Unlike the Federal Government, where the NSA provides information destruction requirements for classified information, there are no specific guidelines for state governments. Although there are several organizations that have some requirements for the commercial world and all states comply with federal privacy laws such as HIPAA, each state is on its own when it comes to information destruction. It can be difficult to decide what level of destruction is best for your needs.
Recently the IRS has updated Publication 1075 Tax Information Security Guidelines for Federal, State and Local Agency’s. This is a detailed public policy for information handling and destruction. It outlines specifically how the IRS expects Federal Tax Information that they share with other agencies be handled and destroyed. It specifically states that paper must be destroyed down to a 1MM X 5MM spec with a shredder to using a 3/32 screen size if using a disintegrator. Both are a requirement of classified documents. For hard drives, they must be degaussed before being destroyed. It also includes requirements for CD/DVDs and even microfilm.
As we all know the IRS is a massive organization and has the most important personal information on each tax payer in this country. When you think about it, they share our information with several other Federal agencies and even state and local governments. Therefore with all that information being shared it’s of the utmost importance that it be handled properly then destroyed to where nothing can be compromised.
So to say the least, I am quite impressed with IRS Publication 1075. They clearly take seriously the information they collect and share with other government agencies based on the handling and destruction guidelines detailed in Publication 1075.
If you are a state and local government and need assistance destroying your sensitive data contact us directly to discuss your destruction needs.