information (i.e., personal identifiers) contained in or derived from consumer reports and records. The District may determine what measures are reasonable based on the sensitivity of the information, the costs and benefits of different disposal methods, and changes in technology.

 

The term “consumer report” includes information obtained from a consumer reporting company that is used—or expected to be used—in establishing a consumer’s eligibility for employment or insurance, among other purposes. The term “employment purposes” when used in connection with a consumer report means a report used for the purpose of evaluating a consumer for employment, promotion, reassignment, or retention as an employee.

 

The FTC Disposal Rule defines “consumer information” as “any record about an individual, whether in paper, electronic, or other form, that is a consumer report or is derived from a consumer report. Consumer information also means a compilation of these records. Consumer information does not include information that does not identify individuals, such as aggregate information or blind data.”

 

Information Covered by the Disposal Rule

 

There are a variety of personal identifiers beyond simply a person’s name that would bring information within the scope of the Disposal Rule, including, but not limited to, a social security number, driver’s license number, phone number, physical address, and email address. Depending upon the circumstances, data elements that are not inherently identifying can, in combination, identify particular individuals.

 

Proper Disposal

 

The District will utilize disposal practices that are reasonable and appropriate to prevent the unauthorized access to—or use of—information contained in or derived from consumer reports and records. Reasonable measures to protect against unauthorized access to or use of consumer information in connection with District disposal include the following examples.

 

  1. Burning, pulverizing, or shredding of papers containing consumer information so that the information cannot practicably be read or reconstructed;
  2. Destroying or erasing electronic media containing consumer information so that the information cannot practicably be read or reconstructed;
  3. After due diligence, entering into and monitoring compliance with a contract with another party engaged in the business of record destruction to dispose of material, specifically identified as consumer information, in a manner consistent with the Disposal Rule. In this context, due diligence could include:

    1. Reviewing an independent audit of the disposal company’s operations and/or its compliance with the Disposal Rule; 
    2. Obtaining information about the disposal company from several references or other reliable sources;
    3.  Requiring that the disposal company be certified by a recognized trade association or similar third party;
    4. Reviewing and evaluating the disposal company’s information security policies or procedures;
    5. Taking other appropriate measures to determine the competency and integrity of the potential disposal company; or 
    6. Requiring that the disposal company have a certificate of registration from the New York Department of State issued on or after October 1, 2008.

  4. For persons (as defined in accordance with the Fair Credit Reporting Act) or entities who maintain or otherwise possess consumer information through their provision of services directly to a person subject to the Disposal Rule, monitoring compliance with policies and procedures that protect against unauthorized or unintentional disposal of consumer information, and disposing of this information in accordance with examples a) and b) above.

 

Implementation of Practices and Procedures

 

The Board delegates to the Superintendent or designee the authority and responsibility to review current practices regarding the disposal of consumer information; and to implement such further reasonable and appropriate procedures, including staff training as necessary, to ensure compliance with the FTC’s Disposal Rule.

 

  • The Fair Credit Reporting Act, 15 USC § 1681 et seq.
  • The Fair and Accurate Credit Transactions Act of 2003, Public Law §§ 108-159
  • Federal Trade Commission Disposal of Consumer Report Information and Records, 16 CFR Part 682
  • General Business Law Article 39-G
  • 19 NYCRR § 199

 

Adopted:  8/24/11

Revised:  9/22/20

Pine Bush Central School District
State Route 302, Pine Bush, NY 12566
Phone: (845) 744-2031
Fax: (845) 744-6189
Amy Brockner
Interim Superintendent of Schools
This website is maintained by Public Information Specialist Linda Smith. It is the goal of the Pine Bush Central School District that this website is accessible to all users. View our accessibility statement. The district is not responsible for facts or opinions contained on any linked site. Some links and features on this site require the Adobe Acrobat Reader to view. Visit the Adobe website to download the free Acrobat Reader. This website was produced by Capital Region BOCES Engagement & Development Services, Albany, NY. Copyright © 2024. All rights reserved.