Posted on April 09, 2009 in Business Law
The 2009 Florida Legislature is considering whether to require everyone in Florida to follow the NIST’s “Guidelines for Media Sanitization”. Well, not everyone. It would not apply to individuals. But, it would apply to all state agencies, all for profit corporations, all nonprofit corporations, all partnerships, all LLCs, all estates and trusts, and all other legal or commercial entities in Florida.
House Bill 1081 defines media as either “hard copy information” such as paper or “electronic information” such as bits and bytes on hard drives. The bill then defines sanitization as the process of removing data from media that that it may not be retrieved. The bill implies that data includes secret, private, personal and confidential information, names, addresses, SSNs, credit card numbers, bank account numbers, phone numbers, and photographs. It’s pretty broad.
The bill would require that all these entities use the techniques for purging and destroying the media that are set forth in the NIST document. By the way, the NIST is the U.S. Department of Commerce National Institute of Standards and Technology. You can download the Guidelines for Media Sanitization as a PDF. They are very well written, as is HB 1081, and they are quite interesting. However, the thought of what is involved in compliance is overwhelming. Just read it.
Sometimes I wish we in Florida had laws that came with a cost of compliance disclosure requirement, like those federal laws that say it will take 45 minutes to fill out such and such a tax return. That way, we would have advance warning. We do know that, if enacted, the law would take effect July 1, 2009. Watch out for this one.
The 2009 Florida Legislature is considering whether to require everyone in Florida to follow the NIST’s “Guidelines for Media Sanitization”.