A business may not discard a record containing personal information unless it:
(1) Shreds the customer's record before discarding the record;
(2) Erases the personal information contained in the customer's record before discarding the record;
(3) Modifies the customer's record to make the personal information unreadable before discarding the record; or
(4) Takes actions that it reasonably believes will ensure that no unauthorized person will have access to the personal information contained in the customer's record for the period between the record's disposal and the record's destruction.
Section: 10-15-1 10-15-2 10-15-3 10-15-4 10-15-5 10-15-6 10-15-7 NextLast modified: October 14, 2016