Alaska Data Disposal (AS § 45.48.500, et seq.)

Alaska Data Disposal

AS § 45.48.500, et seq.

 

Alaska Statutes

Title 45. Trade and Commerce

Chapter 48. Personal Information Protection Act

Article 4. Disposal of Records.

Sec. 45.48.500. Disposal of records.

Sec. 45.48.510. Measures to protect access.

Sec. 45.48.520. Due diligence.

Sec. 45.48.530. Policy and procedures.

Sec. 45.48.540. Exemptions.

Sec. 45.48.550. Civil penalty.

Sec. 45.48.560. Court action.

Sec. 45.48.590. Definitions.

 

Sec. 45.48.500.   Disposal of records.

(a) When disposing of records that contain personal information, a business and a governmental agency shall take all reasonable measures necessary to protect against unauthorized access to or use of the records.

(b) Notwithstanding (a) of this section, if a business or governmental agency has otherwise complied with the provisions of AS 45.48.500 — 45.48.590 in the selection of a third party engaged in the business of record destruction, the business or governmental agency is not liable for the disposal of records under AS 45.48.500 — 45.48.590 after the business or governmental agency has relinquished control of the records to the third party for the destruction of the records.

(c) A business or governmental agency is not liable for the disposal of records under AS 45.48.500 — 45.48.590 after the business or governmental agency has relinquished control of the records to the individual to whom the records pertain.

 

Sec. 45.48.510.   Measures to protect access.

The measures that may be taken to comply with AS 45.48.500 include

(1) implementing and monitoring compliance with policies and procedures that require the burning, pulverizing, or shredding of paper documents containing personal information so that the personal information cannot practicably be read or reconstructed;

(2) implementing and monitoring compliance with policies and procedures that require the destruction or erasure of electronic media and other nonpaper media containing personal information so that the personal information cannot practicably be read or reconstructed;

(3) after due diligence, entering into a written contract with a third party engaged in the business of record destruction to dispose of records containing personal information in a manner consistent with AS 45.48.500 — 45.48.590.

 

Sec. 45.48.520.   Due diligence.

In AS 45.48.510(3), due diligence ordinarily includes performing one or more of the following:

(1) reviewing an independent audit of the third party's operations and its compliance with AS 45.48.500 — 45.48.590;

(2) obtaining information about the third party from several references or other reliable sources and requiring that the third party be certified by a recognized trade association or similar organization with a reputation for high standards of quality review; or

 (3) reviewing and evaluating the third party's information security policies and procedures, or taking other appropriate measures to determine the competency and integrity of the third party.

 

Sec. 45.48.530.   Policy and procedures.

A business or governmental agency shall adopt written policies and procedures that relate to the adequate destruction and proper disposal of records containing personal information and that are consistent with AS 45.48.500 — 45.48.590.

 

Sec. 45.48.540.   Exemptions.

(a) A business or a governmental agency is not required to comply with AS 45.48.500 — 45.48.530 if federal law requires that the business or governmental agency act in a way that does not comply with AS 45.48.500 — 45.48.530.

(b) A business is not required to comply with AS 45.48.500 — 45.48.530 if

(1) the business is subject to and in compliance with the Gramm-Leach-Bliley Financial Modernization Act; or

(2) the manner of the disposal of the records of the business is subject to 15 U.S.C. 1681w (Fair Credit Reporting Act) and the business is complying with 15 U.S.C. 1681w.

 

Sec. 45.48.550.   Civil penalty.

(a) An individual, a business, or a governmental agency that knowingly violates AS 45.48.500 — 45.48.590 is liable to the state for a civil penalty not to exceed $3,000.

(b) In this section, “knowingly” has the meaning given in AS 11.81.900.

 

Sec. 45.48.560.   Court action.

An individual who is damaged by a violation of AS 45.48.500 — 45.48.590 may bring a civil action in court to enjoin further violations and to recover for the violation actual economic damages, court costs allowed by the rules of court, and full reasonable attorney fees.

 

Sec. 45.48.590.   Definitions.

In AS 45.48.500 — 45.48.590,

(1) “business” means a person who conducts business in the state or a person who conducts business and maintains or otherwise possesses personal information on state residents; in this paragraph,

(A) “conducts business” includes engaging in activities as a financial institution organized, chartered, or holding a license or authorization certificate under the laws of this state, another state, the United States, or another country;

(B) “possesses” includes possession for the purpose of destruction;

(2) “dispose” means

(A) the discarding or abandonment of records containing personal information;

(B) the sale, donation, discarding, or transfer of

(i) any medium, including computer equipment or computer media, that contains records of personal information;

(ii) nonpaper media, other than that identified under (i) of this subparagraph, on which records of personal information are stored; and

(iii) equipment for nonpaper storage of information;

(3) “governmental agency” means a state or local governmental agency, except for an agency of the judicial branch;

(4) “personal information” means

(A) an individual's passport number, driver's license number, state identification number, bank account number, credit card number, debit card number, other payment card number, financial account information, or information from a financial application; or

(B) a combination of an individual's

(i) name; and

(ii) medical information, insurance policy number, employment information, or employment history;

(5) “records” means material on which information that is written, drawn, spoken, visual, or electromagnetic is recorded or preserved, regardless of physical form or characteristics, but does not include publicly available information containing names, addresses, telephone numbers, or other information an individual has voluntarily consented to have publicly disseminated or listed.

 

For more information, see here:  http://www.akleg.gov/basis/statutes.asp#45.48.500

 

These materials were obtained directly from the State Legislative websites and are posted here for your review and reference only.  No Claim to Original State Government Works.  This may not be the most recent version.  The State may have more current information.  We make no guarantees or warranties about the accuracy or completeness of this information, or the information linked to.  Please check the linked sources directly.

These materials were obtained directly from the U.S. Federal Government public websites, U.S. State Government public websites, or the International Government public websites and are posted here for your review and reference only. No Claim to Original U.S. Government Works, Original U.S. State Government Works, or Original International Government Works. This information may not be the most recent version. The U.S. Government, U.S. States, or International Governments may have more current information. We make no guarantees or warranties about the accuracy or completeness of this information, or the information linked to. Please check the linked sources directly.