BIB retains records to comply with the limitation of liability action per the FCRA. The FCRA requires records to be retained at minimum, for five years. BIB retains records for a minimum of six years. Records are held in secured computer system databases and/or a secure location with limited access. After a minimum of six years, records are destroyed by way of BIB’s record destruction policy. In response to the Fair and Accurate Credit Transactions Act (FACT Act) and Gramm-Leach-Bliley Act, (GLB Act), BIB maintains a Record Destruction Policy requiring all consumer and client information be disposed of securely as to render information inaccessible, unreadable, and/or unrecoverable; the following methods are currently in place:
1) Pulverizing and/or shredding
2) Destroy or erase electronic files, and/or
3) After conducting due diligence, has retained the services of a document destruction company.
In addition, paper documents containing personally identifiable information (particularly name, date of birth, and SSN), retained at individual desks/workstations, are destroyed or made inaccessible no later than the end of each work day.
No more than the final four digits of a Social Security Number are communicated in any form. When use of full Social Security Number and other sensitive data elements are needed internally or externally, the data exposed is limited to only that which is needed for the specific business purpose which has been identified. All communications of Social Security Number or other sensitive data elements outside the BIB environment are done so in secure transport methods.