| Action | Regulations Governing the Destruction of Public Records Containing Social Security Numbers |
| Stage | Proposed |
| Comment Period | Ended on 11/2/2007 |
 |
SHREDDING: The federal government has approved the following filter screen hole sizes of 3/32, 1/8, or 4 mm as being secure.
DEFINITIONS: 1) Pulped, burned, records custodian, and magnetic erasing are not defined. 2) "Overwritten" is defined, however, I suggest defining "electronic erasing" or "file wiping". 3) "Shredding" contains two definitions - (a) the action, and (b) the type of machine to use. 4) "Electronic record" is defined but maybe just "Records" should be defined so as to include the paper records metioned in section 30.
OTHER:
SECTION 20: 1) Purpose, lists various methods of destruction but they are not defined in Section 10 and not offered as an option in Section 30. [purpose means: intent, intention, meaning, mission].
SECTION 30: 1) subsection A contains two different topics - (a) how to destroy paper records, and (b) responsibilities of the records custodian. I suggest separating them. 2) subsection A, second paragraph last sentence states "The agency contracting for the shredding retains responsibility..." Since there is no security, or guarantee, I would change it to read that an employee of the agency shall witness the destruction of materials if done off-site, or through a contractor. 3) subsection B suggests electronic records have a different retention life than paper records. I may be wrong, but most electronic and paper records should have the same retention life, being that one is the same as the other aside from the medium. 4) subdivision 1 of subsection B says files stored on a computer must be deleted and overwritten. However, subdivisions 2 and 3 say back-up tapes, floppy disks, or other magnetic storage devices only have to be overwritten. I may be wrong, but a 'file' can refer to a single document or part of the agencies file scheme (computer). 5) subdivision 5 of subsection B mentions privacy-protected information. Maybe the Title of Chapter 120 should include: ... SECURITY NUMBERS AND PRIVACY-PROTECTED INFORMATION. 6) subdivision 3 of subsection B says that data... on flopy disks, tapes and other... must be overwritten - B.3.a. says disks, tapes and other... must be shredded or exposed to a magnetic field. QUESTION: are they saying the data shall be overwritten and the medium it is on shall be shredded? or are there two different procedures - or something?
ALSO: change the word 'must' to 'shall' and consider spending more time on this chapter.