Title of Regulation: 17VAC15-120. Regulations Governing the Destruction of Public Records Containing Social Security Numbers (adding 17VAC15-120-10, 17VAC15-120-20, 17VAC15-120-30).

Statutory Authority: §§ 42.1-8 and 42.1-82 of the Code of Virginia.

Effective Date: December 24, 2008.

Agency Contact: Conley Edwards, State Archivist, Library of Virginia, 800 East Broad Street, Richmond, VA 23219-8000, telephone (804) 692-3554, FAX (804) 692-3600, TTY (804) 692-3976, or email conley.edwards@lva.virginia.gov.

Summary:

The regulation addresses best methods for destruction of public records containing social security numbers so that the social security numbers in these records cannot be used for identity theft. The regulation provides that any public records, regardless of media, that contain social security numbers are to be destroyed at the end of their retention period in a manner that protects the confidentiality of the information. These records are to be destroyed, made electronically inaccessible, or erased so as to make social security numbers unreadable by any means.

Changes from the proposed regulation include adding definitions of "backup tapes," "custodian," and "pulped"; removing the phrases "other privacy protected information," and "privacy protected data," as outside of the regulation's scope; removing the requirement that data be overwritten multiples times; replacing the phrases referencing overwriting of backup tapes with requirement that data be totally obliterated; changing the requirement on crosscutting and shredding to apply only to shredding done within an agency or office; and adding that destruction should be witnessed by an agency representative if performed by a contractor.

Summary of Public Comments and Agency's Response: A summary of comments made by the public and the agency's response may be obtained from the promulgating agency or viewed at the office of the Registrar of Regulations.

CHAPTER 120
REGULATIONS GOVERNING THE DESTRUCTION OF PUBLIC RECORDS CONTAINING SOCIAL SECURITY NUMBERS

17VAC15-120-10. Definitions.

The following words and terms when used in this chapter shall have the following meanings unless the context clearly indicates otherwise:

[ "Backup tapes" means a copy of all or portions of software or data files on a system kept on storage media, such as tape or disk, or on a separate system so that the files can be restored if the original data is deleted or damaged and that are overwritten on a regular basis.

"Custodian" means the individual or organization having possession of and responsibility for the care and control of records. ]

"Electronic record" means records created [ or, ] stored [ or accessed ] by electronic means, including but not limited to computer files and optically scanned files on tapes, disks, CD-ROMs or internal memory.

"Overwritten" means replacing previously stored data on a drive or disk with a predetermined pattern of meaningless information that renders the data unrecoverable.

[ "Pulped" means a technique of macerating paper documents by soaking them in water and grinding them into pulp. ]

"Retention period" means the required time period and disposition action indicated in a Library of Virginia-approved records retention and disposition schedule.

"Shredding" means destroying paper records by mechanical cutting. Cross-cut shredders cut in two directions, 90 degrees from the other.

17VAC15-120-20. Purpose [ ; applicability ] .

[ Public The regulation establishes requirements that public ] records, regardless of media, that contain social security numbers must be shredded, pulped, [ burned incinerated ], made electronically inaccessible or erased so as to make the social security numbers unreadable or undecipherable by any means. These regulations apply only to those records whose retention periods have expired.

17VAC15-120-30. Procedures.

A. Paper records. Paper records shall be shredded [ , pulped or incinerated. If paper records are destroyed within an office or agency, records shall be shredded ] by a mechanical cross-cut shredder that reduces paper to [ strips a size ] no wider than 3/8 inches. The custodian of the records must prepare a certificate of destruction that lists what records have been destroyed, who destroyed the documents, and the date of destruction.

If the shredding is done off site, [ by another agency or department, or by a contractor, ] locked bins are required to protect the records prior to shredding. Contractors doing the shredding must be bonded. The agency contracting for the shredding retains responsibility for protecting the social security numbers on the records until destruction. [ A representative of the contracting agency shall witness the destruction. ]

B. Electronic records. Agencies must establish procedures and processes to destroy social security numbers in public records that have reached the end of their retention period in electronic format and stored on information or recordkeeping systems. [ Agencies may maintain or destroy the physical media. ]

1. Files stored on a computer must not only be deleted but also overwritten [ to prevent the information from being reconstructed. Software programs that overwrite the data with meaningless data multiple times to totally obliterate the original data must be utilized for overwriting using software that overwrites the files with meaningless data to totally obliterate the original data and to prevent the information from being reconstructed ].

2. Back-up tapes must be overwritten [ at the same time as all other copies are destroyed Tapes shall be held no longer than the conclusion of the retention period for the information contained in the tape to totally obliterate the original data ].

[ 3. Data containing social security numbers on floppy disks, tapes and other magnetic storage devices must be overwritten.

a. Disks, tapes and other magnetic media must be shredded in a shredder to insure that the information is totally destroyed or the materials must be exposed to a powerful magnetic field to disrupt the information.

b. If magnetic media are used, the data must be reviewed to insure that the social security numbers are not retrievable.

3. If an agency plans to maintain the floppy disks, tapes or other magnetic storage devices, other than hard drives, with data containing social security numbers, the media must be:

a. Overwritten using software that overwrites the files with meaningless data to totally obliterate the original data; or

b. Exposed to a powerful magnetic field to disrupt the information. If a magnetic field is used, the data must be reviewed to ensure that the social security numbers are not retrievable. ]

4. CD-ROMs must be [ incinerated or ] physically broken, into several pieces, to be rendered unusable.

5. When disposing of computers that contain social security numbers [ or other privacy-protected information ], hard drives must be overwritten and inspected to insure no [ privacy-protected data remains social security numbers remain ]. If data remains, the hard drive must be removed and disposed of separately by drilling to prevent it from being used again.