Document Destruction Policies for BanksBanker Resource
June 26, 2012 — 1,749 views
Banking documents contain a lot of information, including account numbers, names, birthdays, Social Security numbers and more. As a result, any business or individual who uses a consumer report is required to follow the guidelines set in the Disposal Rule, according to the Federal Trade Commission (FTC).
The federal rule was created to protect the privacy of consumer information and reduce the risk of identity theft and fraud. The Disposal Rule applies to individuals, small and large businesses and any organization that falls under the following categories: consumer reporting agencies, lenders, insurers, employers, landlords, government agencies and mortgage brokers. Also included are automobile dealers, attorneys or private investigators, debt collectors, individuals who obtain a credit report on prospective nannies, contractors or tenants and entities that maintain information included in consumer reports as a service provider.
The standard Disposal Rule for the proper destruction of documents is up to the organization in question as long as it is reasonably based on the sensitivity of the information, the cost versus benefits of disposal methods and technology developments. However, any organization found not taking the proper destruction precautions may face consequences determined by the FTC.
For banks and other financial institutions, the disposal methods are especially stringent. There are varying requirements based on the document and information in question, according to the bank document retention policy outlined by the Insight Center for Community Economic Development.
For example, corporate records such as accounts payable ledgers and schedules, contracts and bank deposit slips should be kept for seven years at least. However, the agency recommends keeping credit card and cash receipts for three years.
Bank document destruction policies came about under the Gramm-Leach-Bliley Act (GLBA). The legislation requires banks to protect consumers’ personal financial information. This not only includes the destruction of information such as Social Security numbers, account numbers and names, but also that consumers must be provided a privacy notice and option to prohibit the sharing of information to third parties.
The GLBA was amended on July 1, 2001 to include a new requirement - going forward - financial institutions would be responsible for creating a comprehensive information security program. This document would be available to all parties and include instructions on the institution's destruction of information policy.