top of page

Safe Data Disposal Practices

When you no longer need customer data you must dispose of it in a secure manner. The rule would like to see customer data disposed of within 2 years but recognizes that it may be retained for longer if required by law or if there are legitimate business reasons to do so.

Rule Requirement

314.4 (c) (6)

Develop, implement, and maintain procedures for the secure disposal of customer information in any format no later than two years after the last date the information is used in connection with the provision of a product or service to the customer to which it relates, unless such information is necessary for business operations or for other legitimate business purposes, is otherwise required to be retained by law or regulation, or where targeted disposal is not reasonably feasible due to the manner in which the information is maintained; and periodically review your data retention policy to minimize the unnecessary retention of data;

Our Service

Mosaic Compliance Services provides Secure Data Disposal Practices documentation included in your WISP.

bottom of page