Americas

  • United States

Asia

Europe

Oceania

Popular Topics

Topics

About

Policies

Our Network

More

HomeBlogsOverly on SecurityFDIC Issues Guidance to Financial Institutions on Data Destruction
michaeloverly
by Michael Overly

FDIC Issues Guidance to Financial Institutions on Data Destruction

Opinion
Sep 28, 20101 min
Core Java

The issue of secure data destruction is gaining critical mass.  Of course, we have had the DoD 5220-22-M Standard for a long time now.  Then came the NIST Special Publication 800-88, Guidelines for Media Sanitization (http://csrc.nist.gov/publications/nistpubs/800-88/NISTSP800-88_rev1.pdf), which was firmly embraced in the healthcare context by the Department of Health and Human Services in its 2009 Guidance in connection with the new HITECH Act.  Other standards or recommended procedures followed.  The latest development is the guidance the FDIC has just issued to Financial Institutions for secure data destruction (http://www.fdic.gov/news/news/financial/2010/fil10056.pdf).  These various standards and guidances all make clear that organizations handling sensitive personally identifiable data must address secure destruction, both internally and in their vendor relationships.

michaeloverly
by Michael Overly

Michael R. Overly is a partner and intellectual property lawyer with Foley & Lardner LLP where he focuses on drafting and negotiating technology related agreements, software licenses, hardware acquisition, development, disaster recovery, outsourcing agreements, information security agreements, e-commerce agreements, and technology use policies. He counsels clients in the areas of technology acquisition, information security, electronic commerce, and on-line law.

Mr. Overly is a member of the Technology Transactions & Outsourcing and Privacy, Security & Information Management Practices. Mr. Overly is one of the few practicing lawyers who has satisfied the rigorous requirements necessary to obtain the Certified Information System Auditor (CISA), Certified Information Privacy Professional (CIPP), Certified Information Systems Security Professional (CISSP), Information Systems Security Management Professional (ISSMP), Certified Risk and Information System Controls (CRISC) and Certified Outsourcing Professional (COP) certifications.

The opinions expressed in this blog are those of Michael R. Overly and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.

More from this author

Most popular authors

Show me more

feature

Top cybersecurity M&A deals for 2023

By CSO Staff
Sep 22, 202324 mins
Mergers and AcquisitionsMergers and AcquisitionsMergers and Acquisitions
Image
brandpost

Unmasking ransomware threat clusters: Why it matters to defenders

Sep 21, 20233 mins
Cybercrime
Image
news analysis

China’s offensive cyber operations support “soft power” agenda in Africa

By Michael Hill
Sep 21, 20235 mins
Advanced Persistent ThreatsCyberattacksCritical Infrastructure
Image
podcast

CSO Executive Sessions Australia with Nicole Neil, Director of Information Security at Seer Medical

Sep 20, 202312 mins
CSO and CISO
Image
podcast

CSO Executive Sessions Australia with Siddiqua Shaheen, Head of Cyber Governance at Lander & Rogers

Sep 07, 202317 mins
CSO and CISO
Image
podcast

CSO Executive Sessions / ASEAN: IHH Healthcare's Francis Yeow on defining the CISO role

Sep 06, 202310 mins
CSO and CISO
Image
video

CSO Executive Sessions Australia with Nicole Neil, Director of Information Security at Seer Medical

Sep 20, 202312 mins
CSO and CISO
Image
video

What is zero trust security?

Sep 06, 20233 mins
AuthenticationZero TrustNetwork Security
Image
video

CSO Executive Sessions / ASEAN: IHH Healthcare's Francis Yeow on defining the CISO role

Sep 06, 202310 mins
CSO and CISO
Image