Hi In California we have what is referred to as the "shredding law" officially known as Destruction of Customer Records - California Civil Code sections 1798.80 and 1798.84. All businesses must shred, erase or otherwise modify the personal information in records under their control. The text of the law is listed here: http://www.leginfo.ca.gov/cgi-bin/displaycode?section=civ&group=01001-02 000&file=1798.80-1798.84 Having just attended the California ID Theft Summit "Locking Up the Evil Twin, in Sacramento, California, I realize that consumers and businesses in California are quite savvy, however, most of the nation and world might not be. We (as in California) also have the famous SB1386 Notification of Security Breach law which has gained worldwide recognition as a result of the ChoicePoint fiasco, the perpetrators of which have just been sentenced. It requires businesses to notify California residents of a breach, however, businesses are quickly realizing they better notify other state residents as well or tackle a substantial loss of business and other accompanying acts of bad faith We in the US are trying to alleviate identity theft and also to educate consumers. I suspect that there will be quite a number of bills introduced on the Federal and State laws that mimic California's SB1386. The main phrase to know and love is "Cross-Cut Shredder." Saundra Kae Rubel, CIPP Director, Privacy Knowledge Base http://www.privacyknowledgebase.com Jefferson Data Strategies, LLC 1401 K Street Washington, DC 20005 Phone: 650.281.9474 [log in to unmask] [log in to unmask] This message, and any documents attached to this message, contain information from the Privacy Council that may be confidential, privileged and/or exempt from disclosure under applicable law. The documents and information are intended only for the use of the individual(s) or entity(ies) to whom/which it is addressed. If the reader is not the addressee(s), or the employee or agent responsible for delivering the document to the addressee(s), please be advised that any disclosure, copying or distribution of the documents or use of the contents of the documents is strictly prohibited. If you have received this communication in error, please notify us by telephone (866-726-8624) immediately so that we can arrange for retrieval of the documents at no cost to you. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at : - http://www.jiscmail.ac.uk/help/commandref.htm Any queries about sending or receiving message please send to the list owner [log in to unmask] (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^