Answer:
The principle regulation covering this is the Interagency Guidelines Establishing Information Security Standards. These can be found, at least for OCC banks at Appendix B to 12 CFR 30. These rules stem from Part 501 of the Gramm- Leach-Bliley Act statutory requirements for information security. None of these rules specifically state anything about shredding documents. But they do require risk assessment and appropriate internal controls for information security, part of which would be assessing whether shredding is appropriate.
print
share