NYS Disposal of Personal Records Law
The New York State Disposal of Personal Records Law requires responsible disposal of records containing personal identifying information.
What is Personal Identifying Information?
New York State defines personal identifying information as a combination of personal information with one or more of the following data elements: Social Security number, driver’s license number, national identification number, financial information (bank account numbers, credit or debit card numbers), electronic serial number, mother’s maiden name.Personal identifying information includes instances where either the personal information or the data element is not encrypted or encrypted with an encryption key that is included in the same record.
How does the Disposal of Personal Records Law impact RIT?
The law requires RIT to dispose of records containing personal identifying information in a responsible matter. The law applies to records in both print and electronic media forms, and provides for substantial fines for each violation.
How can RIT comply with the Disposal of Personal Records Law?
Prior to disposal, all RIT departments must ensure that records containing personal identifying information are shredded, modified to make the personal identifying information unreadable, or otherwise destroyed. Sufficient encryption of the information meets the modification requirement.*
*Sufficient encryption means that both the identifying information and the data element are encrypted and that the encryption key is not included in the same record.
Check out our Disposal Recommendations for information on how to safely dispose of various media.
